Please help me with Double QoS on lite hAP RouterOS v6.33.1

harn2412 · November 23, 2015, 2:15pm

Hello every one, Thank you very much if you have any idea with this problem .

I have a network and want to QoS with the options:

1/ Every client will have 3Mbps max download bandwidth (I don’t care about upload bandwidth).
2/ And the traffic of some services (I am testing with ICMP) will have the higher priority than others.

I have research and see the guide of Giordano at link http://mum.mikrotik.com/presentations/IT14/giordano.pdf

I made a test with the lab like that:

Internet <----> Another Router <----> Mikrotik Router <-----> PC client to test.

I had setup DHCP Client on WAN interface and Src NAT to go Internet.

I have simple the Firewall Mangle rule to mark the packet of ICMP and the others.

 
 0    chain=forward action=mark-connection new-connection-mark=icmp-con passthrough=yes protocol=icmp dst-address=192.168.88.0/24 log=no log-prefix="" 

 1    chain=forward action=mark-packet new-packet-mark=icmp-pkt passthrough=no connection-mark=icmp-con log=no log-prefix="" 

 2    chain=forward action=mark-connection new-connection-mark=other-con passthrough=yes dst-address=192.168.88.0/24 connection-mark=no-mark log=no log-prefix="" 

 3    chain=forward action=mark-packet new-packet-mark=other-pkt passthrough=no connection-mark=other-con log=no log-prefix=""

After that I made the Queue tree to set priority for the traffic.

 0   name="total-bandwidth" parent=global packet-mark="" limit-at=0 queue=default priority=8 max-limit=8M burst-limit=0 burst-threshold=0 burst-time=0s 

 1   name="icmp" parent=total-bandwidth packet-mark=icmp-pkt limit-at=0 queue=default priority=1 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s 

 2   name="other" parent=total-bandwidth packet-mark=other-pkt limit-at=0 queue=default priority=8 max-limit=0 burst-limit=0

Then I made a test: ping 8.8.8.8 -t and download at full speed. The result is very good, ping alway 1-2ms even while the queue is full.
good.png
The problem is happen when I add 1 more simple queue to limit the bandwidth for every client.

 0    name="client" target=192.168.88.0/24 parent=none packet-marks="" priority=8/8 queue=default-small/default-small limit-at=0/0 max-limit=0/3M burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s

The ping’s time increase very much (23-27ms) and some time drop.
bad.png
I have tried change some option to made ping’s time decrease but nothing help. I don’t know I miss some config or do some thing wrong.

If anyone have idea to please tell me, thank you so much. This is very important to me.

pukkita · November 23, 2015, 4:11pm

(I don’t care about upload bandwidth).

Essential Flaw… Upload bandwidth in fact is the only one you really control.

Also, in order to receive something, you have previously to ask for it, and that’s… upload.

For QoS to be effective, you have to include ALL traffic, and always plan for the worst scenario.

That being said, a Hap lite is not a device conceived for that…

harn2412 · November 24, 2015, 9:38am

Thank for your idea.

I have tested again with a QoS for up and down traffic but it’s no help.

I have research and see the problem is because the Tx Traffic send from router to client (I think your mind maybe is this).

The priority is use only on the router but the client don’t care about that. So when the bandwidth of client is limit, the client will choice what packet it get or not (default it is FIFO).

I wonder it right or not? Could you help me, please.

And If that is the true I think my job is impossible to setup

pukkita · November 24, 2015, 10:50am

You’re right. A former Trainer of mine used a very illustrative example I still recall: a device doing QoS can be seen as a doorman at a club: he can control how people exits the club (exit rate), but apart from preventing people from entering the club, he cannot prevent busses or taxis bringing more people to the club entrance; he cannot avoid a crowd gathering at the door trying to enter unless he could coordinate with busses, taxis, etc.

So for true QoS, it has to be end to end, that is on router AND client, as what you really control is the upload.

You can indirectly address this if you don’t want to program all clients by using PCQ on the router Queue Tree, so that bandwidth and priority is shared fairly amongst all clients.

Are you aware that simple queue is limiting all clients from 192.168.88.0/24? You should have a simple queue per each client if you want to limit on a per client basis; depending on your setup, you can have your router to dynamically add the for each client.

harn2412 · November 25, 2015, 6:14am

Thank you so much.

I have modified the firewall mangle rule to mark the ICMP traffic and Other traffic like this:

 2    ;;; ICMP
      chain=forward action=mark-connection new-connection-mark=icmp-con passthrough=yes protocol=icmp log=no log-prefix="" 

 3    chain=forward action=mark-packet new-packet-mark=icmp-pkt passthrough=no connection-mark=icmp-con log=no log-prefix="" 

 4    ;;; OTHER
      chain=forward action=mark-connection new-connection-mark=other-con passthrough=yes connection-mark=no-mark log=no log-prefix="" 

 5    chain=forward action=mark-packet new-packet-mark=other-pkt passthrough=no connection-mark=other-con log=no log-prefix=""

And use the Simple Queue and PCQ to setup the QoS like this:

0    name="Client" target=192.168.88.0/24 parent=none packet-marks="" priority=8/8 queue=default/default limit-at=0/0 max-limit=10M/10M burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s 

1    name="icmp" target=192.168.88.0/24 parent=Client packet-marks=icmp-pkt priority=1/1 queue=pcq-upload-default/pcq-download-default limit-at=0/0 max-limit=10M/10M burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s 

2    name="other" target=192.168.88.0/24 parent=Client packet-marks=other-pkt priority=8/8 queue=pcq-upload-default/pcq-download-default limit-at=0/0 max-limit=10M/10M burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s

It is worked perfectly, the reply time of ICMP packet alway slow and the other traffic can share between the clients. Thank again for your idea.

But if you have time, I need ask one more question about how to auto create a simple queue? Could you show me the way to auto create and delete a group of Simple Queue when a client log-in and log-out via hotspot?

That is because when I combine “the Queue Tree for Main Traffic of Router” and “Simple Queue for Traffic of single client” (with target is 192.168.88.10; 192.168.88.11,…) setup piority on both of them (need 3 Queue Tree and 3 Simple Queue for a client). I can do what I want in the 1st post.

But the problem is setup Simple Queue for all client is take a long time, and I will have too many Simple Queue (as I know, this will made the router work too much).

So I need a solution to auto create and delete an group of simple queue, that will help me a lot.

If you or another one have an idea for that, please, give me a hint. Thank you so much.

pukkita · November 25, 2015, 2:15pm

But if you have time, I need ask one more question about how to auto create a simple queue? Could you show me the way to auto create and delete a group of Simple Queue when a client log-in and log-out via hotspot?

Just set limits either on the user secret (user-specific) or user profile (it will affect all users using that profile)

Note that if you want traffic to be prioritized when using queue tree, you should set a limit-at for all child queues.

harn2412 · November 27, 2015, 1:38pm

Thank you for remind me about setup limit-at , because ICMP traffic is never go too high so I have forgot about setup limit-at for other traffic. But in the real, I’ll work with IGMP and some thing else, that maybe use all the bandwidth if don’t setup limit-at for child queues.

I have tried with the profile in hotspot but it only made one simple queue not a group. And I have seen in profile hostpot have run script when login and logout so I think I can use them to auto made and remove simple queues - but that’s an other story ( coding’s my worse )

Now I will setup my network with a simple queue and PCQ queue - what is working perfectly and easy to setup

Thank you pukkita because of your help, hopeful see you again.

pukkita · November 27, 2015, 1:56pm

I have tried with the profile in hotspot but it only made one simple queue not a group.

Not on the hotspot profile, but the users profile. That will automatically create a simple-queue for each user.

Glad it helped!