prioritize upload traffic from one server to one client

Michele · March 25, 2019, 1:19pm

Hi,
I have an application on a local server on a network with 10Mbps download and 1Mbps upload, this network in connected through pptp to a remote network where there’s a client.
I’m trying to prioritize the upload traffic from the server to that client because I need that file copies between them is as fast as possible and not influenced by other server uploads.
Here’s the configuration of the router on server’s LAN:
local server’s ip: 192.168.1.2
remote client’s ip: 192.168.2.10
mangle:

0   ;;; server-to-client
     chain=forward action=mark-connection 
     new-connection-mark=server-to-client passthrough=yes protocol=tcp 
     src-address=192.168.1.2 dst-address=192.168.2.10 

 1   chain=forward action=mark-packet new-packet-mark=server-to-client 
     passthrough=no connection-mark=server-to-client 

 2   ;;; all
     chain=forward action=mark-connection new-connection-mark=ALL_conn 
     passthrough=yes 

 3   chain=forward action=mark-packet new-packet-mark=ALL passthrough=yes 
     connection-mark=ALL_conn

queue tree:

 0   name="all" parent=global packet-mark="" limit-at=0 queue=default priority=8 
     max-limit=8M burst-limit=0 burst-threshold=0 burst-time=0s 

 1   name="server-to-client" parent=all 
     packet-mark=server-to-client limit-at=0 queue=default priority=2 
     max-limit=5M burst-limit=0 burst-threshold=0 burst-time=0s 

 2   name="other " parent=all packet-mark=ALL limit-at=0 queue=default priority=4 
     max-limit=8M burst-limit=0 burst-threshold=0 burst-time=0s

but it isn’t working and I dont’ see traffic on "other " queue rule, what am I doing wrong? Thanks

Michele · March 26, 2019, 7:26am

maybe I should change chain from forward to prerouting in mangle rules?
also in some examples I see rules in simple queue menu, but the wiki says to use queue tree for prioritization, which one is right for me?

sebastia · March 26, 2019, 8:56am

Hey

Some remarks:

you should only mark connection if it’s not already marked (in most cases): to avoid repeating same action, so additional condition: " connection-mark=no-mark"
easiest: do connection marking in forward, and packet-marks in postrouting, for specific out-interface only, then there is no need for “passthrough=yes”
don’t packet-mark “all”, just match on “no-mark” on queue, see below
queue tree parent=
sub-queues matching specific pakcet-mark

Ex:

/queue tree
add max-limit=1M name=e1-out parent=ether1
add name=e1-s2c packet-mark=server-to-client parent=e1-out priority=2
add name=e1-all packet-mark=no-mark parent=e1-out priority=3

both simple & tree can be used for priotisation: by configuring hierarchy in queues and using the priority values

Michele · March 26, 2019, 10:38am

Hi, thanks for replying
I changed my configuration as you suggested, I’m not sure about out-interface, should I set the ppp interface? at the moment I didn’t set it so it should act on all the interfaces right?

0   ;;; server-to-client
     chain=forward action=mark-connection 
     new-connection-mark=server-to-client passthrough=no protocol=tc
     src-address=192.168.1.2 dst-address=192.168.2.10 

 1   chain=postrouting action=mark-packet new-packet-mark=server-to-client 
     passthrough=no connection-mark=server-to-client 
	 
	 
	 
0   name="all" parent=global packet-mark="" limit-at=0 queue=default priority=8 
     max-limit=8M burst-limit=0 burst-threshold=0 burst-time=0s 

 1   name="server-to-client" parent=all packet-mark=server-to-client 
     limit-at=0 queue=default priority=2 max-limit=5M burst-limit=0 
     burst-threshold=0 burst-time=0s 

 2   name="other " parent=all packet-mark=no-mark limit-at=0 queue=default 
     priority=4 max-limit=8M burst-limit=0 burst-threshold=0 burst-time=0s

but it doesn’t work: if I try copying a file when server is idle it takes about 7s, if I try copying the same file when server is uploading to other destinations it takes up to 30s

p.s. nice avatar

sebastia · March 26, 2019, 12:21pm

You can’t have a queue tree without a parent, interface doesn’t allow it. Further if parent is not linked to the proper / target interface, limiting / shaping will not work on that interface.

I don’t use ppp myself, but I’ve understood that you can make it static.
To verify that connection are correctly classified, have a look at the connection list and there the connection mark column.

List your full config: /export hide-sensitive compact

(and yes, i’m fan of that maker)

Michele · March 26, 2019, 1:38pm

I set parent=global to prioritize traffic on all the interfaces, is it right?
what do you mean with make it ppp static?
the only connection I see src. server and dst. client is marked ALTRO_conn
here is the full configuration:

# mar/26/2019 14:27:49 by RouterOS 6.12
# software id = 2EJD-6FHT
#
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=BIELLA
/ip hotspot user profile
set [ find default=yes ] idle-timeout=none keepalive-timeout=2m \
    mac-cookie-timeout=3d
/ip ipsec proposal
set [ find default=yes ] enc-algorithms=3des
/ip pool
add name=dhcp_pool1 ranges=192.168.10.141-192.168.10.170
add name=Remote_pool ranges=10.0.0.2-10.0.0.254
/ip dhcp-server
add address-pool=dhcp_pool1 interface=ether1 name=dhcp1
/ppp profile
add change-tcp-mss=yes local-address=10.0.0.1 name=Remote remote-address=\
    Remote_pool use-encryption=yes
/interface pptp-client
add add-default-route=no allow=mschap1,mschap2 connect-to=xxx.xxx.xxx.xxx \
    dial-on-demand=no disabled=no keepalive-timeout=60 max-mru=1450 max-mtu=\
    1450 mrru=1600 name=ppp-dc profile=default-encryption user=ppp-dc
/queue simple
add max-limit=256k/256k name=WINBOX packet-marks=WINBOX,WINBOXin priority=2/2 \
    total-priority=2
add max-limit=512k/512k name=VOIP packet-marks=UDP5060 priority=1/1 \
    total-priority=1
add max-limit=5M/5M name=RDP packet-marks=RDP priority=3/3 target="" \
    total-priority=3
add max-limit=12M/12M name=ALTRO packet-marks=ALTRO priority=4/4 target="" \
    total-priority=4
add max-limit=12M/12M name=WWW packet-marks=WWW priority=5/5 target="" \
    total-priority=5
add max-limit=12M/12M name=POSTA packet-marks=POSTA priority=6/6 target="" \
    total-priority=6
/queue tree
add max-limit=8M name=all parent=global queue=default
add max-limit=5M name="server-to-client" packet-mark=\
    "server-to-client" parent=all priority=2 queue=default
add max-limit=8M name="other " packet-mark=no-mark parent=all \
    priority=4 queue=default
/snmp community
set [ find default=yes ] addresses=172.23.23.0/24 name=ciccio
/system logging action
set 0 memory-lines=100
set 1 disk-lines-per-file=100
set 3 remote=192.168.2.15 src-address=192.168.2.1
/interface pptp-server server
set enabled=yes max-mru=1420 max-mtu=1420
/ip address
add address=192.168.1.2/24 interface=ether3 network=192.168.1.0
add address=192.168.2.1/24 interface=ether2 network=192.168.2.0
add address=192.168.88.55/24 disabled=yes interface=ether2 network=\
    192.168.88.0
/ip dhcp-server network
add address=192.168.10.0/24 dns-server=8.8.8.8,8.8.4.4 gateway=192.168.10.1
/ip dns
set max-udp-packet-size=512
/ip firewall filter
add chain=input dst-port=1723 protocol=tcp
/ip firewall mangle
add action=mark-connection chain=forward comment=TUTTO new-connection-mark=\
    ALL_conn
add action=mark-packet chain=forward connection-mark=ALL_conn \
    new-packet-mark=ALL
add action=mark-connection chain=forward comment="server-to-client" \
    dst-address=192.168.34.94 new-connection-mark="server-to-client" \
    passthrough=no protocol=tcp src-address=192.168.2.15
add action=mark-packet chain=postrouting connection-mark=\
    "server-to-client" new-packet-mark="server-to-client" \
    passthrough=no
add action=mark-connection chain=forward comment="UDP 5060" dst-port=5060 \
    new-connection-mark=UDP5060_conn protocol=udp
add action=mark-connection chain=forward new-connection-mark=UDP5060_conn \
    protocol=udp src-port=5060
add action=mark-connection chain=forward connection-type=sip \
    new-connection-mark=UDP5060_conn
add action=mark-packet chain=forward connection-mark=UDP5060_conn \
    new-packet-mark=UDP5060 passthrough=no
add action=mark-connection chain=input comment=WINBOX dst-port=8291 \
    new-connection-mark=WINBOXin_conn protocol=tcp
add action=mark-packet chain=input connection-mark=WINBOXin_conn \
    new-packet-mark=WINBOXin passthrough=no
add action=mark-connection chain=forward dst-port=8291 new-connection-mark=\
    WINBOX_conn protocol=tcp
add action=mark-packet chain=forward connection-mark=WINBOX_conn \
    new-packet-mark=WINBOX passthrough=no
add action=mark-connection chain=forward comment=RDP dst-port=3389 \
    new-connection-mark=RDP_conn protocol=tcp
add action=mark-connection chain=forward new-connection-mark=RDP_conn \
    protocol=tcp src-port=3389
add action=mark-packet chain=forward connection-mark=RDP_conn \
    new-packet-mark=RDP passthrough=no
add action=mark-connection chain=forward comment="WWW DESTINATION" dst-port=\
    80,443 new-connection-mark=WWW_conn protocol=tcp
add action=mark-connection chain=forward comment="WWW SOURCE" \
    new-connection-mark=WWW_conn protocol=tcp src-port=80,443
add action=mark-packet chain=forward connection-mark=WWW_conn \
    new-packet-mark=WWW passthrough=no
add action=mark-connection chain=forward comment=POSTA dst-port=\
    25,110,465,995 new-connection-mark=POSTA_conn protocol=tcp
add action=mark-connection chain=forward new-connection-mark=POSTA_conn \
    protocol=tcp src-port=25,110,465,995
add action=mark-packet chain=forward connection-mark=POSTA_conn \
    new-packet-mark=POSTA passthrough=no
add action=mark-connection chain=forward comment=ALTRO new-connection-mark=\
    ALTRO_conn
add action=mark-packet chain=forward new-packet-mark=ALTRO passthrough=no
/ip firewall nat
add action=masquerade chain=srcnat src-address=192.168.2.0/24
add action=dst-nat chain=dstnat dst-address=192.168.1.2 dst-port=443 \
    in-interface=ether3 protocol=tcp to-addresses=192.168.2.15 to-ports=443
add action=dst-nat chain=dstnat dst-address=192.168.1.2 dst-port=80 \
    in-interface=ether3 protocol=tcp to-addresses=192.168.2.15 to-ports=80
/ip proxy
set max-cache-size=none parent-proxy=0.0.0.0
/ip route
add distance=1 gateway=192.168.1.1
add distance=1 dst-address=172.23.23.0/24 gateway=10.20.0.1
add distance=1 dst-address=192.168.34.0/24 gateway=10.20.10.2
/ip service
set api disabled=yes
/ip upnp
set allow-disable-external-interface=no
/ppp secret
add local-address=10.20.10.1 name=site1-site2 profile=default-encryption \
    remote-address=10.20.10.2 service=pptp
/system clock
set time-zone-name=Europe/Rome
/system identity
set name=mikrotik
/system logging
set 3 action=remote
add action=remote topics=info
add action=remote topics=error
add action=remote topics=warning
/system ntp client
set enabled=yes mode=unicast primary-ntp=193.204.114.232
/system scheduler
add interval=1d name="SYSTEM BACKUP" on-event=BACKUP policy=\
    ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive,api \
    start-date=feb/01/2011 start-time=00:01:01
/system script
add name=BACKUP policy=\
    ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive,api \
    source="/system backup save name=([/system identity get name])"
/tool mac-server
add

Michele · March 27, 2019, 7:47am

but if I don’t set “passthrough=yes” in the mark-connection rule, packets are marked twice

sebastia · March 28, 2019, 9:47pm

Packets should be marked only if needed, and you need it when they are sent over tunnel.
Hence, if you connection-mark in forward and packet mark in postrouting and only when output interface is pptp, there won’t be double marking.