Priority with DSCP or Address List not working

RouterOS General
1

Hello All.

We have a network with 40 RB750 mounted on the ends and a central router RB450G.

The links are given by a DSL network bridge. Each remote link is 256 kbps symmetrical and the central node are working with 4 mbps, which plan to expand to 10 mbps in the future.

The ether1 is the Wan on each router and y have a bridge on ether2-3-4-5 with the local IP assigned to the bridg, to use it as a switch.

We trafficking voice packets marked with dscp=46 and from a list of known IPs.

In Mikrotik routers, I have marked these packets by DSCP at first and before by his ip of origin (if it is in an Address List) and then assign a priority queue two.

For packages that are unmarked, assigned a priority queue six, so they were a lower priority to voice packets.

The mangle and queues counted packets well you use on each one, but the result in the audio is bad when I have data traffic, making it as if it were not prioritize anything.

I enclose the script I’m using to prioritize by IP list to tell me if there is any problem or detail point where I’m wrong.

To be able to speak, I assigned max-limit = 64k to data queues, but of course the customer complains of slow network. If I leave more bandwidth, the voice can be heard.

It should be noted that the maximum bandwidth needed by the voice is 25 kbps (constant in both directions).

Something that I could check is to change the type of queue, I’m using ethernet-default in all, what would be the most appropriate type for this case that I have 256 kbps on each end?

From already thank you for your support, since it is a project in which we put a lot of confidence in Mikrotik routers, but the customer is very eager to resolve these problems.

I await your comments.


#marking packets from specific IP's

ip firewall mangle add chain=forward src-address-list=voz action=mark-packet new-packet-mark=VOIP passthrough=no comment="VOIP" disabled=no

#Assign priority 2 to marked packets.

queue tree add name="ether1_voip" parent=ether1 packet-mark=VOIP limit-at=0 queue=default priority=2 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
queue tree add name="ether2_voip" parent=ether2 packet-mark=VOIP limit-at=0 queue=default priority=2 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
queue tree add name="ether3_voip" parent=ether3 packet-mark=VOIP limit-at=0 queue=default priority=2 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
queue tree add name="ether4_voip" parent=ether4 packet-mark=VOIP limit-at=0 queue=default priority=2 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
queue tree add name="ether5_voip" parent=ether5 packet-mark=VOIP limit-at=0 queue=default priority=2 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s disabled=no

#Assign priority 6 to non marked packets and limit to 64 kbps (i want to not limit traffic).

queue tree add name="ether1_datos" parent=ether1 packet-mark=no-mark limit-at=0 queue=default priority=6 max-limit=64k burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
queue tree add name="ether2_datos" parent=ether2 packet-mark=no-mark limit-at=0 queue=default priority=6 max-limit=64k burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
queue tree add name="ether3_datos" parent=ether3 packet-mark=no-mark limit-at=0 queue=default priority=6 max-limit=64k burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
queue tree add name="ether4_datos" parent=ether4 packet-mark=no-mark limit-at=0 queue=default priority=6 max-limit=64k burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
queue tree add name="ether5_datos" parent=ether5 packet-mark=no-mark limit-at=0 queue=default priority=6 max-limit=64k burst-limit=0 burst-threshold=0 burst-time=0s disabled=no

#---------------------------------------------------------------------------

To assign QoS by DSCP, I use the same queues but have changed the packet mark criteria to this (dscp=46):

ip firewall mangle add chain=forward dscp=46 action=mark-packet new-packet-mark=VOIP passthrough=no comment="VOIP" disabled=no

I have the same result....

Suggestions are VERY apreciated.

2

it is easy job :slight_smile: you need to mark packets in and out (2x mangle) and then create two trees in both directions.
it is beter to use build in switch then bridge on ports 2-5(to do this just select master port to eth2 on interfaces from 3 to 5).


example of marking packets

add action=mark-packet chain=prerouting comment=icmp disabled=no \
    in-interface=WAN2 new-packet-mark=icmp_in passthrough=no protocol=icmp
add action=mark-packet chain=postrouting comment="" disabled=no \
    new-packet-mark=icmp_out out-interface=WAN2 passthrough=no protocol=icmp

where WAN2 is your eth1

and a tree

add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=750k name=upload parent=global-out priority=4

u can use global-out or interface eth1
max-limit is your upload speed(you need this very much)

and then:

add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=icmp_up packet-mark=icmp_out parent=upload \
    priority=1 queue=wireless-default

add name="ether1_datos" parent=upload packet-mark=no-mark limit-at=0 \
    queue=default priority=6 burst-time=0s disabled=no

this is for yours marked upload packages
and only here priority realy works (in sub tree)

and then the download :

add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=8M name=download parent=global-in priority=4

add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=www_down_0 packet-mark=www_in parent=download \
    priority=1 queue=wireless-default
add name="ether1_datos" parent=download packet-mark=no-mark limit-at=0 \
    queue=default priority=6 burst-time=0s disabled=no

u can send me some money for this:D:D

3

Thanks for the reply, but still having problems.

My new queue tree:

queue tree add name=Download parent=global-in max-limit=256k priority=4
queue tree add name=Voice_In parent=Download priority=1 packet-mark=VOIP queue=wireless-default
queue tree add name=Data_In parent=Download priority=6 packet-mark=no-mark queue=default

queue tree add name=Upload parent=global-out max-limit=256k priority=4
queue tree add name=Vice_Out parent=Upload priority=1 packet-mark=VOIP queue=wireless-default
queue tree add name=Data_Out parent=Upload priority=6 packet-mark=no-mark queue=default

Some suggestions?

At least there is a beer involved :wink:

4

from the manual:

Child queue with higher priority will have chance to reach its limit-at before child with lower priority and after that child queue with higher priority will have chance to reach its max-limit before child with lower priority.

you have zero limit-at and max-limit on some of your queues, so I don’t know whether priority is taken into account in your case

5

Finally, the best results was with the simpliest configuration. In all routers the commands for DSCP priorization was:

ip firewall mangle add chain=prerouting  dscp=46 action=mark-packet new-packet-mark=VOIP passthrough=yes  comment="VOIP" disabled=no 

queue tree add name=Vice parent=global-total priority=2 packet-mark=VOIP queue=default
queue tree add name=Data parent=global-total priority=8 packet-mark=no-mark queue=default

The key, global-total queues.

Thanks for all your help.

6

We still have with problems with this instalation.

The result with global-total was temporal (I suspects the client have not traffic for a long time, and the audio quality was good for this reason).

We have around 2 months wit this problem and the client is really angry.

We decide use Mikrotik in this solution for the advances QoS system, but in practice is inoperant, we have proves with QoS enabled and disables, the results are so similar than we have not significant difference.

We are checking the audio quality with a software tool from the telephony system manufacturer, is not only the poor audio quality, we have imparcial proves tath confirm the problems.

Now we are using this commands for QoS (recomended by our reseller) but have exactly the same problems (like tath QoS is not applied)

ip firewall mangle add action=mark-connection chain=prerouting comment=VOIP disabled=no dscp=46  new-connection-mark=Voz passthrough=yes
ip firewall mangle add action=mark-packet chain=prerouting comment="" connection-mark=Voz disabled=no new-packet-mark=VOIP passthrough=no
ip firewall mangle add action=mark-connection chain=prerouting comment=DATOS disabled=no dscp= !46 new-connection-mark=Datos passthrough=yes
ip firewall mangle add action=mark-packet chain=prerouting comment="" connection-mark=Datos disabled=no dscp=!46 new-packet-mark=DATOS passthrough=no

/queue tree
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=Global-in parent=global-in priority=1
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=Datos packet-mark=DATOS parent=Global-in priority=8 queue=synchronous-default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0  max-limit=0 name=VozIP packet-mark=VOIP parent=Global-in priority=2  queue=synchronous-default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0  max-limit=0 name=Global-Out parent=global-out priority=1
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0  max-limit=0 name=DatosOut packet-mark=DATOS parent=Global-Out  priority=8 queue=synchronous-default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0  max-limit=0 name=VozOut packet-mark=VOIP parent=Global-Out priority=2  queue=synchronous-default

Please, we need know if Mikrotik is capable to resolve this problem or we must to change all the solution for other product and desestimate mikrotik use in future solutions.

We really apreciate your help.

7

See Chupaka’s post from several month ago: priority determines who reaches limit-at and max-limit first. Your queues have neither. Set a limit-at of 25k and a max-limit of 40k on the VoIP queues and some realistic limit on the data queues (should roughly reflect the circuit capabilities that connect routers minus the slice guaranteed to VoIP), and the sum of them on their parent queues. Then try again.

Your connection/packet marking could also be simplified some but if it works, it works. Have you determined it works, though? You’re relying on DSCP set to 46 for VoIP packets. Have you determined that other equipment is actually setting those DSCP marks?

Lastly, if this is something you are charging a customer money for and need to have fixed, you should be aware that this is a community forum. This is not the official vendor support channel, that would be email with them or possibly a certified consultant. I am just mentioning that in case you are unaware given that you appeal to “Mikrotik” to “fix it” in your post.

8

The new queue configuration, now with limit-at and max-limit in all queues.

You consider adecuated this limits for a 256k simetric DSL bridge?

With a bandwidth test whitout queues the tcp traffic reach 210 kbps (stable).

/queue tree
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=185k max-limit=215k name=Global-in parent=global-in priority=1
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=160k max-limit=170k name=Datos packet-mark=DATOS parent=Global-in priority=8 queue=synchronous-default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=25k  max-limit=40k  name=VozIP packet-mark=VOIP  parent=Global-in priority=2  queue=synchronous-default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=185k max-limit=215k name=Global-Out parent=global-out priority=1
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=160k max-limit=170k name=DatosOut packet-mark=DATOS parent=Global-Out  priority=8 queue=synchronous-default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=25k  max-limit=40k  name=VozOut packet-mark=VOIP parent=Global-Out priority=2  queue=synchronous-default

The voice packets are marked in all voice devices and not have other equipments marking with dscp 46 (proved). The average rate for voice queues are around 37 kbps in both directions when have a conversation and only one control packet every 30 seconds when is in stanby.

In last, we send our questions to our reseller, but didn’t get enough help (even during the first 30 day of support), for this reason decide re open this post.

Thanks again, will come back with the test results.

9

That looks reasonable. Hope it tests out OK.