QoS and Queue Tree

RouterOS General
1

I’m trying to setup a simple per protocol QoS:
ftp, http and ssh.

Here’s my setup:

[saiko@core] /ip firewall mangle> pr
Flags: X - disabled, I - invalid, D - dynamic 
 0   chain=forward action=change-mss new-mss=1452 tcp-flags=syn protocol=tcp in-interface=pppoe-out1 
     tcp-mss=1453-65535 

 1   chain=forward action=change-mss new-mss=1452 tcp-flags=syn protocol=tcp out-interface=pppoe-out1 
     tcp-mss=1453-65535 

 2   chain=forward action=mark-connection new-connection-mark=http_conn passthrough=yes protocol=tcp 
     src-address=10.1.0.0/24 dst-port=80,3128 

 3   chain=forward action=mark-packet new-packet-mark=http passthrough=no connection-mark=http_conn 

 4   chain=forward action=mark-connection new-connection-mark=ftp_conn passthrough=yes protocol=tcp 
     src-address=10.1.0.0/24 dst-port=21 

 5   chain=forward action=mark-packet new-packet-mark=ftp passthrough=no connection-mark=ftp_conn 

 6   chain=forward action=mark-connection new-connection-mark=ssh_conn passthrough=yes protocol=tcp 
     src-address=10.1.0.0/24 dst-port=22 

 7   chain=forward action=mark-packet new-packet-mark=ssh passthrough=no connection-mark=ssh_conn 

 8   chain=forward action=mark-connection new-connection-mark=users_conn passthrough=yes src-address=10.1.0.0/24 

 9   chain=forward action=mark-packet new-packet-mark=users passthrough=no connection-mark=users_conn




[saiko@core] /queue tree> pr
Flags: X - disabled, I - invalid 
 0   name="total_download" parent=LAN limit-at=0 priority=8 max-limit=10M burst-limit=0 burst-threshold=0 
     burst-time=0s 

 1   name="http_dl" parent=total_download packet-mark=http limit-at=0 queue=default priority=2 max-limit=0 
     burst-limit=0 burst-threshold=0 burst-time=0s 

 2   name="ftp_dl" parent=total_download packet-mark=ftp limit-at=0 queue=default priority=8 max-limit=0 burst-limit=0 
     burst-threshold=0 burst-time=0s 

 3   name="total_upload" parent=pppoe-out1 limit-at=0 priority=8 max-limit=500k burst-limit=0 burst-threshold=0 
     burst-time=0s 

 4   name="ftp_ul" parent=total_upload packet-mark=ftp limit-at=0 queue=default priority=8 max-limit=0 burst-limit=0 
     burst-threshold=0 burst-time=0s 

 5   name="http_ul" parent=total_upload packet-mark=http limit-at=0 queue=default priority=2 max-limit=0 burst-limit=0 
     burst-threshold=0 burst-time=0s 

 6   name="ssh_dl" parent=total_download packet-mark=ssh limit-at=0 queue=default priority=1 max-limit=0 burst-limit=0 
     burst-threshold=0 burst-time=0s 

 7   name="ssh_up" parent=total_upload packet-mark=ssh limit-at=0 queue=default priority=1 max-limit=0 burst-limit=0 
     burst-threshold=0 burst-time=0s 

 8   name="equal_user_dl" parent=total_download packet-mark=users limit-at=0 queue=PCQ_down priority=8 max-limit=0 
     burst-limit=0 burst-threshold=0 burst-time=0s 

 9   name="equal_user_ul" parent=total_upload packet-mark=users limit-at=0 queue=PCQ_up priority=8 max-limit=0 
     burst-limit=0 burst-threshold=0 burst-time=0s

I left FTP to upload at max speed and tried to access a remote ssh: all well ssh was perfectly smooth.
Then I disabled queue tree rules 6 and 7. The result was surprisingly same. How come?
Then I disabled rules 8&9. Only after those two were disabled (and even if I reenabled 6&7) SSH started to get laggy…
When rules 6&7 were enabled, the counters were displaying traffic on rules on them.

Are the mangle rules even set properly? I mean the order..

2

I don’t believe your FTP rules are really having any effect since active FTP transfers data over tcp port 20 and passive FTP uses a random port > 1024 to transfer data.

3

The rules for FTP work when using unencrypted FTP because i’m marking a whole connection that gets started when accesing remote 21 port. I’m getting upload traffic on the Queue tree rule 4 (ftp_ul).

4

@staff
please delete thread as I want to start another one but from a different point of view..
Thanks