QoS for ADSL link

_saik0 · November 9, 2010, 1:52am

Sadly I cannot delete topics I created so bare with me… Mods are free to delete my last QoS topic.

Got ADSL link and am behind NAT masquerading.
Firstly, can somebody point me to a working and tested ADSL QoS setup on mikrotik?
I was trying to follow the Megis QoS Best practice (link) but encountered issues.

First since I’m behind NAT i cannot use interface-out HTB for PCQ queue on upload traffic. I’d have to use global-out. The problem here is, if I limit traffic on global-out my download traffic will be limited too!
Is there a way to solve that one?

Second, If I try to combine mangle prerouting (for traffic type marking) and mangle forward (to mark traffic for PCQ) the prerouting mangle rules simply don’t mark any traffic anymore. If I disable the forward mangle rule, the prerouting mangle rules start to get traffic. Why?

[saiko@core] /ip firewall mangle> pr                                   
Flags: X - disabled, I - invalid, D - dynamic 
 0   chain=forward action=change-mss new-mss=1452 tcp-flags=syn protocol=tcp 
     in-interface=pppoe-out1 tcp-mss=1453-65535 

 1   chain=forward action=change-mss new-mss=1452 tcp-flags=syn protocol=tcp 
     out-interface=pppoe-out1 tcp-mss=1453-65535 

 2   chain=prerouting action=mark-connection new-connection-mark=http_conn 
     passthrough=yes protocol=tcp src-address=10.1.0.0/24 dst-port=80,3128 

 3   chain=prerouting action=mark-packet new-packet-mark=http passthrough=no 
     connection-mark=http_conn 

 4   chain=prerouting action=mark-connection new-connection-mark=ftp_conn 
     passthrough=yes protocol=tcp src-address=10.1.0.0/24 dst-port=21 

 5   chain=prerouting action=mark-packet new-packet-mark=ftp passthrough=no 
     connection-mark=ftp_conn 

 6   chain=prerouting action=mark-connection new-connection-mark=ssh_conn 
     passthrough=yes protocol=tcp src-address=10.1.0.0/24 dst-port=22 

 7   chain=prerouting action=mark-packet new-packet-mark=ssh passthrough=no 
     connection-mark=ssh_conn 

 8   chain=prerouting action=mark-connection new-connection-mark=other_conn 
     passthrough=yes src-address=10.1.0.0/24 

 9   chain=prerouting action=mark-packet new-packet-mark=other passthrough=no 
     connection-mark=users_conn 

10 X chain=forward action=mark-connection new-connection-mark=users_conn 
     passthrough=yes src-address=10.1.0.0/24 

11 X chain=forward action=mark-packet new-packet-mark=users passthrough=no 
     connection-mark=users_conn

_saik0 · November 19, 2010, 3:04pm

anyone?

roadracer96 · November 19, 2010, 9:07pm

From my office. Just a excerpt. Real queue rules are about 10x longer for different types of traffic. This just puts upload and download in a PCQ. Download on the LAN interface and upload on the Internet interface. Additional stuffs can be marked and assigned to the download/upload tree. I have a couple simple queues for traffic originating at the router itself…

/ip firewall mangle
add action=mark-connection chain=forward connection-state=new disabled=no in-interface=InternetIface new-connection-mark=All passthrough=yes
add action=mark-connection chain=forward connection-state=new disabled=no new-connection-mark=All out-interface=InternetIface passthrough=yes
add action=mark-packet chain=forward connection-mark=All disabled=no new-packet-mark=All passthrough=yes

/queue type
add kind=pcq name=Internet_Download pcq-classifier=dst-address pcq-limit=50 pcq-rate=0 pcq-total-limit=20000
add kind=pcq name=Internet_Upload pcq-classifier=src-address pcq-limit=50 pcq-rate=0 pcq-total-limit=20000

/queue tree
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=7900k name=Download parent=LanIface priority=8
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=7M name=All_Download packet-mark=All parent=Download priority=7 queue=Internet_Download
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=1900k name=Upload parent=InternetIface priority=8
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=1500k name=All_Upload packet-mark=All parent=Upload priority=7 queue=Internet_Upload

_saik0 · November 19, 2010, 9:21pm

Are u using NAT masquerading?
If so, isn’t the problem here with queue type Internet_Upload?
“InternetIface” only sees one srcNATed IP address so it can’t group traffic by it’s real local IP address…
You would have to use global-out as it’s the only one aware of real IP addresses i think…

Anyhow can you provide the config with a few traffic prioritising rules, beyond just traffic shaping you gave here?

roadracer96 · November 19, 2010, 10:49pm

Guess you are right. Never goes above one PCQ… Never noticed because I have 12 other queues for upload w/ VOIP/HTTP(s) and other known applications so it always just worked. I moved the PCQ for the ALL packet mark to a simple queue affecting just TX and now it creates multiple PCQ.

The only think I care about is being able to up/download at full speed while having 4-5 voip calls going in the office and not having them sound like its 1942.

_saik0 · November 20, 2010, 3:14am

Could you now post a bit more detailed setup with those simple queues and few other traffic prioritising rules?

Thanks