QOS setup help

mves · May 12, 2011, 11:38pm

Hi everyone…
I’m having difficulties to properly mark connections. What am I doing wrong since this works only for upload and it should work only for download
I need to fix limit download per address (without simple queues!) but this seams to work only for upload.
Anyone can point me to the right track?

/ip firewall mangle
add action=mark-packet chain=prerouting comment=ICMP disabled=no new-packet-mark=ICMP passthrough=no protocol=icmp src-address=192.168.x.222

add action=mark-packet chain=prerouting comment=DNS disabled=no dst-port=53 new-packet-mark=DNS passthrough=no protocol=udp src-address=192.168.x.222

add action=mark-packet chain=prerouting comment=______________________P2P_________________ disabled=no dst-port=10000-65535 new-packet-mark=P2P \
    passthrough=no protocol=tcp src-address=192.168.x.222 src-port=10000-65535

add action=mark-packet chain=prerouting comment="" disabled=no dst-port=10000-65535 new-packet-mark=P2P passthrough=no protocol=udp src-address=\
    192.168.x.222 src-port=10000-65535

add action=mark-packet chain=prerouting comment="" disabled=no dst-port=10000-65535 new-packet-mark=P2P passthrough=no protocol=tcp src-address=\
    192.168.x.222 src-port=1000-5000

add action=mark-packet chain=prerouting comment="Https download" connection-bytes=50000-0 disabled=no dst-port=443 new-packet-mark="https download" \
    passthrough=no protocol=tcp src-address=192.168.x.222

add action=mark-packet chain=prerouting comment="Ftp download" connection-bytes=50000-0 disabled=no dst-port=21 new-packet-mark="Ftp download" \
    passthrough=no protocol=tcp src-address=192.168.x.222

add action=mark-packet chain=prerouting comment="SSH download" disabled=no dst-port=22 new-packet-mark="SSH download" packet-size=1400-1500 \
    passthrough=no protocol=tcp src-address=192.168.x.222

add action=mark-packet chain=prerouting comment="http surf" connection-bytes=0-50000 disabled=no dst-port=80 new-packet-mark="Http surf" passthrough=no \
    protocol=tcp src-address=192.168.x.222

add action=mark-packet chain=prerouting comment="Http download" connection-bytes=50000-0 disabled=no dst-port=80 new-packet-mark="http download" \
    passthrough=no protocol=tcp src-address=192.168.x.222

add action=mark-packet chain=prerouting comment=Winbox disabled=no dst-port=8291 new-packet-mark=Winbox passthrough=no protocol=tcp src-address=\
    192.168.x.222

add action=mark-packet chain=prerouting comment="Https surf" connection-bytes=0-50000 disabled=no dst-port=443 new-packet-mark="Https surf" \
    passthrough=no protocol=tcp src-address=192.168.x.222

add action=mark-packet chain=prerouting comment=Telnet disabled=no dst-port=23 new-packet-mark=Telnet passthrough=no protocol=tcp src-address=\
    192.168.x.222

add action=mark-packet chain=prerouting comment=SSH disabled=no dst-port=22 new-packet-mark=SSH passthrough=no protocol=tcp src-address=192.168.x.222

add action=mark-packet chain=prerouting comment=SNMP disabled=no dst-port=161 new-packet-mark=SNMP passthrough=no protocol=udp src-address=\
    192.168.x.222

add action=mark-packet chain=prerouting comment=________________ disabled=no new-packet-mark=Ostalo passthrough=no src-address=192.168.x.222

/queue tree
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=1500k max-limit=1500k name="Prioritet 3" packet-mark="Http surf,Https surf" \
    parent=global-in priority=3 queue="Test PCQ"
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=1500k max-limit=1500k name="Prioritet 6" packet-mark=\
    "https download,http download,Ftp download,SSH download" parent=global-in priority=6 queue="Test PCQ"
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=1500k max-limit=1500k name="Prioritet 7" packet-mark=Ostalo parent=global-in \
    priority=7 queue="Test PCQ"
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name="Prioritet 2" packet-mark=DNS,Winbox,SSH,SNMP,Telnet parent=\
    global-in priority=2 queue="Test PCQ"
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name="Prioritet 1" packet-mark=ICMP parent=global-in priority=1 \
    queue="Test PCQ"
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=1500k max-limit=1500k name="Prioritet 8" packet-mark=P2P parent=global-in \
    priority=8 queue="Test PCQ"

/queue type
add kind=pcq name="Test PCQ" pcq-classifier=dst-address pcq-limit=20 pcq-rate=0 pcq-total-limit=1000

derr12 · May 13, 2011, 6:18pm

It looks to me the reason that your direction is wrong is because you are using src-address instead of dst address.

/ip firewall mangle
add action=mark-packet chain=prerouting comment=ICMP disabled=no new-packet-mark=ICMP passthrough=no protocol=icmp src-address=192.168.x.222

this should be /ip firewall mangle
add action=mark-packet chain=prerouting comment=ICMP disabled=no new-packet-mark=ICMP passthrough=no protocol=icmp dst-address=192.168.x.222

When creating download mangles the inbound traffic will go to a destination address, when creating outbound mangles it will come from that local IP or the source address.

Feklar · May 13, 2011, 9:39pm

For example here is a queue tree that I often use:

/queue tree
add disabled=no limit-at=0 max-limit=10M name="Global Download" parent=LAN priority=8
add disabled=no limit-at=0 max-limit=1M name="Global Upload ISP1" parent=WAN priority=8
add disabled=no limit-at=8M max-limit=10M name="Normal Download" packet-mark=other_traffic parent=\
    "Global Download" priority=4 queue=default
add disabled=no limit-at=1M max-limit=10M name="Heavy Download" packet-mark=heavy_traffic parent=\
    "Global Download" priority=8 queue=default
add disabled=no limit-at=1M max-limit=10M name="High Download" packet-mark=high_traffic parent=\
    "Global Download" priority=1 queue=default
add disabled=no limit-at=512k max-limit=1M name="Normal Upload ISP1" packet-mark=other_traffic \
    parent="Global Upload ISP1" priority=4 queue=default
add disabled=no limit-at=256k max-limit=1M name="Heavy Upload ISP1" packet-mark=heavy_traffic \
    parent="Global Upload ISP1" priority=8 queue=default
add disabled=no limit-at=256k max-limit=1M name="High Upload ISP1" packet-mark=high_traffic parent=\
    "Global Upload ISP1" priority=1 queue=default

The way it reads is that LAN is capable of 10 Mbps total at any given time (download). Of that 8M is guaranteed for normal traffic, and 1M is guaranteed to low priority and high priority each, but all of them can spike up to 10M if it is available. Priority works by determining what queue will reach max-limit first. (i.e. high priority will be able to reach 10M before anything else if there is room free in the queue, and normal will reach max-limit before low as well).

WAN reads the same, just with different limits.

A queue needs at minimum a max-limit to work, otherwise it doesn’t know what it is capable of. Adjust your tree to meet your needs.

mves · May 24, 2011, 8:49am

Thx… I’ll try
Sorry for a late reply