QoS setup

RouterOS General
1

Hi all,

first of all I’ve read a lot of topics concerning QoS but couldn’t find a concrete answer so that’s why I am asking here.

I’ve been trying to set up QoS to limit video playback bandwidth that’s available to my users but for some reason I can’t get it to work.

My setup is the following:

  1. Mark the packet with regexp in IP->Firewall->Layer7 (add comment=Video name=Video regexp=videoplayback|video)
  2. Mark the connection in IP->Firewall->Mangle using that Layer7 rule (add action=mark-connection chain=prerouting comment=“Mark Video Streaming” layer7-protocol=Video new-connection-mark=video_stream passthrough=yes)
  3. Mark packets from that connection in IP->Firewall->Mangle (add action=mark-packet chain=prerouting comment=“Mark Video Stream Packet” connection-mark=video_stream new-packet-mark=video_stream_packet passthrough=no)
  4. Create queue tree and limit packet rate ( add burst-limit=192k burst-time=10s comment=“Video Queue” max-limit=128k name=video-stream packet-mark=video_stream_packet parent=ether1-master queue=default)

My queue tree detects some packets but way too little. I turn on a video but it doesn’t limit the bandwidth enough because I can still stream in 4K without a problem
What am I missing here?

2

Have you done a packet capture of your video to ensure that all ports/protocols and src/dst have been properly identified to mark?

What does your config look like?

3

I’ve written what exactly I’ve configured, but it seems that the issue has just been resolved. The mangle rules were not ordered correctly. After rearranging the one that were marking the packets to be first in the list, the queue tree seems to pick up a lot more traffic. Further testing needs to be done but this could be it

4

Hello dear friend:
Here I leave you my QoS to be serviced, please publish your QoS so I can review it.
Thank you.

/ip firewall filter
add action=add-dst-to-address-list address-list=“YOUTUBE LIST” address-list-timeout=
none-dynamic chain=forward comment=“YOUTUBE LIST” connection-state=new content=
googlevideo.com dst-port=80,443 in-interface=“PUENTE 1” protocol=tcp

/ip firewall mangle
add action=mark-connection chain=prerouting comment=“-----ICMP (PING)-----”
connection-state=new new-connection-mark=ICMP_C passthrough=yes protocol=icmp
add action=mark-packet chain=prerouting connection-mark=ICMP_C new-packet-mark=ICMP
passthrough=no
add action=mark-connection chain=prerouting comment=-----DNS----- connection-state=new
new-connection-mark=DNS_C passthrough=yes port=53 protocol=udp
add action=mark-packet chain=prerouting connection-mark=DNS_C new-packet-mark=DNS
passthrough=no
add action=mark-connection chain=prerouting comment=-----YOUTUBE-----
new-connection-mark=YOUTUBE_C passthrough=yes port=80,443 protocol=tcp
src-address-list=“YOUTUBE LIST”
add action=mark-connection chain=prerouting new-connection-mark=YOUTUBE_C passthrough=
yes port=80,443 protocol=udp src-address-list=“YOUTUBE LIST”
add action=mark-packet chain=prerouting connection-mark=YOUTUBE_C new-packet-mark=
YOUTUBE passthrough=no
add action=mark-connection chain=prerouting comment=-----FACEBOOK----- layer7-protocol=
FACEBOOK new-connection-mark=FACEBOOK_C passthrough=yes
add action=mark-packet chain=prerouting connection-mark=FACEBOOK_C new-packet-mark=
FACEBOOK passthrough=no
add action=mark-connection chain=prerouting comment=-----WEB----- connection-mark=
!WEB_BIG connection-state=new new-connection-mark=WEB_C passthrough=yes port=
80,443,8000-9000 protocol=tcp
add action=mark-connection chain=prerouting comment=-----WEB-BIG----- connection-bytes=
2496000-0 connection-mark=WEB_C connection-rate=2112k-10240k new-connection-mark=
WEB_BIG passthrough=yes src-address-list=“BLOQUEO CYBER”
add action=mark-packet chain=prerouting connection-mark=WEB_BIG new-packet-mark=WEB-BIG
passthrough=no
add action=mark-packet chain=prerouting connection-mark=WEB_C new-packet-mark=WEB
passthrough=no
add action=mark-connection chain=prerouting comment=-----REST----- connection-state=new
new-connection-mark=REST_C passthrough=yes
add action=mark-packet chain=prerouting connection-mark=REST_C new-packet-mark=REST
passthrough=no



I hope it helps you.

5

Dear friend,
I served you the QoS that I publish, I am waiting for your response.

6

Layer7:

/ip firewall layer7-protocol
add comment=Video name=Video regexp=videoplayback|video
add comment=“Microsoft Update” name=“Microsoft Updates” regexp=User-Agent:.Microsoft-Delivery-Optimization

Mangle:

add action=mark-connection chain=prerouting comment=“Mark Video Streaming” in-interface="ether2 - BIDC Local " layer7-protocol=Video new-connection-mark=video_stream passthrough=yes
add action=mark-packet chain=prerouting comment=“Mark Video Stream Packet” connection-mark=video_stream new-packet-mark=video_stream_packet passthrough=no
add action=mark-packet chain=prerouting comment=“Microsoft Updates” new-packet-mark=msupdates passthrough=yes src-address-list=“Windows Update”

Queue:

/queue tree
add burst-limit=192k burst-time=10s comment=“Video Queue” max-limit=128k name=video-stream packet-mark=video_stream_packet parent=ether1-gateway queue=default
add burst-limit=256k burst-threshold=256k burst-time=10s comment=“Windows Update Limit” max-limit=256k name=limit-windows-update packet-mark=msupdates parent=ether1-gateway queue=default

MS updates and video QoS implementation.

7

and you don’t mark anything else friend

8

I don’t understand what you are trying to say. Video packets are being marked and queued, that’s the most important part of our QoS, which seems to be working properly when it’s implemented this way. Do you have any suggestions or?

9

What I mean is that if in your mangrove, you only mark the packages for the video, you do not mark the Facebook packages, the web traffic, the “ICMP” traffic, the DNS traffic, just as I mark them in my Mangrove, I hope you understand me friend

10

Hello,

I want to reduce the download speed the Windows 10 Updates, via simple queue, but don’t work.

If add rule to drop it, works fine.

/ip firewall layer7-protocol
add name=MicrosoftUpdates regexp="^.+(update.microsoft|windowsupdate|download.microsoft|wustat|wsus|sls.update.microsoft|vortex-win.data.microsoft.com|fe2.update.microsoft.com.akadns.net|vortex.data.microsoft|dl.delivery.mp|statsfe2.update.microsoft.com.akadns.net|ntservicepack).*$"

/ip firewall mangle
add action=mark-connection chain=forward comment="ms list dst Address List" connection-state=established,related,new new-connection-mark=ms-list1 passthrough=yes src-address-list=Windows_Update
add action=mark-packet chain=forward connection-mark=ms-list1 connection-state=established,related,new new-packet-mark=ms passthrough=no

/ip firewall filter
add action=add-src-to-address-list address-list=Windows_Update address-list-timeout=3w4d chain=forward comment="Windows Update tracking" in-interface-list=WAN layer7-protocol=MicrosoftUpdates protocol=tcp src-port=80,443

/queue simple
add limit-at=3M/250k max-limit=10M/750k name=MS packet-marks=ms queue=pcq-upload-default/pcq-download-default target=pppoe-out1