Question on connection mark and how to find out more info

mdkberry · February 17, 2014, 8:56am

Hi

I am trying to figure out QoS for a PBX and some other traffic and working from the script and queue setup based on this link by pcunite http://forum.mikrotik.com/t/using-routeros-to-qos-your-network-2020-edition/66683/1

I am trying to mark UDP packets coming from a PBX using this code;

# Mark all UDP traffic for an IP-PBX.
add chain=forward action=mark-connection protocol=udp src-address=192.168.20.2 connection-state=new new-connection-mark=“VOIP” comment=“IP-PBX”
add chain=forward action=mark-packet passthrough=no connection-mark=“VOIP” new-packet-mark=“VOIP”
add chain=forward action=mark-connection protocol=udp dst-address=192.168.20.2 connection-state=new new-connection-mark=“VOIP”
add chain=forward action=mark-packet passthrough=no connection-mark=“VOIP” new-packet-mark=“VOIP”

which is working sometimes, but I am also seeing a lot of the 192.168.20.2 UDP traffic showing up marked by this code;

# Mark all UDP traffic. Mark different UDP streams if you want more granularity.
add chain=prerouting action=mark-connection protocol=udp connection-state=new new-connection-mark=“UDP” comment=“UDP”
add chain=prerouting action=mark-packet passthrough=no connection-mark=“UDP” new-packet-mark=“UDP”

I am seeing this connection mark flash by in /ip firewall connections and cant find a way to log it to a file, or work out exactly what is getting marked when. Is there a better way to log the traffic being marked and find out which mangle rule it is passing through? packet sniffer doenst show the connection mark.

the above issue I guess is whether 192.168.20.2 traffic arrives in the mangle-forward or mangle-prerouting (I have been watching the various videos on this stuff but its still blowing my mind a bit trying to really grasp it)

I really need a way to check if the traffic is hitting the right queues and so on

mdkberry · February 17, 2014, 10:28pm

I’ll just keep answering my own questions as I get them;

setting the mangle rule to action: log, is one way to observe the effect of a rule. example,

UDP_Mark_Connection prerouting: in:ether2 out:(none), src-mac 00:15:c5:49:59:8e, proto UDP, 192.168.20.2:137->10.10.10.10:137, NAT (192.168.20.2:137->10.10.20.143:137)->10.10.10.10:137, len 78

though I now need to figure out how to mark all the UDP traffic from 192.168.20.2 as “VOIP” not just forwarded but the prerouted too.
and all the traffic from the rest of the subnet, and other subnets, should be marked as “UDP” as per the rules in the initial post.

pcunite · February 18, 2014, 2:29am

Then you’re a pretty smart person …

CelticComms · February 18, 2014, 2:52am

Have you tried simply using the mangle rules in the prerouting chain?

mdkberry · February 18, 2014, 6:15am

yea but when I had some mangle rule issues it was showing me chaotic info
also useful was watching the Queue traffic rates and build up.

still want to know a way to see the Queues in graphs to track when it gets near to max-limit but probably end up using PRTG netflow for that, or maybe The Dude can help with it. will be looking at those next.