QoS is performed on rb600 that is as transparent bridge sitting between my border router (wich performs NAT into public IP’s (/24) and ISP Cisco.)
Bridge has “Use IP Firewall” enabled=yes
/ip firewall mangle> pr
Flags: X - disabled, I - invalid, D - dynamic
0-36 Several filters performing conn. marking and followed by packet marking whereafter traffic is leaving mangle routing (passthroug=no))
37 ;;; tcp port 80 jump to “tcp” Chain
chain=forward action=jump jump-target=tcp protocol=tcp dst-port=80
38 ;;; ALL tcp traffic get “all_conn” conn. mark
chain=tcp action=mark-connection new-connection-mark=all_conn passthrough=yes connection-mark=!heavy_traffic_conn
39 ;;; Heavy tcp p80 user get “heavy_traffic_conn” conn. mark
chain=tcp action=mark-connection new-connection-mark=heavy_traffic_conn passthrough=yes protocol=tcp src-address=!84.232.92.4 connection-mark=all_conn
connection-bytes=500000-0 connection-rate=200k-100M
40 ;;; All NON heavy traffic user get “MED” packet mark
chain=tcp action=mark-packet new-packet-mark=MED passthrough=no connection-mark=all_conn
41 ;;; heavy_traffic_user gets IP address listed in address list for 24 hrs.
chain=tcp action=add-src-to-address-list address-list=heavy_traffic_user address-list-timeout=10m connection-mark=heavy_traffic_conn
42 ;;; heavy_traffic_user gets “LOW” Packet mark
chain=tcp action=mark-packet new-packet-mark=LOW passthrough=no connection-mark=heavy_traffic_conn
43 chain=tcp action=return
44-47 Not important for this topic
48 ;;; everything-else (All traffic not ‘catched’ by other rules)
chain=forward action=mark-connection new-connection-mark=low passthrough=yes
49 ;;; “low” connection marked traffic get “LOW” packet mark.
chain=forward action=mark-packet new-packet-mark=LOW passthrough=no connection-mark=low
Now, as can be seen the rule 37 puts all tcp port 80 traffic in new chain “tcp” .
Rule 38 marks all traffic in this chain with conn mark “all_conn” whereafter 39 then applies the actuall ´heavy traffic´ filter for these conns. But not for IP 84.232.92.4 which is my test PC’s public address!
So basically my PC’s IP is getting the “all_conn” mark and gets in rule 40 the packet mark “MED”. Same for all ´not heavy traffic´ traffic.
If I look in firewall / connections I see indeed my connections getting the conn mark “all_conn” but my Queue tree doesn’t see any traffic with packet mark “MED”!
On the contrary, the queue sees the traffic with packet mark “LOW”!
But rule 40 that gives conns the packet mark “MED” has passthrough=no so traffic now leaves the mangle process.
How come that traffic still ends up in the queue that has packet mark “Low” as its classifier?
Can it be the jump and return from the ´tcp´ chain is creating this problem?
Also, the queues:
/queue tree> print
Flags: X - disabled, I - invalid
0 name=“Servic_DWN” parent=local limit-at=0 priority=5 max-limit=19M burst-limit=0 burst-threshold=0 burst-time=0s
1 name=“UHP-D” parent=Servic_DWN packet-mark=U_HIGH limit-at=4M queue=pcq_dwn priority=1 max-limit=19M burst-limit=0 burst-threshold=0
burst-time=0s
2 name=“HP-DWN” parent=Servic_DWN packet-mark=HIGH limit-at=4M queue=pcq_dwn priority=3 max-limit=19M burst-limit=0 burst-threshold=0
burst-time=0s
3 name=“MP-DWN” parent=Servic_DWN packet-mark=MED limit-at=4M queue=pcq_dwn priority=5 max-limit=19M burst-limit=0 burst-threshold=0
burst-time=0s
4 name=“LP-DWN” parent=Servic_DWN packet-mark=LOW limit-at=5M queue=pcq_dwn priority=8 max-limit=16M burst-limit=0 burst-threshold=0
burst-time=0s
5 name=“Servic_Up” parent=WAN1 limit-at=0 priority=4 max-limit=19M burst-limit=0 burst-threshold=0 burst-time=0s
6 name=“UHP-U” parent=Servic_Up packet-mark=U_HIGH limit-at=4M queue=pcq_up priority=1 max-limit=19M burst-limit=0 burst-threshold=0
burst-time=0s
7 name=“HP-U” parent=Servic_Up packet-mark=HIGH limit-at=4M queue=pcq_up priority=3 max-limit=19M burst-limit=0 burst-threshold=0
burst-time=0s
8 name=“MED-U” parent=Servic_Up packet-mark=MED limit-at=4M queue=pcq_up priority=5 max-limit=19M burst-limit=0 burst-threshold=0
burst-time=0s
9 name=“LOW-U” parent=Servic_Up packet-mark=LOW limit-at=3M queue=P2P_pcq-up priority=8 max-limit=16M burst-limit=0 burst-threshold=0
burst-time=0s
As can be seen it is queue 4 that gets the traffic that is conn. marked “all_conn” (=packet mark “MED”) while it should get only traffic with packet mark “LOW”.
Queue 3 is not getting any traffic from these mangle filter while it should!
Any ideas?