Queue Tree and PCQ

RouterOS General
1

I would like to use both PCQ and queue tree if possible. I am not certain it is. Basically, I want to prioritize VOIP and work traffic over other things going on at the house. In the past, I have used the mangle like this:
add action=mark-connection chain=prerouting comment=DNS connection-state=new
new-connection-mark=DNS passthrough=yes port=53 protocol=udp
add action=mark-packet chain=prerouting connection-mark=DNS new-packet-mark=
DNS passthrough=no
add action=mark-connection chain=postrouting connection-state=new
new-connection-mark=DNS passthrough=yes port=53 protocol=udp
add action=mark-packet chain=postrouting connection-mark=DNS new-packet-mark=
DNS passthrough=noI understand PCQ is similar like:
add action=mark-packet chain=forward comment=“172.20.3.0/25 Upload”
new-packet-mark=“172.20.3.0/25 Upload” passthrough=no src-address=
172.20.3.0/25
add action=mark-packet chain=forward comment=“172.20.3.0/25 Download”
dst-address=172.20.3.0/25 in-interface=Uplink new-packet-mark=
“172.20.3.0/25 Download” passthrough=noWas the src-address and interface reversal the right way to do that?

I am most unclear about the parent/child. I am guessing I would have:
add comment=“172.20.3.0/25 Download” name=“172.20.3.0/25 Download”
packet-mark=“172.20.3.0/25 Download” parent=global queue=
“172.20.3.0/25 Download”
add comment=“172.20.3.0/25 Upload” name=“172.20.3.0/25 Upload” packet-mark=
“172.20.3.0/25 Upload” parent=global queue="172.20.3.0/25 Upload"But I will need multiple layers. How do I do that? The goal would be to divide traffic into upload and download, and then prioritize packets within:

  1. Download
    1.1 Download VOIP
    1.2 Download WebEx/Skype/Facetime
    1.3 Download ACK/DNS
    1.4 Download Work (anything VPN? IP based?)
    1.5 Download HTTP/HTTPS
    1.6 Download other non streaming
    1.7 Download streaming
  2. Upload
    1.1 Upload VOIP
    1.2 Upload WebEx/Skype/Facetime
    1.3 Upload ACK/DNS
    1.4 Upload Work (anything VPN? IP based?)
    1.5 Upload HTTP/HTTPS
    1.6 Upload other non streaming
    1.7 Upload streaming

Can someone provide some specific guidance?

2

You need to mark connection only once, at forward chain. Then you mark all packets of this named connection in forward chain. This method mark all upload and download stream. Queue try parent must be:
for download-lan(downstream to lan)
for upload-wan(downstream to wan)
don’t use global
Like this:

  1. Download, parent lan
    1.1 high-dwnl, packet mark-high
    1.2 mid-dwnl, packet mark-mid
    1.3 norm-dwnl,..
    1.4 low-dwnl,..




    Yours respectfully!
3

I think I am following. So a connection could be marked as Download, then later marked as an ACK?

How can I watch the packet and connection marks for debugging–a wire shark equivalent-- or should I just turn in login for a minute?

4

You mark new connection only once when you mark connection , other work do a connection tracker. Packet mark rule do this on each packets! You can look at mangle rule packets count. Connection tracker at /ip firewall connections


Yours respectfully!

5

You mark new connection only once when you mark connection , other work do a connection tracker. Packet mark rule do this on each packets! You can look at mangle rule packets count. Connection tracker at /ip firewall connections


Yours respectfully!

6

Sure. But what if you want to mark a connection so that packets on the same connection do not require processing, like VOIP?

If you allow queue tree processing to continue and another rule matches, what happens?

7

You mean passthrough=no(not processed in mangle, after this rule)? Or you mean about fastpath(not processed in queue, etc..)?


Yours respectfully!