queue tree dropping connection

Solaris · October 11, 2010, 7:29pm

i have problem queue tree dropping connection whenever client reached it’s maximum bandwidth, is this a normal behavior on queue tree?isn’t suppose to shape it up?

my setup

 0   chain=prerouting action=mark-packet new-packet-mark=hotspot-up 
     passthrough=no src-address=192.168.99.2 in-interface=Hotspot 

 1   chain=prerouting action=mark-packet new-packet-mark=hotspot-up 
     passthrough=no src-address=192.168.99.8 in-interface=Hotspot 

 2   chain=prerouting action=mark-packet new-packet-mark=hotspot-up 
     passthrough=no src-address=192.168.99.3 in-interface=Hotspot 

 3   chain=prerouting action=mark-packet new-packet-mark=hotspot-up 
     passthrough=no src-address=192.168.99.4 in-interface=Hotspot 

 4   chain=prerouting action=mark-packet new-packet-mark=hotspot-up 
     passthrough=no src-address=192.168.99.5 in-interface=Hotspot 

 5   chain=prerouting action=mark-packet new-packet-mark=hotspot-up 
     passthrough=no src-address=192.168.99.6 in-interface=Hotspot 

 6   chain=prerouting action=mark-packet new-packet-mark=hotspot-up 
     passthrough=no src-address=192.168.99.7 in-interface=Hotspot 

 7   chain=prerouting action=mark-packet new-packet-mark=hotspot-up 
     passthrough=no src-address=192.168.99.9 in-interface=Hotspot 

 8   chain=prerouting action=mark-packet new-packet-mark=hotspot-up 
     passthrough=no src-address=192.168.99.10 in-interface=Hotspot 

 9   chain=prerouting action=mark-packet new-packet-mark=hotspot-up 
     passthrough=no src-address=192.168.99.11 in-interface=Hotspot 

10   chain=prerouting action=mark-packet new-packet-mark=hotspot-up 
     passthrough=no src-address=192.168.99.12 in-interface=Hotspot 

11   chain=prerouting action=mark-packet new-packet-mark=hotspot-up 
     passthrough=no src-address=192.168.99.13 in-interface=Hotspot 

12   chain=prerouting action=mark-packet new-packet-mark=hotspot-up 
     passthrough=no src-address=192.168.99.14 in-interface=Hotspot 

13   chain=forward action=mark-connection new-connection-mark=hotspot-conn 
     passthrough=yes src-address=192.168.99.2 

14   chain=forward action=mark-connection new-connection-mark=hotspot-conn 
     passthrough=yes src-address=192.168.99.3 

15   chain=forward action=mark-connection new-connection-mark=hotspot-conn 
     passthrough=yes src-address=192.168.99.4 

16   chain=forward action=mark-connection new-connection-mark=hotspot-conn 
     passthrough=yes src-address=192.168.99.5 

17   chain=forward action=mark-connection new-connection-mark=hotspot-conn 
     passthrough=yes src-address=192.168.99.6 

18   chain=forward action=mark-connection new-connection-mark=hotspot-conn 
     passthrough=yes src-address=192.168.99.7 

19   chain=forward action=mark-connection new-connection-mark=hotspot-conn 
     passthrough=yes src-address=192.168.99.8 

20   chain=forward action=mark-connection new-connection-mark=hotspot-conn 
     passthrough=yes src-address=192.168.99.9 

21   chain=forward action=mark-connection new-connection-mark=hotspot-conn 
     passthrough=yes src-address=192.168.99.10 

22   chain=forward action=mark-connection new-connection-mark=hotspot-conn 
     passthrough=yes src-address=192.168.99.11 

23   chain=forward action=mark-connection new-connection-mark=hotspot-conn 
     passthrough=yes src-address=192.168.99.12 

24   chain=forward action=mark-connection new-connection-mark=hotspot-conn 
     passthrough=yes src-address=192.168.99.13 

25   chain=forward action=mark-connection new-connection-mark=hotspot-conn 
     passthrough=yes src-address=192.168.99.14 

26   chain=forward action=mark-packet new-packet-mark=hotspot-down 
     passthrough=no src-address=192.168.99.0/28 in-interface=Wan 
     connection-mark=hotspot-conn

5 name="hotspot-auto-down" kind=pcq pcq-rate=1000000 pcq-limit=50 pcq-classifier=dst-address pcq-total-limit=2000 
6 name="hotspot-auto-up" kind=pcq pcq-rate=256000 pcq-limit=50 pcq-classifier=src-address pcq-total-limit=2000

 0   name="hotspot-parent-down" parent=Hotspot limit-at=0 priority=8 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s 

 1   name="hotspot-parent-up" parent=global-in limit-at=0 priority=8 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s 

 2   name="hotspot-per-down" parent=hotspot-parent-down packet-mark=hotspot-down limit-at=0 queue=hotspot-auto-down priority=8 max-limit=1M burst-limit=0 burst-threshold=0 
     burst-time=0s 

 3   name="hotspot-per-up" parent=hotspot-parent-up packet-mark=hotspot-up limit-at=0 queue=hotspot-auto-up priority=8 max-limit=256k burst-limit=0 burst-threshold=0 
     burst-time=0s

what’s wrong with my setup? my intention is to limit the hotspot user into max 1mbps down and 256 kbps up,whenever 1 user use it,he will use it up all of the max 1mb/256kbps,and when another user come it will cut half and so on until max 13 user reached. The limitation seems to be works but the queue tree simply drop the connection whenever user breach the max limit .

fewi · October 11, 2010, 8:04pm

The limitation seems to be works but the queue tree simply drop the connection

What does ‘drop the connection’ mean in detail? There are several ways to interpret that.

Also, that’s not a particularly efficient way to use PCQ with Hotspots. See http://mum.mikrotik.com/presentations/US10/FelixWindt.pdf for something more scalable, requiring far fewer rules.

Solaris · October 11, 2010, 8:42pm

hmm thanks but it still dropping the connection, what i’ve meant by this is, i am simulating user downloading using a download manager, when user initiate simultaneous download which used all of the 1 mbps bandwidth,it will reset to 0 kbps back again instead shaping up the bandwidth at steady ~1mbps, is this a normal outcome from pcq + queue tree? i was tested using pre-generated rule by userman which using simple queue, it perfectly shaping up the bandwidth at steady without dropping the bandwidth back to 0 kbps.

Solaris · October 11, 2010, 9:17pm

Here is i record a video to describe best my problem : http://www.youtube.com/watch?v=xBVCIny8fHQ

Solaris · October 12, 2010, 8:30am

it seem hotspot forcing to create simple queue rule for the hotspot server, no matter i have deleted,it still will be regenerated :

 0  D name="hs-<test>" dst-address=0.0.0.0/0 interface=Hotspot 
      parent=none direction=both priority=8 
      queue=hotspot-default/hotspot-default limit-at=0/0 max-limit=0/0 
      burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s 
      total-queue=default-small

or does speed dropping that i’ve encounter have anything to do with pre-generated hotspot firewall filter and nat rule?, do i need to delete all of that generated rule?? and replace it with the one from that pdf?

fewi · October 12, 2010, 12:16pm

The generated rules cannot be deleted. They are dynamic. The filter and NAT rules are what actually makes the Hotspot work.

I run the configuration from the PDF for thousands of clients, it works fine without the stalls you are seeing. Please post an export of the relevant parts of your configuration to make sure it looks good. Is CPU load high during the stalls?

/ip address print detail
/ip route print detail
/ip firewall export
/ip hotspot export
/queue export

Solaris · October 13, 2010, 2:33am

Hmm i was reset all the router configuration and restore the main part of the backup,at first yes it works but it seems problem starting to happened when i multicast going on.

 0   ;;; ADSL Modem IP
     address=192.168.1.2/24 network=192.168.1.0 broadcast=192.168.1.255 interface=Wan actual-interface=Wan 

 1   ;;; Hotspot IP
     address=192.168.99.1/28 network=192.168.99.0 broadcast=192.168.99.15 interface=Hotspot actual-interface=Hotspot 

 2   ;;; Server IP
     address=192.168.88.1/30 network=192.168.88.0 broadcast=192.168.88.3 interface=Server actual-interface=Server 

 3   ;;; Squid IP
     address=192.168.77.1/30 network=192.168.77.0 broadcast=192.168.77.3 interface=Squid actual-interface=Squid 

 4   ;;; Client IP
     address=192.168.66.1/30 network=192.168.66.0 broadcast=192.168.66.3 interface=Client actual-interface=Client 

 5   ;;; House IP
     address=192.168.55.1/29 network=192.168.55.0 broadcast=192.168.55.7 interface=House actual-interface=House

C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, 
B - blackhole, U - unreachable, P - prohibit 
 0 A S  dst-address=0.0.0.0/0 gateway=192.168.1.1 
        gateway-status=192.168.1.1 reachable Wan distance=1 scope=30 
        target-scope=10 

 1 ADC  dst-address=192.168.1.0/24 pref-src=192.168.1.2 gateway=Wan 
        gateway-status=Wan reachable distance=0 scope=10 

 2 ADC  dst-address=192.168.55.0/29 pref-src=192.168.55.1 gateway=House 
        gateway-status=House reachable distance=0 scope=10 

 3 ADC  dst-address=192.168.66.0/30 pref-src=192.168.66.1 gateway=Client 
        gateway-status=Client unreachable distance=0 scope=200 

 4 ADC  dst-address=192.168.77.0/30 pref-src=192.168.77.1 gateway=Squid 
        gateway-status=Squid reachable distance=0 scope=10 

 5 ADC  dst-address=192.168.88.0/30 pref-src=192.168.88.1 gateway=Server 
        gateway-status=Server reachable distance=0 scope=10 

 6 ADC  dst-address=192.168.99.0/28 pref-src=192.168.99.1 gateway=Hotspot

/ip firewall connection tracking
set enabled=yes generic-timeout=10m icmp-timeout=10s tcp-close-timeout=10s \
    tcp-close-wait-timeout=10s tcp-established-timeout=1d \
    tcp-fin-wait-timeout=10s tcp-last-ack-timeout=10s \
    tcp-syn-received-timeout=5s tcp-syn-sent-timeout=5s tcp-syncookie=yes \
    tcp-time-wait-timeout=10s udp-stream-timeout=3m udp-timeout=10s
/ip firewall filter
add action=passthrough chain=unused-hs-chain comment=\
    "place hotspot rules here" disabled=yes
/ip firewall mangle
add action=mark-packet chain=prerouting comment="" disabled=no in-interface=\
    Hotspot new-packet-mark=hotspot-packet-up passthrough=no
add action=mark-packet chain=postrouting comment="" disabled=no \
    new-packet-mark=hotspot-packet-down out-interface=Hotspot passthrough=no
/ip firewall nat
add action=passthrough chain=unused-hs-chain comment=\
    "place hotspot rules here" disabled=yes
add action=accept chain=pre-hotspot comment="" disabled=no dst-address-type=\
    !local hotspot=auth
add action=masquerade chain=srcnat comment="" disabled=no out-interface=Wan
/ip firewall service-port
set ftp disabled=yes ports=21
set tftp disabled=yes ports=69
set irc disabled=yes ports=6667
set h323 disabled=yes
set sip disabled=yes ports=5060,5061
set pptp disabled=yes

/queue type
set default kind=pfifo name=default pfifo-limit=50
set ethernet-default kind=pfifo name=ethernet-default pfifo-limit=50
set wireless-default kind=sfq name=wireless-default sfq-allot=1514 sfq-perturb=5
set synchronous-default kind=red name=synchronous-default red-avg-packet=1000 red-burst=20 red-limit=60 red-max-threshold=50 red-min-threshold=10
set hotspot-default kind=sfq name=hotspot-default sfq-allot=1514 sfq-perturb=5
add kind=pcq name=hotspot-down pcq-classifier=src-address pcq-limit=50 pcq-rate=1000000 pcq-total-limit=2000
add kind=pcq name=hotspot-up pcq-classifier=dst-address pcq-limit=50 pcq-rate=256000 pcq-total-limit=2000
set default-small kind=pfifo name=default-small pfifo-limit=10
/queue tree
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=1M name=hotspot-parent-down packet-mark=hotspot-packet-down parent=global-out priority=\
    8 queue=hotspot-down
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=256k name=hotspot-parent-up packet-mark=hotspot-packet-up parent=global-in priority=8 \
    queue=hotspot-up
/queue interface
set ether12 queue=ethernet-default
set Wan queue=ethernet-default
set ether11 queue=ethernet-default
set Client queue=ethernet-default
set Hotspot queue=ethernet-default
set House queue=ethernet-default
set ether9 queue=ethernet-default
set ether10 queue=ethernet-default
set Server queue=ethernet-default
set Squid queue=ethernet-default
set ether3 queue=ethernet-default
set ether4 queue=ethernet-default
set ether5 queue=ethernet-default

/routing pim

/routing pim
set switch-to-spt=yes switch-to-spt-bytes=0 switch-to-spt-interval=1m40s
/routing pim interface
add assert-override-interval=3s assert-time=3m comment="" disabled=no dr-priority=1 hello-holdtime=1m45s hello-period=30s hello-trigerred-delay=5s igmp-version=IGMPv2 \
    interface=Server join-prune-holdtime=3m30s join-prune-period=1m override-interval=250 preferred-source-address=0.0.0.0 propagation-delay=50 protocols=pim,igmp \
    require-hello=yes tracking-support=yes
add assert-override-interval=3s assert-time=3m comment="" disabled=no dr-priority=1 hello-holdtime=1m45s hello-period=30s hello-trigerred-delay=5s igmp-version=IGMPv2 \
    interface=Client join-prune-holdtime=3m30s join-prune-period=1m override-interval=250 preferred-source-address=0.0.0.0 propagation-delay=50 protocols=pim,igmp \
    require-hello=yes tracking-support=yes
/routing pim rp
add address=192.168.66.1 comment="" disabled=no group=224.0.0.0/4 hash-mask-length=30 priority=192

/routing pim rp

/routing pim rp
add address=192.168.66.1 comment="" disabled=no group=224.0.0.0/4 hash-mask-length=30 priority=192

/routing pim mrib , i really suspecting this rule as the main problem?i cann’t remove this as generated by mikrotik.

Flags: X - disabled, I - inactive, D - dynamic 
 #   DESTINATION        GATEWAY         METRIC INTERFACE                                                                                                                    
 0 D 0.0.0.0/0          192.168.1.1     1      Wan                                                                                                                          
 1 D 192.168.1.0/24     0.0.0.0         0      Wan                                                                                                                          
 2 D 192.168.55.0/29    0.0.0.0         0      House                                                                                                                        
 3 D 192.168.66.0/30    0.0.0.0         0      Client                                                                                                                  
 4 D 192.168.77.0/30    0.0.0.0         0      Squid                                                                                                                        
 5 D 192.168.88.0/30    0.0.0.0         0      Server                                                                                                                  
 6 D 192.168.99.0/28    0.0.0.0         0      Hotspot

/routing pim mfc

GROUP           SOURCE          RP             
239.255.255.250 192.168.88.1    192.168.66.1

/routing pim join

Flags: RP - (*,*,RP), WC - (*,G), SG - (S,G), SG_rpt - (S,G,rpt) 
       GROUP           SOURCE          RP             
    WC 224.0.0.0       192.168.66.1    192.168.66.1   
    SG 239.255.255.250 0.0.0.0         192.168.66.1   
SG_rpt 239.255.255.250 192.168.88.1    192.168.66.1

    INTERFACE                                                                                                           GROUP           SOURCE          TIMEOUT             
v2E Server                                                                                                         224.0.0.2       0.0.0.0         3m17s               
v2E Server                                                                                                         224.0.0.13      0.0.0.0         3m25s               
v2E Server                                                                                                         224.0.0.22      0.0.0.0         3m26s               
v2E Server                                                                                                         239.255.255.250 0.0.0.0         3m21s

i have tried to disable the multicast package but still problem, i am really frustrated please help

Solaris · October 13, 2010, 3:42am

It seem this happened when house user and wifi user both using the internet , the ping & bandwidth drop on both user,it mean do i need to create queue tree for all of interface?
If so how to do it? i need to home user to use all available bandwidth left from the total which is unknown.

[Edit]
I’ve found more exact problem it seems prerouting mangle got somehow the packet dropped, when i disabled the prerouting and leave enable postrouting mangle,the download get shaped ,but the upload still untouched .

the mangle

add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=1M name=hotspot-down packet-mark=hotspot-packet-down parent=\
    global-out priority=8 queue=hotspot-down
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=256k name=hotspot-up packet-mark=hotspot-packet-up parent=\
    global-in priority=8 queue=hotspot-up

queue type

add kind=pcq name=hotspot-down pcq-classifier=src-address pcq-limit=50 \
    pcq-rate=1000000 pcq-total-limit=2000
add kind=pcq name=hotspot-up pcq-classifier=dst-address pcq-limit=50 \
    pcq-rate=256000 pcq-total-limit=2000

queue tree

add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=1M name=hotspot-down packet-mark=hotspot-packet-down parent=\
    global-out priority=8 queue=hotspot-down
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=256k name=hotspot-up packet-mark=hotspot-packet-up parent=\
    global-in priority=8 queue=hotspot-up

Solaris · October 13, 2010, 3:26pm

i’ve fixed this after 2 days and 2 nights didn’t sleep , here is the fix for future another newbie references :

 0   chain=prerouting action=mark-connection 
     new-connection-mark=hotspot-up-conn passthrough=no 
     src-address=192.168.99.0/28 

 1   chain=prerouting action=mark-packet new-packet-mark=hotspot-up-packet 
     passthrough=no src-address=192.168.99.0/28 
     connection-mark=hotspot-up-conn 

 2   chain=postrouting action=mark-packet new-packet-mark=hotspot-down-packet 
     passthrough=no out-interface=Hotspot

no 0 & 1 most important part, no 2 kinda hybrid in compare with 0&1 lol.

Kudos to fewi for giving the direction .