queue tree works on rb433 but not rb1000?

hi there, i have several rb433 units running as a pppoe server at wireless sites. i also have them marking and prioritising traffic via the queue tree’s. i have an RB1000 ive configured exactly the same, but it does not appear to be prioritising traffic. i have a screen shot of both units. the top one is the rb433 that queues traffic properly, the bottom is the rb1000 with no packets queueing. the packet marks are logging properly on the rb1000. so they are getting marked, just not queued.

i have been very careful to ensure that all settings are 100% exactly the same as the rb433. i cant think of any reason why it isnt working. an un-documented bug?

using router os v3.30 on both units.

do firewall rules count packets?

Config is not possible to be EXACTLY equal because rb433 has wireless interfaces and rb1000 not.

If the count packet in firewall mangle of the rb1000 is zero when you try to mark the connections then you may adjust this to catch better your packets. If they not matched (and marked) then pcq trees doens’t work at all.

well, apparently it’s not exactly equal if it doesn’t work post more config

well here are the mangle rules for the packet marks for the rb1000:


/ip firewall mangle
add action=mark-connection chain=prerouting comment=http_conn disabled=no
dst-port=80 new-connection-mark=http_conn passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting comment=“” disabled=no
new-packet-mark=http_conn packet-mark=http_conn passthrough=no
add action=mark-connection chain=prerouting comment=smpt_conn disabled=no
dst-port=25 new-connection-mark=smtp_conn passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting comment=“” disabled=no
new-packet-mark=smtp_conn packet-mark=smtp_conn passthrough=no
add action=mark-connection chain=prerouting comment=pop_conn disabled=no
dst-port=110 new-connection-mark=pop_conn passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting comment=“” disabled=no
new-packet-mark=pop_conn packet-mark=pop_conn passthrough=no
add action=mark-connection chain=prerouting comment=p2p_conn disabled=no
new-connection-mark=p2p_conn p2p=all-p2p passthrough=yes
add action=mark-packet chain=prerouting comment=“” disabled=no
new-packet-mark=p2p_conn packet-mark=p2p_conn passthrough=no
add action=mark-connection chain=prerouting comment=other_conn disabled=no
new-connection-mark=other_conn passthrough=yes
add action=mark-packet chain=prerouting comment=“” disabled=no
new-packet-mark=other_conn packet-mark=other_conn passthrough=no
add action=mark-connection chain=prerouting comment=sip_conn connection-type=
sip disabled=no new-connection-mark=sip_conn passthrough=yes
add action=mark-packet chain=prerouting comment=“” disabled=no
new-packet-mark=sip_conn packet-mark=sip_conn passthrough=no



and for the rb433:


/ip firewall mangle
add action=mark-connection chain=prerouting comment=“http mark” disabled=no
dst-port=80 new-connection-mark=http_conn passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting comment=“” connection-mark=http_conn
disabled=no new-packet-mark=http_conn passthrough=no
add action=mark-connection chain=prerouting comment=“p2p mark” disabled=no
new-connection-mark=p2p_conn p2p=all-p2p passthrough=yes
add action=mark-packet chain=prerouting comment=“” connection-mark=p2p_conn
disabled=no new-packet-mark=p2p_conn passthrough=no
add action=mark-connection chain=prerouting comment=“smtp mark” disabled=no
dst-port=25 new-connection-mark=smtp_conn passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting comment=“” connection-mark=smtp_conn
disabled=no new-packet-mark=smtp_conn passthrough=no
add action=mark-connection chain=prerouting comment=“pop mark” disabled=no
dst-port=110 new-connection-mark=pop_conn passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting comment=“” connection-mark=pop_conn
disabled=no new-packet-mark=pop_conn passthrough=no
add action=mark-connection chain=prerouting comment=“other connections”
disabled=no new-connection-mark=other_conn passthrough=yes
add action=mark-packet chain=prerouting comment=“” connection-mark=other_conn
disabled=no new-packet-mark=other_conn passthrough=no
add action=mark-connection chain=prerouting comment=“sip mark”
connection-type=sip disabled=no new-connection-mark=sip_conn passthrough=
yes
add action=mark-packet chain=prerouting comment=“” disabled=no
new-packet-mark=sip_conn packet-mark=sip_conn passthrough=yes

and the queue tree’s for the rb1000

add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=sip packet-mark=
sip_conn parent=global-total priority=1 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=http packet-mark=
http_conn parent=global-total priority=2 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=pop packet-mark=
pop_conn parent=global-total priority=3 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=smtp packet-mark=
smtp_conn parent=global-total priority=4 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=other packet-mark=
other_conn parent=global-total priority=5 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=p2p packet-mark=
p2p_conn parent=global-total priority=8 queue=default

for the rb433:

add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=http packet-mark=
http_conn parent=global-total priority=2 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=pop packet-mark=
pop_conn parent=global-total priority=3 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=smtp packet-mark=
smtp_conn parent=global-total priority=4 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=other
packet-mark=other_conn parent=global-total priority=5 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=p2p packet-mark=
p2p_conn parent=global-total priority=8 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=sip packet-mark=
sip_conn parent=global-total priority=1 queue=default

what im seeing on the rb1000 is in the queue area the pppoe connection has it’s own simple queue that is activating, but the queue tree is being ignored. which is not occuring on the 433, it is behaving like i want it to.

here is the rb1000 marking packets properly if the mangle logs are correct

Those are different rule sets, and the RB1000 ruleset is off what you want it to do because you’re not actually marking any packets. Just compare the first two lines:

/ip firewall mangle
add action=mark-connection chain=prerouting comment=http_conn disabled=no dst-port=80 new-connection-mark=http_conn passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting comment=“” disabled=no new-packet-mark=http_conn packet-mark=http_conn passthrough=no

You can’t add a new packet-mark to a packet based on a packet-mark filter if it doesn’t yet have a packet-mark, but a connection-mark that you introduced in the line just before.
The RB433 is set up correctly to set the packet-mark based on the connection-mark:

/ip firewall mangle
add action=mark-connection chain=prerouting comment=“http mark” disabled=no dst-port=80 new-connection-mark=http_conn passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting comment=“” connection-mark=http_conn disabled=no new-packet-mark=http_conn passthrough=no

Rewrite your rules on the RB1000 to actually match the RB433 and it should work fine.

holy crap you are right. dont know why i didnt spot that before, serves me right for trying to copy from the gui to another gui.


from now on im just copying and pasting command line exports…


who’s running this trailer park anyways?

thanks again guys.

confermed working.


you guys are awsome, im not wourthy.