I have bought old RB532 router with RouterOS 3.20 for our LAN. Routing, NAT and firewall configuration was not to difficult, but when I try to configure queues, seem that I burned up my brains.
I need somthing like this:
Can I use only simple queues or I need to setup tree queues ?
What should I specify in the option ‘parent’ in tree queues (if I want not to shape traffic between ‘wired’ and ‘wireless’) ?
Do I need to use ‘pcq’ queue type for ‘fair’ queueing ? Do I need separate pcq-queues for upload and download stream ? What should I specify in pcq-classifier (NAT is working) ? Can anyone help me to configure queues for above case?
I don’t fully understand queuing, so I am sorry if some of the questions are really stupid, but there are too little information about that on Mikrotik Wiki.
Queues and QoS are probably one of the hardest things to understand and get working in any environment. It’s a very complex subject and will require lots of playing around on your part to learn and set them up.
I would recommend starting with this: http://wiki.mikrotik.com/wiki/Manual:Connection_Rate
It will get you a very basic QoS scheme set up where you can see how marking connections and marking packets works, that you can build on. Get this working first before doing much else.
Yes you are more than likely going to want to use Queue trees, they are a lot more flexible then simple queues and give you a lot more options. As to what kind of queue you want, it’s up to you. I use pfifo because I have hotspots running that apply per-user rate limits based off of their profiles. If you want a more fair system, then PCQ queue type works well. http://wiki.mikrotik.com/wiki/Manual:Queues_-_PCQ http://wiki.mikrotik.com/wiki/Manual:Queues_-_PCQ_Examples
Depending on how you are handling your load balancing, you have a couple of choices to mark packets.
1.) If you are marking connections and then marking for routing based off of those connections, then you need to mark packets directly and be sure you have rules to catch both sides of the connection.
2.) If you are marking for routing directly, then you can use connection marks to catch both sides of the connection for your packet marks.
This is because a packet can only have 1 routing mark, 1 connection mark, and 1 packet mark. Overwriting connection marks breaks things.
You can use the global-x interfaces for your upload and download parents, but I prefer to use the physical interface. the WAN interface(s) are your upload queues, and your LAN interface(s) is your download. I find it much easier to keep track of what each interface does.
What I should specify in pcq-classifier for in and out queues? If I specify dst-address for queue for ‘in’ traffic - will it work ?
Classification will be performed before or after NAT ? Because if it will be classified before NAT - it will be useless 'cos it will have one dst address for all packets.
I have a little problem here. I have two LAN interfaces and different subnets for it and don’t want to make a bridge between LAN and WIFI. When I am using global-x queue for parent - is traffic between LAN and WIFI also will be shaped ? I know that I can mark only these packets that going to/from internet, but then I have to specify twice as many mangle rules. And when I am specifying LAN/WIFI interfaces as parents - do I need separate queues for them ? And how it will work together ?
Look at the packet flow diagram to determine the best place to put queues and mark packets based on your setup: http://wiki.mikrotik.com/wiki/Packet_Flow#Diagram
This is where it is very easy to get confused about QoS and marking packets and what is best to do where. It all comes down to your needs and setup. There was a presentation by fewi at the USA MUM with using PCQ with hotspots. It might help you with your setup. http://mum.mikrotik.com/presentations/US10/FelixWindt.pdf
Classification will be performed before or after NAT ? Because if it will be classified before NAT - it will be useless 'cos it will have one dst address for all packets.
Src-nat doesn’t happen until after global-out, what this means is that the router sees the correct src-address all the way until the middle of postrouting, once it reaches the interface, src-nat has happened, so the router is no longer able to tell where a packet came from (in the case of an Upload packet)
On the other hand, dst-nat is one of the very first things to happen to a packet after it has been received on an interface. This means the router knows the correct dst-address of a packet before any queues you have can apply to it.
The main thing to remember when dealing with queues: The router cannot control or apply queues to traffic it is receiving, it can only control the traffic that it sends out. Keep that in mind at all times when deciding where to place your queues.
