Seeing BGP/OSPF Traffic in Queue Tree

RouterOS General
1

I’m tagging BGP/OSPF traffic in the firewall with mangle rules. I show the counters increasing on the mangle rules showing the traffic is tagged. However, in queue tree, I’m looking for the tagged packets, but getting nothing.

Mangle Rules

/ip firewall mangle
add action=mark-connection chain=prerouting comment=“Prioritize BGP”
disabled=no dst-port=179 new-connection-mark=bgp_conn passthrough=yes
protocol=tcp
add action=mark-connection chain=prerouting disabled=no new-connection-mark=
bgp_conn passthrough=yes protocol=tcp src-port=179
add action=mark-packet chain=prerouting comment=“Prioritize OSPF” disabled=no
new-packet-mark=bgp passthrough=no protocol=ospf
add action=mark-packet chain=prerouting comment=“Prioritize BGP Packet”
connection-mark=bgp_conn disabled=no new-packet-mark=bgp passthrough=no

Queue Tree

/queue tree
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=25M
max-limit=25M name=all_out packet-mark=“” parent=ether2 priority=8
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
max-limit=0 name=bgp_out packet-mark=bgp parent=all_out priority=1 queue=
default

Any idea why the counters in the queue tree aren’t showing any packets passing through them?

2

Did you find any solution to this?

I have the same problem.

I am trying to give priority to BGP and BFD so when the uplink is congested BFD won’t drop the BGP peer.

While mangle rules count the matched packets for both BGP and BFD, the queues do not match any packets.

3

Which counters in the queue tree? Does all_out show any packets matched? Showing us the results of

 
 /queue tree print packets

may help us understand what you mean exactly.

Do you see connections in /ip firewall connections with the bgp_conn connection mark?

Are there other mangle rules or queue tree entries which you didn’t show to simplify the question? If so, they could be causing issues.

Shouldn’t you also have a queue tree entry for packet-mark=!bgp so that you can limit non-bgp traffic at 24M thereby reserving enough room for your BGP packets to get through without too much latency? It will also tell you if you have packets being matched which do not have the bgp packet-mark because there should be counters incrementing on that one.

For priorities to work, I think they have to be at the same branch level of the tree. Without more entries under all_out, there is nothing to prioritize/de-prioritize vs anything else.

4

In my case it was just bad configuration on my part. Queuing for BGP/BFD works perfectly fine.
Also those packets are generated with DSCP(TOS) 48 by defalult, so they are easily mark-able :slight_smile: