Shaping /Qos Policy

StephenS · December 1, 2024, 3:41am

H All,

At our main site, we have a 500 Mbps link to our ISP. An issue arises when our on-prem server runs a backup sync to the cloud, which saturates the link. This leads to the ISP policing our traffic and dropping packets. These dropped packets affect call quality for other sites using the CUCM servers hosted at the main site.

I’ve proposed a plan involving traffic marking and queuing to manage this, but I’m looking for any suggestions for improvement or potential issues.

Variables:

192.168.0.1 (CUCM Publisher)
192.168.0.2 (CUCM Subscriber)
192.168.10.1 (Benetas cloud Server)
192.168.20.1 (On-Prem server)
Wan interface: ether1
Model: RB3011UiAS, Version: 6.47.10

Stage 1: Mark packets
VOIP:

 /ip firewall mangle
    add chain=forward src-address=192.168.0.1 action=mark-packet new-packet-mark=CUCM-Publisher passthrough=yes
    add chain=forward dst-address=192.168.0.1 action=mark-packet new-packet-mark=CUCM-Publisher passthrough=yes
    add chain=forward src-address=192.168.0.2 action=mark-packet new-packet-mark=CUCM-Subscriber passthrough=yes
    add chain=forward dst-address=192.168.0.2 action=mark-packet new-packet-mark=CUCM-Subscriber passthrough=yes

Backup traffic:

/ip firewall mangle
    add chain=forward src-address=192.168.10.1  dst-address=192.168.20.1 action=mark-packet \
        new-packet-mark=backup-sync-traffic passthrough=yes
    add chain=forward src-address=192.168.20.1 dst-address=192.168.10.1  action=mark-packet \
        new-packet-mark=backup-sync-traffic passthrough=yes

Stage 2: General shaper

 
 /queue tree
        add name="WAN-Shaper" parent=ether1 packet-mark=no-mark max-limit=480M \
            limit-at=480M burst-limit=480M burst-threshold=460M burst-time=20s \
            bucket-size=0.005 priority=1

Stage 3: Other shapers

VOIP

/queue tree
        add name="CUCM-Publisher" parent=WAN-Shaper packet-mark=CUCM-Publisher \
            max-limit=20M limit-at=10M priority=1 
        add name="CUCM-Subscriber" parent=WAN-Shaper packet-mark=CUCM-Subscriber \
            max-limit=20M limit-at=10M priority=1

Backup:

/queue tree
        add name="Backup-Server-Limit" parent=WAN-Shaper packet-mark=backup-sync-traffic \
            max-limit=100M limit-at=50M burst-limit=100M burst-threshold=90M \
            burst-time=15s  priority=8

Thanks in advance for any assistance

rplant · December 1, 2024, 5:35am

As a start, I would be inclined to just put a single cake queue attached to the WAN interface, to see how well (or not) it works.
(With no packet marking for shaping)

Set it up for 500M, and a bucket size of 0.005-0.01, (or your settings) and see how it goes.
You will need to create a new queue type using the cake base type, with near default settings.

You will need it to match on packet-mark=no-mark, and any other packet marks you might currently use if any.

You should not need to disable fast path processing (if enabled) with this setup.

Cake seems be fairly clever at managing traffic.

StephenS · December 1, 2024, 7:25am

Thanks for your reply @rplant

I just had a look at the CAKE documentation here (i hadnt heard or configured it before), it looks like the feature is only available in version 7?

The following queue kinds CoDel, FQ-Codel, and > CAKE > available since RouterOS version 7.1beta3.

rplant · December 2, 2024, 12:17am

Sorry, I should read things a bit more thoroughly.

Unfortunately, the 3011 seems to not be great under v7.

Perhaps what you have will be good.

Though I do not understand why you have a limit of 100M on the backup traffic.

You will likely need to add all the packet marks to the parent (WAN-Shaper) so it gets them all.

Presumably there is also a bunch of other traffic which you could also put below the parent queue.
(Probably with queue matching no-mark, and perhaps priority 2 )

rplant · December 2, 2024, 2:26am

One other thought,
(Somewhat more like my original thought)

You could perhaps make a new pcq type queue, based on pcq-upload-default, but with a 24 mask.
(So everything from 10.0.1.x will be counted together)

Then back to no marking, and fast track allowed.
The low rate lans will be prioritised over the high rate (busy) lan.

StephenS · December 4, 2024, 8:32am

100M was just an arbitrary number that i was going to play around with.

Also i was a little confused by

you could perhaps make a new pcq type queue, based on pcq-upload-default, but with a 24 mask.
(So everything from 10.0.1.x will be counted together)

Then back to no marking, and fast track allowed.
The low rate lans will be prioritised over the high rate (busy) lan.

Would it be something like this?
QUEUE TYPE:

/queue type add name=PCQ-Upload-24 kind=pcq pcq-classifier=dst-address pcq-rate=10M pcq-total-limit=500000
/queue type add name=PCQ-Download-24 kind=pcq pcq-classifier=src-address pcq-rate=10M pcq-total-limit=500000

QUEUE TREE:

/queue tree add name=Upload parent=global queue=PCQ-Upload-24 max-limit=500M packet-mark=no-mark
/queue tree add name=Download parent=global queue=PCQ-Download-24 max-limit=500M packet-mark=no-mark

Then play around with the pcq-rate?

rplant · December 6, 2024, 3:55am

I was thinking of something like.

/queue type
add kind=pcq name=pcq-upload-24 pcq-classifier=src-address pcq-dst-address-mask=24 pcq-src-address-mask=24

It just groups each /24 lan subnet together so the large upload machines get lumped together.
On testing, you may find the pcq-upload-default works better for you.

At this stage I would perhaps not attempt putting QOS on downloads as well, I doubt if you will have much spare cpu, 500M is quite quick.
(But I could easily be wrong)

StephenS · December 9, 2024, 9:35am

Thanks @rplant

I will try that and see how it goes. Thanks again!