Should this topic be moved to Useful user articles forum?
I would like to rewrite it, make it a little easier to follow.
isn’t it enough to just mark it once? once a packet is read, it will be marked with connection mark, connection mark works both ways upload and download in which case you can mark the packet and be used in queue tree.
is my understanding correct?
Your understanding is correct in terms that the rule translating connection-mark into packet-mark may be there only once (as the last one after the two assigning the connection-mark). Regarding the need for two rules assigning the connection-mark, it is a more complex question.
One approach would be to have only one such rule (for src- or dst-address) and say that if a single packet in the “wrong” direction doesn’t get connection-marked, it causes no harm as the first subsequent packet in the opposite direction will fix this. The other approach, however, is to save CPU by having the connection-mark → packet-mark translation rule before the connection-marking rules so that these rules would only handle packets belonging to not yet marked connections. And this is usually combined with allowing these rules to handle only the initial packet of each connection (connection-state=new), so then you need to use both rules because you don’t know in advance which RTP packet will be the first one in a given call.
And of course, the translation rules have to be doubled in the latter case - the first one handles packets belonging to already marked connections early in the chain, and the other one has to be there to handle the translation for the initial packets after the connection-mark has been just assigned.
Thanks for the detailed explanation!
I am also writing here because I have not found a solution.
Has anyone managed to give priority to VoIP, and to work with no problem, with full load on the line?
My problem is this.
Someday, I hope to do another write up on this subject, when I get time. I had hoped that one would not need to be an expert to get this correct, but as of 2019, it still does. However, I think a better article would help.
From the moment that audio transmits from your equipment, until it gets back, there must not be greater than a 150ms interruption (or thereabout) otherwise you will notice the delay. Now, think about everything that an audio packet has to go through to make that happen. When you understand that, you’ll have solved your VoIP issue.
The permanent fix, a separate Internet service line. Can’t do that? Then fast hardware performing QoS where VoIP packets get the best treatment when bad things happen (and they will).
I have a CRS109-8G.
I can not believe that my provider’s simple modem/router equipment work perfect with VoIP packets and full load
and the MT have problem.
My question is…
- Have i somewhere wrong in mangles, tree or queue types?
- Is MT hw low specifications and can’t process the load?
- Is ROS bug?
With ubiquity the result is much perfect.
I would not use the CRS109 for QoS tasks. Too under powered in my opinion. However, there are many variables.
I don’t believe that the problem is the hw specifications of CRC.
My ISPs equipment cost ~20-50e and work perfect with traffic (VoIP and dw).
version 3, running smooth
How does this test compared to what you’re doing?
/queue tree
# DOWN
add name=DOWN max-limit=90M parent=BR_LAN queue=default
add name="1. VOIP" packet-mark=VOIP parent=DOWN priority=1 queue=default
add name="2. DNS" packet-mark=DNS parent=DOWN priority=2 queue=default
add name="3. ACK" packet-mark=ACK parent=DOWN priority=3 queue=default
add name="4. UDP" packet-mark=UDP parent=DOWN priority=3 queue=default
add name="5. ICMP" packet-mark=ICMP parent=DOWN priority=4 queue=default
add name="6. HTTP" packet-mark=HTTP parent=DOWN priority=5 queue=default
add name="7. HTTP_BIG" packet-mark=HTTP_BIG parent=DOWN priority=6 queue=default
add name="8. QUIC" packet-mark=QUIC parent=DOWN priority=7 queue=default
add name="9. OTHER" packet-mark=OTHER parent=DOWN priority=8 queue=default
# UP
add name=UP max-limit=90M parent=ether1 queue=default
add name="1. VOIP_" packet-mark=VOIP parent=UP priority=1 queue=default
add name="2. DNS_" packet-mark=DNS parent=UP priority=2 queue=default
add name="3. ACK_" packet-mark=ACK parent=UP priority=3 queue=default
add name="4. UDP_" packet-mark=UDP parent=UP priority=3 queue=default
add name="5. ICMP_" packet-mark=ICMP parent=UP priority=4 queue=default
add name="6. HTTP_" packet-mark=HTTP parent=UP priority=5 queue=default
add name="7. HTTP_BIG_" packet-mark=HTTP_BIG parent=UP priority=6 queue=default
add name="8. QUIC_" packet-mark=QUIC parent=UP priority=7 queue=default
add name="9. OTHER_" packet-mark=OTHER parent=UP priority=8 queue=default
I have a question to ask the admins (how do we private message you and talk about the forums)? I am planning on rewriting this article. What is the best course of action to maintain the link (which is pinned and also maybe linked elsewhere)? I would like for all posts to be deleted except for the first six ones (I’m going to go back and edit my own). Is there a better recommendation?
I would hope the admins give you another thread to start that only you can edit.
Folks could use your original thread to comment and keep the conversation going leaving your new thread as the more polished pre-wiki draft to tweak.
How to add some TCP ports and prioritize them as VOIP? can I simply do this and it will be enough?:
/ip firewall mangle
add chain=prerouting action=mark-connection new-connection-mark=VOIP port=4244,5222,5223,5228,5242,50318,59234,1119,3724,6113 protocol=tcp passthrough=yes comment="VOIP"
Thank you!
Please study the example more closely. VoIP packets on your network will not be the same as others. Using Mangle, you will choose what you need to mark. It could be via IP Address, standard SIP or RTP ports, or other metrics unique to your environment.
Hi Everybody,
I have the following scenario (only for testing the limiter, this is not a production environment):
PC->CCR eth3 (vlan id: 2205 untagged)
CCR eth2->RB600eth3 (2205, 2206, 2207 vlans configured, all traffic are tagged)
RB600 eth2->Server (vlan id: 2205 untagged).
On th CCR I have a bridge containing 2 ports, with VLAN filtering enabled. I have 3 VLANs on it (2205, 2206, 2207), all traffic are tagged on eth2 interface, on the eth3 interface the 2205 vlan is untagged, pvid set to 2205. I connected my test pc to eth3.
On the RB600 I the the same situation (I would like to simulate a trunk between the 2 MTs). I connected a server pc to the RB600.
I can ping the server, I can download files from it, the network works as expected.
I would like to make a traffice shaping/priorization based on VLAN-s.
On the CCR, at the bridge configuration I checked the “use IP firewall” and the “user IP firewall for VLAN” checkboxes.
I created a bridge filter rule: chain: forward, MAC-protocol-num=8100 (vlan). On Advanced tab I filled the VLAN ID, on the action tab: mark packet with mark “office-traffic”
After that, I created a queue (in queue tree), set the packet mark to “office-traffic”, and made a bandwith limit to 10mbit/sec.
My problem is, that if I make a download from the server, the bandwidth limit is not applied. If I remove the vlan ID from the rule, and set the MAC-protocol back to “ip”, the limiter works as expected.
If I set the VLAN tag, in the queue I can see only a ~700kbit/sec traffic. If I remove the vlan filter from the rule, the queue shows 10mbit/sec traffic.
What doing I wrong? It seems to me, that the MAC-protocol =vlan not capturing all the packets… Is it possible?
Hi Everybody,
I setup queue tree like this :
/queue tree
# DOWN
add name=DOWN max-limit=9M parent=LAN queue=default
add name="1. Gaming" packet-mark=Gaming parent=DOWN priority=1 queue=default
add name="2. DNS" packet-mark=DNS parent=DOWN priority=2 queue=default
add name="3. ACK" packet-mark=ACK parent=DOWN priority=3 queue=default
add name="4. UDP" packet-mark=UDP parent=DOWN priority=3 queue=default
add name="5. ICMP" packet-mark=ICMP parent=DOWN priority=4 queue=default
add name="6. HTTP" packet-mark=HTTP parent=DOWN priority=5 queue=default
add name="7. HTTP_BIG" packet-mark=HTTP_BIG parent=DOWN priority=6 queue=default
add name="8. QUIC" packet-mark=QUIC parent=DOWN priority=7 queue=default
add name="9. OTHER" packet-mark=OTHER parent=DOWN priority=8 queue=default
# UP
add name=UP max-limit=540k parent=WAN queue=default
add name="1. Gaming_" packet-mark=Gaming parent=UP priority=1 queue=default
add name="2. DNS_" packet-mark=DNS parent=UP priority=2 queue=default
add name="3. ACK_" packet-mark=ACK parent=UP priority=3 queue=default
add name="4. UDP_" packet-mark=UDP parent=UP priority=3 queue=default
add name="5. ICMP_" packet-mark=ICMP parent=UP priority=4 queue=default
add name="6. HTTP_" packet-mark=HTTP parent=UP priority=5 queue=default
add name="7. HTTP_BIG_" packet-mark=HTTP_BIG parent=UP priority=6 queue=default
add name="8. QUIC_" packet-mark=QUIC parent=UP priority=7 queue=default
add name="9. OTHER_" packet-mark=OTHER parent=UP priority=8 queue=default
I only mark two things, one is Apex Legends and 2nd is everything else.
Apex Legends is correctly marked and it’s go to gaming queue, everything else go to OTHER queue.
But still when i hit speed test (https://www.speedtest.net/), when upload start, apex will lost connection.
How is this possible that priority=8 overcomes priority=1?
Another thing which I don’t understand is if I setup :
#DOWN
add name=DOWN max-limit=1M parent=LAN queue=default
UP
add name=UP max-limit=100k parent=WAN queue=default
I will still get :
Download Mbps 9.68
Upload Mbps 0.56
How is this possible?
Please help!
You need to use ‘limit-at’ to guarantee bandwidth instead of ‘max-limit’ try that and see if you get different results.
You can not use Fast Track and Queues Tree together.