v3.25 Queue Tree not working

Dweil · June 27, 2009, 1:27pm

Just got my brand new RB450G with v3.25 installed.
Because i also got a new ADSL modem and the providers over here use PPPoA it was a bit harder to get it working.
Got halfbridge mode working on the linksys AM200 and afther i realized my stupid mistake with DHCP lease times and just 1 IP that was given out to my laptop it workend with the default setings ( Wan on ETH1 and ETH2~ETH5 in a bridge)

Then i changed the IP setup to have a 10.0.1.0/24 on the inside
removed the bridge because i have a switch connected on ETH2 and a other use for ETH3~ETH5
changed DHCP server to match (you can’t edit it from bridge to ETH2 have to remove and add it for some reason)

So on to the QOS.
added the Mangle

/ip firewall mangle
add action=mark-connection chain=forward comment="" disabled=no new-connection-mark=user passthrough=yes \
    src-address=10.0.1.0/24
add action=mark-connection chain=forward comment="" disabled=no new-connection-mark=user passthrough=yes

And when i have a look @ firewall connections that seems to be working (i see the “user” mark)

Added the PCQ type’s as described in the online manual.

/queue type add name=pcq-download kind=pcq pcq-classifier=dst-address
/queue type add name=pcq-upload kind=pcq pcq-classifier=src-address

then

/queue tree
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=10240k name=Download \
    packet-mark="" parent=ether2-local priority=8 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=queue2 packet-mark=\
    user parent=Download priority=8 queue=pcq-download

But nothing get’s in there not 1 packet
Ofcourse i tested a few combination, nothing get’s in there when i remove the child also.
and setting the parent to global-total is not getting packet’s in there also.
What am i missing here or is it just broken

btw the Simple queues are working if i add them

mrz · June 29, 2009, 10:17am

Well it looks like you are marking just connections, but queue tree needs packet marks.

Add following rule
/ip firewall mangle add connection-mark=user action=mark-packet new-packet-mark=user

Dweil · June 29, 2009, 11:33am

Thanks alot
Of course it was something really simple i just overlooked.
As soon as i can lower the temp here a bit or get used to it ill test it again.

Funny thing is i found that example somewhere but reading the manual again i see my mistake.

Dweil · June 29, 2009, 8:10pm

So the Download get’s shapped and is working fine.
but the upload does not get any packets

using http://www.mikrotik.com/testdocs/ros/3.0/qos/queue_content.php#.6.3
everything get’s marked.
and i just need a separate queue tree for the upload

/queue tree add name=Upload parent=Public max-limit=2048000
/queue tree add parent=Upload queue=pcq-upload packet-mark=users

So here is my firewall code.
As you can see i’m running a TS server and forwarding runs perfect.
And i added a few Mangle’s to mark certain packet’s (work in progress)

/ip firewall filter
add action=accept chain=input comment="Pingable\?" disabled=yes protocol=icmp
add action=accept chain=input comment=Established connection-state=established disabled=no in-interface=\
    ether1-gateway
add action=accept chain=input comment=Related connection-state=related disabled=no in-interface=ether1-gateway
add action=accept chain=input comment=Teamspeak2 disabled=no dst-port=8767 in-interface=ether1-gateway protocol=\
    udp
add action=accept chain=input comment=Teamspeak2 disabled=no dst-port=51234 in-interface=ether1-gateway \
    protocol=tcp
add action=log chain=input comment="" disabled=no in-interface=ether1-gateway log-prefix="drop all"
add action=drop chain=input comment="Drop all" disabled=no in-interface=ether1-gateway
/ip firewall mangle
add action=mark-connection chain=forward comment="" disabled=no new-connection-mark=user-con passthrough=no \
    src-address=10.0.1.0/24
add action=mark-packet chain=forward comment=TCPflag connection-mark=user-con disabled=no new-packet-mark=\
    TCPflags packet-size=0-50 passthrough=no protocol=tcp tcp-flags=ack
add action=mark-packet chain=forward comment=WWW connection-mark=user-con disabled=no new-packet-mark=port80 \
    passthrough=no protocol=tcp src-port=80
add action=mark-packet chain=forward comment=News connection-mark=user-con disabled=no new-packet-mark=News \
    passthrough=no protocol=tcp src-port=119
add action=mark-packet chain=forward comment=WoW connection-mark=user-con disabled=no new-packet-mark=WoW \
    passthrough=no protocol=tcp src-port=3724
add action=mark-packet chain=forward comment=Bulk connection-mark=user-con disabled=no new-packet-mark=Bulk \
    passthrough=no
/ip firewall nat
add action=masquerade chain=srcnat comment=NAT disabled=no out-interface=ether1-gateway
add action=dst-nat chain=dstnat comment=Teamspeak2 disabled=no dst-port=8767 in-interface=ether1-gateway \
    protocol=udp to-addresses=10.0.1.151 to-ports=8767
add action=dst-nat chain=dstnat comment=Teamspeak2 disabled=no dst-port=51234 in-interface=ether1-gateway \
    protocol=tcp to-addresses=10.0.1.151 to-ports=51234

My que’s
Again the download shaping is doing it’s job and i’m seeing packet go in there and get shaped.
But the Upload is not getting any packet.

/queue type
set default kind=pfifo name=default pfifo-limit=50
set ethernet-default kind=pfifo name=ethernet-default pfifo-limit=50
set wireless-default kind=sfq name=wireless-default sfq-allot=1514 sfq-perturb=5
set synchronous-default kind=red name=synchronous-default red-avg-packet=1000 red-burst=20 red-limit=60 \
    red-max-threshold=50 red-min-threshold=10
set hotspot-default kind=sfq name=hotspot-default sfq-allot=1514 sfq-perturb=5
add kind=pcq name=pcq-download pcq-classifier=dst-address pcq-limit=50 pcq-rate=0 pcq-total-limit=2000
add kind=pcq name=pcq-upload pcq-classifier=src-address pcq-limit=50 pcq-rate=0 pcq-total-limit=2000
set default-small kind=pfifo name=default-small pfifo-limit=80
/queue simple
add burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s comment="" direction=both disabled=yes dst-address=\
    0.0.0.0/0 interface=ether2-local limit-at=128k/2M max-limit=1M/10M name=queue1 parent=none priority=8 queue=\
    ethernet-default/pcq-download target-addresses=10.0.1.151/32 time=0s-1d,sun,mon,tue,wed,thu,fri,sat \
    total-queue=default-small
add burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s comment="" direction=both disabled=yes dst-address=\
    0.0.0.0/0 interface=ether2-local limit-at=1M/0 max-limit=1M/12M name=queue2 parent=none priority=7 queue=\
    ethernet-default/pcq-download target-addresses=10.0.1.25/32 total-queue=default-small
/queue tree
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=11750k name=Download \
    packet-mark="" parent=ether2-local priority=8 queue=pcq-download
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=500k max-limit=5M name=Bulk packet-mark=\
    Bulk parent=Download priority=8 queue=pcq-download
add burst-limit=0 burst-threshold=0 burst-time=2s disabled=no limit-at=0 max-limit=50k name=TCPflags-down \
    packet-mark=TCPflags parent=ether2-local priority=5 queue=default-small
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=5M max-limit=10240k name=News \
    packet-mark=News parent=Download priority=8 queue=ethernet-default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=500k max-limit=10240k name=WWW \
    packet-mark=port80 parent=Download priority=7 queue=pcq-download
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=50k name=WoW-down \
    packet-mark=WoW parent=ether2-local priority=6 queue=ethernet-default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=1M name=upload packet-mark="" \
    parent=ether1-gateway priority=8 queue=pcq-upload
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=50k name=WoW-up packet-mark=\
    WoW parent=ether1-gateway priority=6 queue=ethernet-default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=20k name=TCPflags-up \
    packet-mark=TCPflags parent=ether1-gateway priority=5 queue=default-small
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=500k max-limit=1M name=News-up \
    packet-mark=News parent=upload priority=8 queue=pcq-upload
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=500k max-limit=800k name=WWW-up \
    packet-mark=port80 parent=upload priority=7 queue=pcq-download
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=500k max-limit=800k name=Bulk-up \
    packet-mark=Bulk parent=upload priority=8 queue=pcq-upload

hmm seeing that i forgot to get a test line out (aka swich it back)

add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=500k max-limit=800k name=WWW-up
packet-mark=port80 parent=upload priority=7 queue=pcq-download

should be pcq-upload.
also try’d with upload mangle marks on the eth1 interface but no luck there yet.

Dweil · June 30, 2009, 1:21pm

Found a way that it works. but it’s not as is the documentation.

first i need to change my mangle marks in to be diferent for incoming and outgoing.
and i need to attach them to an interface .

add action=mark-packet chain=forward comment=Bulk connection-mark=user-con disabled=no in-interface=ether2-local \
    new-packet-mark=Bulk passthrough=no
add action=mark-packet chain=forward comment=Bulk connection-mark=user-con disabled=no in-interface=\
    ether1-gateway new-packet-mark=Bulkout passthrough=no

this was the quick and dirty test but now my outgoing packets are marked diffident and i can pick them up in the queue tree’s to shape them.
have to test if PCQ is doing it’s job also.

So now the Big Question is the documentation outdated or is something working different that it should work.

BTW mrz gratz on the 1337 post on Tue Jun 30, 2009 12:17 pm

mrz · June 30, 2009, 1:27pm

Yes, of course if you want separate limitations for upload and download, you also have to mark upload and download packets separately in mangle.
There are many traffic shaping examples in wiki that you can learn from:
http://wiki.mikrotik.com/wiki/Bandwidth_Managment_and_Queues

Dweil · June 30, 2009, 1:36pm

shall have a look at them.
but http://www.mikrotik.com/testdocs/ros/3.0/qos/queue_content.php#.6.3 the example is not working.
it’s a 10/2 connection but only the download whil get shaped and not the upload.

to explain the problem i was having better.
the src-address and dst-address from the different PCQ queue type’s seems not te be working.
packets going out are handled by the Queue tree that should only handle the incoming packets.
if you look at the config i posted above you see that my queue tree parent (Download) has the Queue type (PCQ-Download) and that should only shape the dst-address packets (destination the 10.0.1.0/24)
but it was also shaping the packets with src 10.0.10/24 and my 1Mb/s upload got a bit lost in there as it got shaped with the value’s of the 12Mb’s download