VLAN prioritization

RouterOS Beginner Basics
1

Hi all,

using MikroTik RB2011UAS , I am looking for an effective way to make priority for my VoIP phones in separate VLAN.
The configuration is WAN - (eth1) Mikrotik (eth2) -Cisco switch - IP phone.
I created vlan on local bridge interfaces and IP addresses are assigned appropriately from VLAN DHCP pool through cisco switch.
So, now the question is how to increase the priority of the packets from/to this VLAN through Mikrtoik.

Thanks for sharing of your experiences and ideas in advance.

2

Is there a PBX LAN side or are the phones connected to hosted PBX?

3

Now, the phones are connected to the external VOIP provider.

The local LAN PBX is considered for the future..

In fact, both options are interested..:slight_smile:

Thanks for help…

4

I’m new and learning all this myself. I believe this is the correct approach.

Connect phones to a managed switch. If the switch has a “Voice LAN” option use that as it will automatically place them in their own VLAN (based on the MAC prefix) and do the Qos for you. It will also tagged the packets. Our Snom phones have an option to tag themselves, however.

Note that total segmentation of the phones and PC is not totally necessary if the phones are behind the firewall in the LAN. The VLAN’s purpose is to control switch traffic, not implement security. Think of both separately.

Implement Qos in the router by assigning the SIP ports (usually 5060 outgoing) and RTP Port ranges (10000-20000 incoming udp check with your provider, however) to a High priority queue. Assign all other traffic (80 http , 110 pop, http etc) to a lesser queue. The way you’ll shape this traffic, however, is by specifying the max uplink and downlink speeds you purchased to be slightly less than what you test at. Slightly less than what you actually have. Say you’re paying for 15 down and 5 up. Set the traffic shaper to 14.5 down and 4.5 up to ensure your router takes complete control of the traffic. If your ISP is not consistent, then your voice service quality won’t be either.

5

Thanks for advice.
Do you think that there is any possibility to link the packet priority with the traffic to/from VLAN?
Regards…

6

You mean have the router responded differently based on what comes from a certain VLAN? I don’t know how. But it seems conceivable that the router could prioritize VLAN2 over anything else. However, it might make more sense to prioritize a subnet above others … same thing really.

7

you can use, set priority on action of mangle firewall rules / bridge firewall rules

M.

8

Yes, it is exactly what I meant - increase the priority for packets going from specific VLAN to WAN and from WAN to VLAN (or subnet as the VLAN has a specific IP range).
My question is about how to do it exactly in the most efficient way - it means how the set-up will looks like? And where is the most appropriate way? VLAN are created under the Local bridge interface… Should it be really under the bridge filter and how? Or under the Queue?
Thanks to all for help…

9

First of all, work on one thing at a time. You will be Qos’ing VoIP traffic in two different ways. LAN to LAN and then LAN to WAN and back. Those are two different Qos settings you have to implement. If your network is really small (5 computers) you probably don’t need to Qos LAN to LAN.

Now, how you go about Qos’ing LAN to LAN depends on the switch you have. A HP V1910-16G can do this for you.

If you’re trying to do LAN to LAN on your MikroTik’s free ports (not 1 or 2, the others) as “switch” ports (and you should probably do this only on models with a real switch chip, otherwise it uses the CPU) then yes, from the bridge interface setup your VLAN. Then go into Queue and shape them.

When you’re ready to do LAN to WAN and back you go to the Queue section in MikroTik’s GUI and tell it that “these ports, or IP’s, or VLAN’s, or IP Addresses” are high priority. Sadly, I’m learning and don’t know how yet.

10

Thank you for the direction. I am also still learning …:slight_smile:

My General topology is
WAN - (eth1) Mikrotik (eth2) -Cisco switch - IP phones (VOICE VLAN 100) & NAS+Computers (Default VLAN)

Within the LAN to LAN - it is manage by CISCO switch with defined QoS (5) for VOICE VLAN 100. The port of the switch connected to the router is Trunk and manage the tagging of the packets from VOICE VLAN 100.
I also created VOICE VLAN 100 within MIkrotik Local bridge in order to assign appropriate IPs per VLAN from Mikrotik DHCPs.

/interface vlan
add arp=enabled disabled=no interface=bridge-local l2mtu=1594 mtu=1500 name=“Voice vlan100” use-service-tag=no vlan-id=100

/ip pool
add name=“pool-Voice vlan100” ranges=192.168.100.10-192.168.100.20

/ip dhcp-server
vlan100" authoritative=after-2sec-delay bootp-support=static disabled=no interface=“Voice vlan100” lease-time=3d
name=“dhcp-Voice vlan100”

In order to maintain the priority within the Mikrotik bridge I tried following rules, but definitely not sure if it is correct
/interface bridge filter
add action=set-priority chain=input disabled=no mac-protocol=vlan new-priority=5 passthrough=no vlan-id=100
add action=set-priority chain=output disabled=no mac-protocol=vlan new-priority=5 passthrough=no vlan-id=100
add action=set-priority chain=forward disabled=no mac-protocol=vlan new-priority=from-ingress passthrough=no vlan-id=100

…and now thinking how to drive priority of the communication from VLAN to WAN and from WAN to VLAN…
Thanks to all for inputs…

11

Have you read this?
http://wiki.mikrotik.com/wiki/Voip

12

Joe1vm,
Based on your requirements, and after reading the two links below, you need to do this:

1. Mark traffic coming from or going to a subnet

/ip firewall mangle add action=mark-packet chain=forward comment="VoiceVLAN100" \
    protocol=udp dst-address=192.168.100.0/24 new-packet-mark=voip-mark passthrough=no disabled=no
/ip firewall mangle add action=mark-packet chain=forward comment="VoiceVLAN100" \
    protocol=udp src-address=192.168.100.0/24 new-packet-mark=voip-mark passthrough=no disabled=no

2. Prioritize marked traffic over everything else

/ queue tree
add name="ether1_voip" parent=ether1 packet-mark=voip-mark limit-at=0 queue=default priority=2 \
    max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
add name="ether2_voip" parent=ether2 packet-mark=voip-mark limit-at=0 queue=default priority=2 \
    max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s disabled=no

Helpful reading.
http://wiki.mikrotik.com/wiki/Voip
http://shop.duxtel.com.au/article_info.php?articles_id=10

One thing that concerns me about the above (because I am familiar with IPCop) is that there is no global max upload and download specified anywhere. With IPCop, you tell the traffic shaper your maximum upload and (optionally) download speeds as provided by your ISP before adding your favorite priority traffic. With RouterOS is this not necessary? This article and this one seem to indicate we need a Max-Limit setting.

Given the above marked queue (and the only one in operation):

  1. What happens to all other random traffic?
  2. If saturated with ftp traffic, does ftp get automatically limited when VoIP packets appear?
  3. Since we are masquerading, is there anything we need to change?
  4. Can we mark the connection to the subnet instead of each packet for a CPU boost?
  5. Do we need to set a Max-Limit slightly less than our real bandwidth?
13

pcunite,
THANKS for your time, useful help, hints and interesting links. .. Got your points regarding max traffic limits as base for effective QoS control.

Anyway, in the meantime I tried only a simple queue. But I am not sure if it can bring similar benefit…
/queue simple
add burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s direction=both disabled=no interface=all limit-at=0/0 max-limit=0/0 name=VLAN100 packet-marks=“” parent=none priority=2 queue=only-hardware-queue/only-hardware-queue target-addresses=192.168.100.0/24 total-queue=only-hardware-queue

But still all of your questions needs to be considered…:slight_smile: But do not know how…
:slight_smile:
Thank you…

14

Joe1vm,

I’ve done extensive research into this issue because I’ll be implementing RouterOS, Qos, and VoIP control for a customer soon. I’ve started a new thread here to discuss my findings with others and to get MikroTik’s confirmation on the documentation.

Amazingly, the number one issue is not prioritizing the packets! Rather, managing the bufferbloat present in the ISP’s device (cable or ADSL modem) is the area of most concern. Prioritization is important, but without controlling the uplink queue it all falls apart.

All will be uncovered in that thread and hopefully the notion of Qos and VoIP will become clear to all.

15

I noticed the thread in preparation yesterday… It will be GREAT!!

Thank you for your effort and looking forward to read it…

Regards…

16

Sorry to necro a thread, but I’m specifically looking for the VLAN prioritization 802.1p tag. I need my RB2011 device to vlan tag packets on /egress/ and set the qos (802.1p) tag to 6. This is done in linux with vconfig vlan_qos, but there is no option in /int vlan add. Is there any way to get the 802.1p tag set so the next hop can act based on that priority?