VOIP QOS Problems

swits1109 · January 13, 2017, 4:42pm

Hey guys,

I’m hoping that someone can help me troubleshoot some VOIP QOS that I’ve been trying to do. I have a 24mb/3mb connection. The bridge is called “LAN PORTS”.

-I created the Mangle rules to mark the packets: https://puu.sh/tl371/43a0a228e3.png
-I created the Queue to give the bridge 15/1: https://puu.sh/tl3ap/8454c9a25e.png
-I created the Queue to give the marked VOIP packets unlimited: https://puu.sh/tl3ct/fee3421f2c.png
-However I’m not seeing any traffic pass through the VOIP queue, so it looks like the QOS is not working although the packets are being marked: https://puu.sh/tl3eu/32facb9085.png

Any suggestions here? Thanks!

pe1chl · January 13, 2017, 5:36pm

Please post your config as export instead of screenshots.

swits1109 · January 13, 2017, 5:39pm

How is that done?

pe1chl · January 13, 2017, 5:46pm

Open a new terminal window and type /export
Copy and paste the relevant sections (ip firewall and queue, at least) here.

swits1109 · January 13, 2017, 6:05pm

jan/13/2017 11:51:35 by RouterOS 6.38

/interface bridge
add admin-mac=6C:3B:6B:48:AF:DB auto-mac=no comment=defconf name="LAN PORTS"

/interface ethernet
set [ find default-name=ether1 ] name=INTERNET
set [ find default-name=ether2 ] name=ether2-master
set [ find default-name=ether3 ] master-port=ether2-master
set [ find default-name=ether4 ] master-port=ether2-master

/interface bridge port
add bridge="LAN PORTS" comment=defconf interface=ether2-master
add bridge="LAN PORTS" comment=defconf interface=wlan1
add bridge="LAN PORTS" interface=wlan2

/ip firewall filter
add action=accept chain=input dst-port=8291 protocol=tcp
add action=accept chain=input dst-port=80 protocol=tcp
add action=fasttrack-connection chain=forward comment="defconf: fasttrack"
connection-state=established,related
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment="defconf: accept establieshed,related"
connection-state=established,related
add action=accept chain=input comment="allow l2tp" dst-port=1701 protocol=udp
add action=accept chain=input comment="allow pptp" dst-port=1723 protocol=tcp
add action=accept chain=input comment="allow sstp" dst-port=443 protocol=tcp
add action=drop chain=input comment="defconf: drop all from WAN" in-interface=
INTERNET
add action=accept chain=forward comment="defconf: accept established,related"
connection-state=established,related
add action=drop chain=forward comment="defconf: drop invalid" connection-state=
invalid
add action=drop chain=forward comment=
"defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat
connection-state=new in-interface=INTERNET
/ip firewall mangle
add action=mark-packet chain=forward connection-state="" log=yes log-prefix=
VOIP new-packet-mark=VOIP passthrough=yes protocol=tcp src-port=5060
add action=mark-packet chain=forward connection-state="" dst-port=5060 log=yes
log-prefix=VOIP new-packet-mark=VOIP passthrough=yes protocol=tcp
add action=mark-packet chain=forward connection-state="" log=yes log-prefix=
VOIP new-packet-mark=VOIP passthrough=yes protocol=udp src-port=5060
add action=mark-packet chain=forward connection-state="" dst-port=5060 log=yes
log-prefix=VOIP new-packet-mark=VOIP passthrough=yes protocol=udp
add action=mark-packet chain=forward log=yes log-prefix=VOIP new-packet-mark=
VOIP passthrough=yes protocol=tcp src-port=10000-20000
add action=mark-packet chain=forward log=yes log-prefix=VOIP new-packet-mark=
VOIP passthrough=yes protocol=udp src-port=10000-20000
add action=mark-packet chain=forward dst-port=10000-20000 log=yes log-prefix=
VOIP new-packet-mark=VOIP passthrough=yes protocol=udp
add action=mark-packet chain=forward dst-port=10000-20000 log=yes log-prefix=
VOIP new-packet-mark=VOIP passthrough=yes protocol=tcp
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" out-interface=
INTERNET
add action=masquerade chain=srcnat comment="masq. vpn traffic" src-address=
192.168.89.0/24
/ip firewall service-port
set sip disabled=yes
/ip service
set www address=0.0.0.0/0
set winbox address=0.0.0.0/0
/ip upnp
set allow-disable-external-interface=yes enabled=yes

pe1chl · January 13, 2017, 8:27pm

I don’t see an immediate error, maybe others do. I am not used to doing it this way, I normally mark using
the DSCP value that specifies the priority of the traffic:

/ip firewall mangle
add action=set-priority chain=postrouting comment="From dscp high 3 bits" \
    new-priority=from-dscp-high-3-bits passthrough=yes
add action=mark-packet chain=postrouting comment="Priority 0" \
    new-packet-mark=prio0 passthrough=yes priority=0
add action=mark-packet chain=postrouting comment="Priority 1" \
    new-packet-mark=prio1 passthrough=yes priority=1
add action=mark-packet chain=postrouting comment="Priority 2" \
    new-packet-mark=prio2 passthrough=yes priority=2
add action=mark-packet chain=postrouting comment="Priority 3" \
    new-packet-mark=prio3 passthrough=yes priority=3
add action=mark-packet chain=postrouting comment="Priority 4" \
    new-packet-mark=prio4 passthrough=yes priority=4
add action=mark-packet chain=postrouting comment="Priority 5" \
    new-packet-mark=prio5 passthrough=yes priority=5
add action=mark-packet chain=postrouting comment="Priority 6" \
    new-packet-mark=prio6 passthrough=yes priority=6
add action=mark-packet chain=postrouting comment="Priority 7" \
    new-packet-mark=prio7 passthrough=yes priority=7

Then I use a Queue Tree to queue the traffic with priority classes:

/queue tree
add comment="20 Mbps" limit-at=19M max-limit=19M name=\
    queue-vlan51 parent=ether1.vlan51 queue=default
add limit-at=4M max-limit=18M name=queue-vlan51-p1 packet-mark=prio7 parent=\
    queue-vlan51 priority=1 queue=default
add limit-at=4M max-limit=18M name=queue-vlan51-p2 packet-mark=prio6 parent=\
    queue-vlan51 priority=2 queue=default
add limit-at=4M max-limit=18M name=queue-vlan51-p3 packet-mark=prio5 parent=\
    queue-vlan51 priority=3 queue=default
add limit-at=4M max-limit=18M name=queue-vlan51-p4 packet-mark=prio4 parent=\
    queue-vlan51 priority=4 queue=default
add limit-at=4M max-limit=18M name=queue-vlan51-p5 packet-mark=prio3 parent=\
    queue-vlan51 priority=5 queue=default
add limit-at=4M max-limit=18M name=queue-vlan51-p6 packet-mark=prio2 parent=\
    queue-vlan51 priority=6 queue=default
add limit-at=4M max-limit=18M name=queue-vlan51-p7 packet-mark=prio0 parent=\
    queue-vlan51 priority=7 queue=default
add limit-at=4M max-limit=18M name=queue-vlan51-p8 packet-mark=prio1 parent=\
    queue-vlan51 queue=default

When the traffic is properly marked by the endpoints (with VoIP it often is), there is no need to use
marking by port numbers etc.

swits1109 · January 25, 2017, 3:39pm

I guess that this is the only solution that I can try. I have added the mangle rules, but on the queue, the connection is 18M down and 1.5M up. From your script, it seems like 20/20 down/up. How can this be made asynchronous? Thanks!

pe1chl · January 25, 2017, 4:59pm

The values you use in the queue tree are solely based on your upload speed.
The shaping for the download has to be done by the ISP.

swits1109 · January 25, 2017, 5:43pm

Just to verify, is this the correct syntax?

/queue tree
add comment="1.5 Mbps" limit-at=1M max-limit=1M name=\
    queue-vlan51 parent=ether1.vlan51 queue=default
add limit-at=1M max-limit=1M name=queue-vlan51-p1 packet-mark=prio7 parent=\
    queue-vlan51 priority=1 queue=default
add limit-at=1M max-limit=1M name=queue-vlan51-p2 packet-mark=prio6 parent=\
    queue-vlan51 priority=2 queue=default
add limit-at=1M max-limit=1M name=queue-vlan51-p3 packet-mark=prio5 parent=\
    queue-vlan51 priority=3 queue=default
add limit-at=1M max-limit=1M name=queue-vlan51-p4 packet-mark=prio4 parent=\
    queue-vlan51 priority=4 queue=default
add limit-at=1M max-limit=1M name=queue-vlan51-p5 packet-mark=prio3 parent=\
    queue-vlan51 priority=5 queue=default
add limit-at=1M max-limit=1M name=queue-vlan51-p6 packet-mark=prio2 parent=\
    queue-vlan51 priority=6 queue=default
add limit-at=1M max-limit=1M name=queue-vlan51-p7 packet-mark=prio0 parent=\
    queue-vlan51 priority=7 queue=default
add limit-at=1M max-limit=1M name=queue-vlan51-p8 packet-mark=prio1 parent=\
    queue-vlan51 queue=default

swits1109 · January 25, 2017, 6:36pm

I tried that and got this result:

[admin@CN-Router] /queue tree> add limit-at=1M max-limit=1M name=queue-vlan5
1-p4 packet-mark=prio4 parent=\
\...     queue-vlan51 priority=4 queue=default                                    
input does not match any value of parent
[admin@CN-Router] /queue tree> add limit-at=1M max-limit=1M name=queue-vlan5
1-p5 packet-mark=prio3 parent=\
\...     queue-vlan51 priority=5 queue=default                                    
input does not match any value of parent
[admin@CN-Router] /queue tree> add limit-at=1M max-limit=1M name=queue-vlan5
1-p6 packet-mark=prio2 parent=\
\...     queue-vlan51 priority=6 queue=default                                    
input does not match any value of parent
[admin@CN-Router] /queue tree> add limit-at=1M max-limit=1M name=queue-vlan5
1-p7 packet-mark=prio0 parent=\
\...     queue-vlan51 priority=7 queue=default                                    
input does not match any value of parent
[admin@CN-Router] /queue tree> add limit-at=1M max-limit=1M name=queue-vlan5
1-p8 packet-mark=prio1 parent=\
\...     queue-vlan51 queue=default                                               
input does not match any value of parent
[admin@CN-Router] /queue tree>

pe1chl · January 25, 2017, 6:43pm

You should of course adapt the example to your local situation, e.g. in this case the interface name and queue name.

swits1109 · January 25, 2017, 7:24pm

Here is what I came up with to try to simplify/understand:

/ip firewall mangle
add action=set-priority chain=postrouting comment="From dscp high 3 bits" \
    new-priority=from-dscp-high-3-bits passthrough=yes
add action=mark-packet chain=postrouting comment="Priority 0" \
    new-packet-mark=OTHER passthrough=yes priority=0
add action=mark-packet chain=postrouting comment="Priority 1" \
    new-packet-mark=OTHER passthrough=yes priority=1
add action=mark-packet chain=postrouting comment="Priority 2" \
    new-packet-mark=OTHER passthrough=yes priority=2
add action=mark-packet chain=postrouting comment="Priority 3" \
    new-packet-mark=VOIP passthrough=yes priority=3
add action=mark-packet chain=postrouting comment="Priority 4" \
    new-packet-mark=VOIP passthrough=yes priority=4
add action=mark-packet chain=postrouting comment="Priority 5" \
    new-packet-mark=VOIP passthrough=yes priority=5
add action=mark-packet chain=postrouting comment="Priority 6" \
    new-packet-mark=VOIP passthrough=yes priority=6
add action=mark-packet chain=postrouting comment="Priority 7" \
    new-packet-mark=VOIP passthrough=yes priority=7

/queue tree
add name="LEVEL_A_UP"   parent=INTERNET queue=default max-limit=900k
add name="LEVEL_A_DOWN" parent=LAN-PORTS queue=default max-limit=15M
add name="LEVEL_B_UP"   parent=INTERNET queue=default max-limit=900k
add name="LEVEL_B_DOWN" parent=LAN-PORTS queue=default max-limit=15M

add name="VOIP_U"       parent="LEVEL_A_UP"   packet-mark="VOIP"  queue=default priority=1
add name="VOIP_D"       parent="LEVEL_A_DOWN" packet-mark="VOIP"  queue=default priority=1
add name="OTHER_U"      parent="LEVEL_B_UP"   packet-mark="OTHER" queue=default priority=2
add name="OTHER_D"      parent="LEVEL_B_DOWN" packet-mark="OTHER" queue=default priority=2