Community discussions

MikroTik App
 
User avatar
azurtem
Trainer
Trainer
Topic Author
Posts: 217
Joined: Mon May 16, 2011 5:35 pm
Location: Nice, France
Contact:

Mangled traffic not picked up by queue

Mon Oct 12, 2015 11:07 am

Hi

I have setup simple PCQ queueing for a clients site (CCR1009 6.32.2)
The client has a 15 Mnps SDSL uplink

One of the objectives is to 'protect' VoIP traffic

Mangles:
/ip firewall mangle
add action=mark-connection chain=prerouting comment="SIP Signaling" dscp=26 \
    new-connection-mark=VOIP-CMD
add action=mark-packet chain=prerouting connection-mark=VOIP-CMD \
    new-packet-mark=VOIP-PMD passthrough=no
add action=mark-connection chain=postrouting dscp=26 new-connection-mark=\
    VOIP-CMU
add action=mark-packet chain=postrouting connection-mark=VOIP-CMU \
    new-packet-mark=VOIP-PMU passthrough=no
add action=mark-connection chain=prerouting comment="RTP VoIP" dscp=46 \
    new-connection-mark=VOIP-CMD
add action=mark-packet chain=prerouting connection-mark=VOIP-CMD \
    new-packet-mark=VOIP-PMD passthrough=no
add action=mark-connection chain=postrouting dscp=46 new-connection-mark=\
    VOIP-CMU
add action=mark-packet chain=postrouting connection-mark=VOIP-CMU \
    new-packet-mark=VOIP-PMU passthrough=no
add action=mark-connection chain=prerouting comment="UDP VoIP" \
    new-connection-mark=VOIP-CMD protocol=udp src-address=XXX.XXX.XXX.XXX \
    src-port=5060-5061
add action=mark-packet chain=prerouting connection-mark=VOIP-CMD \
    new-packet-mark=VOIP-PMD passthrough=no
add action=mark-connection chain=postrouting dst-address=XXX.XXX.XXX.XXX \
    dst-port=5060-5061 new-connection-mark=VOIP-CMU protocol=udp
add action=mark-packet chain=postrouting connection-mark=VOIP-CMU \
    new-packet-mark=VOIP-PMU passthrough=no
add action=mark-connection chain=forward comment="HTTP Queuing" dst-port=\
    80,443 new-connection-mark=HTTP-CM protocol=tcp src-address=\
    192.168.11.0/24
add action=mark-packet chain=forward connection-mark=HTTP-CM new-packet-mark=\
    HTTP-PM
add action=mark-connection chain=forward comment="LAN Queuing" \
    new-connection-mark=LAN-CM src-address=192.168.11.0/24
add action=mark-packet chain=forward connection-mark=LAN-CM new-packet-mark=\
    LAN-PM
Queues:
/queue simple
add disabled=yes dst=ether1 limit-at=1M/1M max-limit=2M/2M name=VOIP-RTP \
    packet-marks=voip-rtp priority=1/1 target=192.168.11.0/24
/queue type
add kind=pcq name=PCQ-Download pcq-classifier=dst-address \
    pcq-dst-address6-mask=64 pcq-limit=20 pcq-src-address6-mask=64 \
    pcq-total-limit=500
add kind=pcq name=PCQ-Upload pcq-classifier=src-address \
    pcq-dst-address6-mask=64 pcq-limit=20 pcq-src-address6-mask=64 \
    pcq-total-limit=500
/queue simple
add disabled=yes dst=ether1 limit-at=15M/15M max-limit=15M/15M name=NON-VOIP \
    queue=PCQ-Upload/PCQ-Download target=192.168.11.0/24
/queue tree
add max-limit=13M name=Downloads parent=global queue=PCQ-Download
add max-limit=13M name=Uploads parent=global queue=PCQ-Upload
add max-limit=2M name=1-VoIP-D packet-mark=VOIP-PM parent=Downloads priority=\
    1 queue=default
add max-limit=2M name=1-VoIP-U packet-mark=VOIP-PM parent=Uploads priority=1 \
    queue=default
add max-limit=7M name=3-LAN-D packet-mark=LAN-PM parent=Downloads queue=\
    default
add max-limit=7M name=3-LAN-U packet-mark=LAN-PM parent=Uploads queue=default
add max-limit=6M name=2-HTTP-D packet-mark=HTTP-PM parent=Downloads priority=\
    2 queue=default
add max-limit=6M name=2-HTTP-U packet-mark=HTTP-PM parent=Uploads priority=2 \
    queue=default
Is my logic sound ?

thanks
yann
Last edited by azurtem on Mon Oct 12, 2015 12:25 pm, edited 1 time in total.
 
Sitron
newbie
Posts: 37
Joined: Wed Jul 29, 2009 11:49 pm
Location: Arendal, Norway

Re: Mangled traffic not picked up by queue

Mon Oct 12, 2015 12:35 pm

When comparing to my own firewall-mangle rules, I see one difference: I only use prerouting, but you use postrouting?
 
User avatar
azurtem
Trainer
Trainer
Topic Author
Posts: 217
Joined: Mon May 16, 2011 5:35 pm
Location: Nice, France
Contact:

Re: Mangled traffic not picked up by queue

Mon Oct 12, 2015 12:51 pm

When comparing to my own firewall-mangle rules, I see one difference: I only use prerouting, but you use postrouting?
http://www.mikrotik-routeros.com/2014/0 ... rees-v6-0/
 
User avatar
chechito
Forum Guru
Forum Guru
Posts: 1772
Joined: Sun Aug 24, 2014 3:14 am
Location: Bogota Colombia
Contact:

Re: Mangled traffic not picked up by queue

Mon Oct 12, 2015 1:29 pm

i think you need to mark every packet not connections, matching DSCP value

use the rate and packet rate column on firewall mangle on winbox to see on real time if the mangle rule is catching the traffic
 
Sitron
newbie
Posts: 37
Joined: Wed Jul 29, 2009 11:49 pm
Location: Arendal, Norway

Re: Mangled traffic not picked up by queue

Mon Oct 12, 2015 2:24 pm

When comparing to my own firewall-mangle rules, I see one difference: I only use prerouting, but you use postrouting?
http://www.mikrotik-routeros.com/2014/0 ... rees-v6-0/
I still think that's wrong. No other examples on wiki.mikrotik.com uses postrouting, and why would you? You want to mark the packet before it's about to get routed (and queued), not afterwards. But give it a try, see if it's helps.

Who is online

Users browsing this forum: Jotne, Majestic-12 [Bot], seriosha, wispvt, withaai and 117 guests