Community discussions

MikroTik App
 
User avatar
sytex
Trainer
Trainer
Topic Author
Posts: 87
Joined: Fri May 23, 2008 10:35 am
Location: Hungary

Traffic Priority (Queue Tree?)

Mon Apr 04, 2016 4:01 pm

Hi All,

I'm trying to make a (simple?) config. RB has 1 uplink port, and has 3 private ports with separated ip subnets.
I have to make a masquerading router to internet, which proiritizes the upload and download between the 3 subnets. I googled a lot, but could not find any solution for this.
The common problem with installing the solutions found on internet to my setup is: all example uses one ethernet interface as main parent for download, but I have 3 interfaces, where the donwload traffic can exit my router.

Thanks
 
User avatar
ZeroByte
Forum Guru
Forum Guru
Posts: 4051
Joined: Wed May 11, 2011 6:08 pm

Re: Traffic Priority (Queue Tree?)

Mon Apr 04, 2016 7:55 pm

You will need to use a master parent queue whose parent is "global" and then a sub-queue for each LAN in question.
You'll need to use packet marks to distinguish the traffic for the sub queues - and this marking should probably be done in the forward chain of the mangle table - because prerouting chain happens before the nat table, which makes me think that the packets will still have the WAN's IP address as the destination address when they go through the prerouting chain (but I could be wrong).

The way to flag your connections for packet marking is going to be to use 3 connection-marking rules in the mangle->prerouting chain based on in-interface=lan1, lan2, and lan3
(also include a criteria that connection-mark=no-mark so that once a connection is flagged, it stays flagged)

Then after those 3 rules, add 3 more rules that do mark-packet based on the connection marks:
in-interface=wan connection-mark=lan1 action=mark-packet new-packet-mark=lan1down passthrough=no

And for upstream marking, add 3 packet mark rules to the post-routing chain:
out-interface=wan connection-mark=lan1 action=mark-packet new-packet-mark=lan1up

You can then make an upstream queue tree parented to the wan interface where the three lan sub-queues are looking for the upstream packet marks.
When given a spoon,
you should not cling to your fork.
The soup will get cold.
 
slv
Frequent Visitor
Frequent Visitor
Posts: 57
Joined: Mon Jun 17, 2013 8:54 pm

Re: Traffic Priority (Queue Tree?)

Tue Apr 05, 2016 11:16 am

@Sytex

I fighting with same problem
On internet is a lot of examples but usually based on 5.x ROS code with is incompatibile with 6.x code.
Second problem is that even on 6.x code there where some changes (like global-in dissapered and now is just global and so on).

At the moment i use PCQ with equall bandwitch for every user IP using just one queue:
/queue simple print
Flags: X - disabled, I - invalid, D - dynamic
0 name="queue3" target=192.168.0.0/16 parent=none packet-marks="" priority=8/8
queue=pcq-upload-default/pcq-download-default limit-at=0/0 max-limit=49M/49M burst-limit=0/0 burst-threshold=0/0
burst-time=0s/0s bucket-size=0.1/0.1

Few control question:
- do You use bridging?
- do You use masquarade or SNAT?
According to my knoweladge this are important things.

ZeroBytes - If I use SNAT should I mark on prerouting (upload) and post-routing (dwonload)?


Regards
Slawek
 
User avatar
sytex
Trainer
Trainer
Topic Author
Posts: 87
Joined: Fri May 23, 2008 10:35 am
Location: Hungary

Re: Traffic Priority (Queue Tree?)

Tue Apr 05, 2016 12:46 pm

Thanks for the answers. I will try them,

Answers to @slv:

Yes I have bridges, so the 3 'LAN' interfaces are bridges in my setup.
I use masquerade.
 
User avatar
ZeroByte
Forum Guru
Forum Guru
Posts: 4051
Joined: Wed May 11, 2011 6:08 pm

Re: Traffic Priority (Queue Tree?)

Tue Apr 05, 2016 6:38 pm

I'd say prerouting is usually the go-to chain for mangle in my experience.

Now that I've read back over my earlier post, I'd say that the IP address doesn't matter because if marking packets based on connection mark, you can just do that in prerouting all the time in basic cases - I suggested 3 packet mark rules in postrouting so that at this point, the output interface is known and the packets can be re-marked with the "upstream" marks based on the connection mark. (the connection mark is the same for both directions in the flow)

The NAT isn't really important in this case - once a connection gets marked, it stays marked until the connection is closed or times out, so the IP is irrelevant. The connection mark can happen in prerouting because we know that no new connections from the WAN are possible, so we know that a new, unmarked connection is coming in via some LAN interface - and this can be used to mark the flow as lan1, lan2, etc....
When given a spoon,
you should not cling to your fork.
The soup will get cold.
 
slv
Frequent Visitor
Frequent Visitor
Posts: 57
Joined: Mon Jun 17, 2013 8:54 pm

Re: Traffic Priority (Queue Tree?)

Fri Apr 08, 2016 4:10 pm

Hello

So let's start with (not)working code:
/ip firewall mangle
add chain=prerouting action=mark-connection new-connection-mark=LAN-down-con passthrough=yes src-address-list=Local_LANs comment="mark client traffic" disabled=no 
add chain=prerouting action=mark-packet new-packet-mark=all_packet passthrough=no comment="upload" disabled=no

and without "src-address-list"

/ip firewall mangle
add chain=prerouting action=mark-connection new-connection-mark=LAN-down-con passthrough=yes comment="mark client traffic" disabled=no 
add chain=prerouting action=mark-packet new-packet-mark=all_packet passthrough=no comment="upload" disabled=no
I got strange (for me) resoults
[img]
2016-04-05_194402.jpg
[/img]
Why this two rules has almost similat amount of packet and amount of bytes?

Next step should be roule for "download"
add chain=postouting action=mark-packet new-packet-mark=all_packet out-interface=ethernet6  passthrough=no comment="download" disabled=no

Unfortunetely above roule doesnt catch anything :(
Summary:
How to fix this marking roules - at the moment noone is working in my opinion

Regards
Slawek
You do not have the required permissions to view the files attached to this post.
 
sash7
Frequent Visitor
Frequent Visitor
Posts: 69
Joined: Sun Mar 20, 2016 10:39 pm

Re: Traffic Priority (Queue Tree?)

Sat Apr 09, 2016 4:31 pm

slv simply use forward chain, packet mark and use interfaces in-interface / out-interface

for all download like this

/ip firewall mangle
add chain=forward action=mark-packet new-packet-mark=download in-interface=your_wan_iface out-interface=your_lan_iface passthrough=no comment="all download" disabled=no

for upload reverse in-out interfaces, change mark, comment...
 
slv
Frequent Visitor
Frequent Visitor
Posts: 57
Joined: Mon Jun 17, 2013 8:54 pm

Re: Traffic Priority (Queue Tree?)

Sun Apr 10, 2016 1:24 pm

I did:
add chain=forward action=mark-packet new-packet-mark=download in-interface=WAN out-interface=LAN passthrough=no comment="" disabled=no

add chain=forward action=mark-packet new-packet-mark=download in-interface=LAN out-interface=WAN passthrough=no comment="all upload" disabled=no
What about connection mark - is it nessasary?

I see in Connection mark tab a lol session with empty name or (unknown 1) as a name - whot is going on?
In Bytes/Packet coulmns counter are increasing - so it seems that are working but why isnt mangled properly?


Reards
Slawek
 
sash7
Frequent Visitor
Frequent Visitor
Posts: 69
Joined: Sun Mar 20, 2016 10:39 pm

Re: Traffic Priority (Queue Tree?)

Sun Apr 10, 2016 10:54 pm

you have an error in marking - in both places is new-packet-mark=download ?
 
slv
Frequent Visitor
Frequent Visitor
Posts: 57
Joined: Mon Jun 17, 2013 8:54 pm

Re: Traffic Priority (Queue Tree?)

Mon Apr 11, 2016 10:27 am

as You see - in both rules (one for upload and one for download)
what is wrong with it? could You be more specific


Regards
Slawek
 
User avatar
sytex
Trainer
Trainer
Topic Author
Posts: 87
Joined: Fri May 23, 2008 10:35 am
Location: Hungary

Re: Traffic Priority (Queue Tree?)

Wed Apr 13, 2016 1:08 pm

Thanks for the answers, and advices.

Now I'm stuck at the queue tree setup, I made this config:
/ip firewall mangle
add action=mark-connection chain=prerouting comment=con_LAN1 connection-mark=no-mark in-interface=LAN1 new-connection-mark=conn_LAN1 passthrough=no
add action=mark-connection chain=prerouting comment=con_LAN2 connection-mark=no-mark in-interface=LAN2 new-connection-mark=conn_LAN2 passthrough=no
add action=mark-connection chain=prerouting comment=con_LAN3 connection-mark=no-mark in-interface=LAN3 new-connection-mark=conn_LAN3 passthrough=no
add action=mark-packet chain=forward comment=pckt_LAN1_up connection-mark=conn_LAN1 new-packet-mark=pckt_LAN1_up out-interface=WAN passthrough=no
add action=mark-packet chain=forward comment=pckt_LAN2_up connection-mark=conn_LAN2 new-packet-mark=pckt_LAN2_up out-interface=WAN passthrough=no
add action=mark-packet chain=forward comment=pckt_LAN3_up connection-mark=conn_LAN3 new-packet-mark=pckt_LAN3_up out-interface=WAN passthrough=no
add action=mark-packet chain=forward comment=pckt_LAN1_down connection-mark=conn_LAN1 in-interface=WAN new-packet-mark=pckt_LAN1_down passthrough=no
add action=mark-packet chain=forward comment=pckt_LAN2_down connection-mark=conn_LAN2 in-interface=WAN new-packet-mark=pckt_LAN2_down passthrough=no
add action=mark-packet chain=forward comment=pckt_LAN3_down connection-mark=conn_LAN3 in-interface=WAN new-packet-mark=pckt_LAN3_down passthrough=no
The packet markings are working fine, tested them. For testing purposes I made a 10M/5M limit (in the real setup there will be 100/50)

I made the following config for queue tree:
/queue tree
add max-limit=5M name=upload parent=global queue=default
add name=LAN1_up packet-mark=pckt_LAN1_up parent=upload priority=8 queue=default
add name=LAN2_up packet-mark=pckt_LAN2_up parent=upload priority=7 queue=default
add name=LAN3_up packet-mark=pckt_LAN3_up parent=upload priority=6 queue=default
add max-limit=10M name=download parent=global queue=default
add name=LAN1_down packet-mark=pckt_LAN1_down parent=download priority=8 queue=default
add name=LAN2_down packet-mark=pckt_LAN2_down parent=download priority=7 queue=default
add name=LAN3_down packet-mark=pckt_LAN3_down parent=download priority=6 queue=default
Prioritizing the traffic does not work. It dropps whole connections on LAN1 at the moment when a device on LAN2 begins to transmit (testing with speedtest.net)

Next setup:
/queue tree
add max-limit=5M name=upload parent=global queue=default
add limit-at=1M max-limit=5M name=LAN1_up packet-mark=pckt_LAN1_up parent=upload priority=8 queue=default
add limit-at=2M max-limit=5M name=LAN2_up packet-mark=pckt_LAN2_up parent=upload priority=7 queue=default
add name=LAN3_up packet-mark=pckt_LAN3_up parent=upload priority=6 queue=default
add max-limit=10M name=download parent=global queue=default
add limit-at=2M max-limit=10M name=LAN1_down packet-mark=pckt_LAN1_down parent=download priority=8 queue=default
add limit-at=4M max-limit=10M name=LAN2_down packet-mark=pckt_LAN2_down parent=download priority=7 queue=default
add name=LAN3_down packet-mark=pckt_LAN3_down parent=download priority=6 queue=default
Tried to make some guarantied bandwith, it is a bit more stable, but lot of dropped connections and unfinished speed test are still present.

Any suggestions?
 
sash7
Frequent Visitor
Frequent Visitor
Posts: 69
Joined: Sun Mar 20, 2016 10:39 pm

Re: Traffic Priority (Queue Tree?)

Wed Apr 13, 2016 3:30 pm

about upload:
lan1 drop because your lan2 has high priority.
another: where is limit and max-limit for lan3?
if your upload max-limit is 5M, then sum of all tree lan's limit need to be equal to 5M. try in this way, and without different priority.
exactly same case in downloads.
change and test again)
 
User avatar
sytex
Trainer
Trainer
Topic Author
Posts: 87
Joined: Fri May 23, 2008 10:35 am
Location: Hungary

Re: Traffic Priority (Queue Tree?)

Thu Apr 14, 2016 11:06 am

LAN3 is not set yet, because I'm testing it with two clients.

Again: I don't want to set exact max-limits per subnet (I can make that with simple queues, and don't need the queue tree).

My goal:
LAN1 lowest priority but guaranteed 2M down, 1M up
LAN2 middle priority but guaranteed 4M down, 2M up
LAN3 highest priority.

If no uses LAN2 or LAN3, the LAN1 clients can get all the bandwith.
If LAN2 users are online, than their traffic is prioritized before the LAN1 traffic, so LAN1 can get the 2M/1M and LAN2 the rest of the available.
If LAN3 user are online than they can get the bandwith what they need, but keep the guaranteed for LAN1 and LAN2.

Or is it to complex task for Ros?? :-)
 
sash7
Frequent Visitor
Frequent Visitor
Posts: 69
Joined: Sun Mar 20, 2016 10:39 pm

Re: Traffic Priority (Queue Tree?)

Thu Apr 14, 2016 11:34 am

i understand what you want, but when use priority there is no "guarantee" nothing for classes with low priority. these with high priority probably may get all bandwidth. in my opinion htb work predictable and fair if you use equal priority and set correct numbers for limit and max limit.
 
User avatar
sytex
Trainer
Trainer
Topic Author
Posts: 87
Joined: Fri May 23, 2008 10:35 am
Location: Hungary

Re: Traffic Priority (Queue Tree?)

Mon Apr 25, 2016 2:23 pm

Equal priority, max-limit set on each subchain to the same as global max-limit, and some limit-at parameters depends on needed priority (LAN1 20Mbit, LAN2 40Mbit, LAN3 40Mbit) worked for me.

Thanks for the advices.
 
slv
Frequent Visitor
Frequent Visitor
Posts: 57
Joined: Mon Jun 17, 2013 8:54 pm

Re: Traffic Priority (Queue Tree?)

Tue Apr 26, 2016 9:10 pm

Hello Sytex

Could You post here code for QoS that You configured?


Regards
Slawek
 
User avatar
sytex
Trainer
Trainer
Topic Author
Posts: 87
Joined: Fri May 23, 2008 10:35 am
Location: Hungary

Re: Traffic Priority (Queue Tree?)

Tue Apr 26, 2016 9:14 pm

Slawek,

Right now I am on business trip, and cannot access the router. I will post it next week.
 
slv
Frequent Visitor
Frequent Visitor
Posts: 57
Joined: Mon Jun 17, 2013 8:54 pm

Re: Traffic Priority (Queue Tree?)

Mon May 30, 2016 9:02 pm

Hi Sytex

I hope that You are doing well

Please share your config if its possible now.


Regards
Slawek
 
User avatar
ploquets
Member Candidate
Member Candidate
Posts: 149
Joined: Tue Nov 17, 2015 12:49 pm
Location: Uruguaiana, RS, Brazil
Contact:

Re: Traffic Priority (Queue Tree?)

Wed Feb 22, 2017 9:13 pm

Slawek,

Right now I am on business trip, and cannot access the router. I will post it next week.
Please, post it... Right now I need your working configuration.
Thanks
 
Scottymidd
just joined
Posts: 3
Joined: Tue Mar 14, 2017 7:35 pm

Re: Traffic Priority (Queue Tree?)

Tue Aug 22, 2017 3:36 pm

Also looking for an update on this. Hoping to see the working code. Thank you

Who is online

Users browsing this forum: ath, expo and 206 guests