Community discussions

MikroTik App
 
almdandi
newbie
Topic Author
Posts: 46
Joined: Sun May 03, 2015 5:22 pm

Set packets marks

Mon Jul 25, 2016 9:31 pm

Hello,

can somebody explain me the difference between setting the mark in the prerouting, postrouting or in the forward chain. Or is it better to set first a connection mark? I need these marks for my queue setup.
 
Feklar
Forum Guru
Forum Guru
Posts: 1726
Joined: Tue Dec 01, 2009 11:46 pm

Re: Set packets marks

Mon Jul 25, 2016 10:29 pm

It changes what information is available on the packet when marking it.
http://wiki.mikrotik.com/wiki/Manual:Packet_Flow

Prerouting is done before Destination NAT, so if the packet is having that header changed you may or may not want to mark there, here you can only mark based on an in interface as well.
Forward is before source NAT, so when marking there you know where a packet is from and where it is headed to, this gives the most information about a packet, allows you to mark based on in and out interfaces etc.
Post Routing will only allow you to mark on an out-interface, but is also before source NAT.

So in most cases it is best to mark in the Forward chain. It gives you the most flexibility when setting up QoS and the most information, but it really depends on your setup.

As far as marking a packet directly or using connection marks, connection marks are better as it will account for both sides of a connection (upload and download) with one rule automatically. When marking directly you need to take into account the upload portion and download portion of a connection when creating the rules, so it will take two rules. But depending on your setup and what else you are trying to do it may not be possible/efficient enough to separate the traffic enough for QoS, for example if you are doing load balancing or policy based routing.
 
almdandi
newbie
Topic Author
Posts: 46
Joined: Sun May 03, 2015 5:22 pm

Re: Set packets marks

Tue Jul 26, 2016 7:13 pm

Okay, nice. So something like this should work right?

/ip firewall mangle
chain=forward action=mark-connection new-connection-mark=mitarbeiter-con passthrough=yes in-interface=br-mitarbeiter out-interface-list=gates log=no log-prefix="" 
chain=forward action=mark-packet new-packet-mark=mitarbeiter-pkt passthrough=no connection-mark=mitarbeiter-con log=no log-prefix="" 

/queue tree
[size=85][font=Helvetica Neue, Helvetica, Arial, sans-serif]name="Mitarbeiter_download" parent=WAN-Gates-download packet-mark=mitarbeiter-pkt limit-at=0 queue=pcq-download-mitarbeiter priority=6 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s bucket-size=0.1 [/font][/size]
name="Mitarbeiter_upload" parent=WAN-Gates-upload packet-mark=mitarbeiter-pkt limit-at=0 queue=pcq-upload-mitarbeiter priority=6 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s bucket-size=0.1
What i'm trying to accomplish is. I have 4 networks. For example A, B, C and D. I want to periodize A. B and C are two normal networks and have the same priority. D should be under prioritized. So theoretically what i need to do is setup up some connection und packet marks for each of my networks and then use these packet marks in my queues. For the prioritization i only need the set the priority field of the queue. Is that correct?
 
Feklar
Forum Guru
Forum Guru
Posts: 1726
Joined: Tue Dec 01, 2009 11:46 pm

Re: Set packets marks

Tue Jul 26, 2016 8:00 pm

One refinement to the rule would be to set the connection state to new, or have it specify connection-mark=no-mark. This way the connection doesn't keep getting marked over and over, but otherwise it should work. You also probably want to mark from the LAN side to WAN side in your situation (hard for me to tell if that's what you are doing based on the interface names).

For the queue tree, what I like to do is have them tied to an interface if at all possible for the parent. Then each sub queue under that is restricted by the whole interface. By tying things to an interface it's easier to separate out upload and download type traffic.

In the parent define the Max-Limit to what you want. Note that it should be about 90% of the actual capacity of that link, otherwise your providers QoS can get in the way and cause issues.

For the child queues you need 3 things defined:
1.) Priority (lowest number is the highest priority, defines what queue is allowed past the limit-at value first)
2.) Max limit (defines the maximum amount of bandwidth allowed through the queue)
3.) Limit-At (defines the guaranteed bandwidth for that queue, meaning that it will always get at least that much bandwidth)

So to illustrate, lets say you have 10 Meg of bandwidth and 3 sub queues. Each queue has a guarantee of 2 Meg, and each queue is trying to max out the line. What will happen is this:
Queue 1 has the highest priority, therefore it is allowed to go past it's limit-at first and will be allowing 6Mbps through
Queue 2 has the next highest priority, but queue 1 has higher so it is only allowed the limit-at value, so it is allowing 2Mbps through.
Queue 3 has the lowest priority, both queues above it are trying to go past their limit-at, so it is allowing 2Mbps through.

Once queue 1 no longer is trying to push as much as it can, it frees up some capacity and therefore queue 2 is now allowed past it's limit-at, but queue 3 remains where it is unless there is something left over after queue 1 and 2 get what they want.

Who is online

Users browsing this forum: Daumal, mada3k, Me3do, normis, rahulbnmeka, sindy, suarez16 and 93 guests