Community discussions

MikroTik App
 
weldox
just joined
Topic Author
Posts: 12
Joined: Mon Mar 06, 2017 2:35 pm

How to mark packets UP and DOWN of differen VLANs

Fri Apr 21, 2017 9:05 am

Hello everyone!

I would need to mark download and upload packages that go from my VLANs to pppoe in order to track and prioritize traffic.

My router is an RB1100AHx2.

- eth1 set as management
- eth2 is my WLAN pppoe port (ADSL), connected to the modem.
- eth3 and eth4 are in bonding and it's a trunk (VLAN10 - VLAN20 - VLAN30) connected to Switch1 (CRS125, 24 ports, rack mounted).
- eth9 is a trunk (VLAN10 - VLAN40 - VLAN 60) that connects to a switch (CRS125, 24 ports, wifi) via a ubiquity antenna to a remote location (Site n.2)
- eth10 is a trunk (VLAN10 - VLAN50 - VLAN 60) that connects to a switch (CRS125, 24 ports, wifi) via a ubiquity antenna to a remote location (Site n.3)
- eth11 is a trunk (VLAN10 - VLAN30 - VLAN 70) that leads to a wifi access point.

Taking the VLAN10, for example, how should I set up the mangle rules to mark packets in uploads, ie those that start from devices belonging to the VLAN10 and exit from pppoe?

VLAN10 ---> pppoe

And those who do the reverse route, ie from pppoe, come to devices belonging to the VLAN10?

VLAN10 <--- pppoe

I tried this, without success:

Chain = prerouting
Dst.address = 10.10.10.0/24 (VLAN10 subnet)
In.interface = my pppoe
Action = mark packet
New packet mark = Office-IN

Chain = postrouting
Src.address = 10.10.10.0/24 (VLAN10 subnet)
Out.interface = my pppoe
Action = mark packet
New packet mark = Office-OUT

The first rule gives no signs of life, packets 0
The second doesn't work.

I do not understand the logic. I tried to look for tutorials, readed the microtik manual, tryied out some forum configurations, watched videos on youtube ... but I cannot figure it out.

Can you explain / help me?

Thank you very much in advance!
 
idlemind
Forum Guru
Forum Guru
Posts: 1148
Joined: Fri Mar 24, 2017 11:15 pm
Location: USA

Re: How to mark packets UP and DOWN of differen VLANs

Tue Apr 25, 2017 9:27 am

Simple queues that look at the source and destination IP may work far better than a bunch of mangling.
 
weldox
just joined
Topic Author
Posts: 12
Joined: Mon Mar 06, 2017 2:35 pm

Re: How to mark packets UP and DOWN of differen VLANs

Fri Apr 28, 2017 9:11 pm

I tryied with simple queues, give some priorities... but I cannot make It works:

/queue simple
add name=Voip priority=1/1 target=Br-VLAN20-Voip
add name=Game priority=2/2 target=Br-VLAN60-Game
add name=Office priority=3/3 target=Br-VLAN10-Office
add name=Site2 priority=4/4 target=Ant1-VLAN40-Site2
add name=Site3 priority=4/4 target=Ant2-VLAN50-Site3
add name=Guest priority=5/5 target=Br-VLAN70-Guest
add name=IPCameras target=Br-VLAN30-IPCameras

You talked about "sources" and "destinations" but in simple queues I can see only "target" and "dst.", I tryed to find some examples online but I cannot understand how It works... can You help me give me an example?
Thank You very much!
 
idlemind
Forum Guru
Forum Guru
Posts: 1148
Joined: Fri Mar 24, 2017 11:15 pm
Location: USA

Re: How to mark packets UP and DOWN of differen VLANs

Fri Apr 28, 2017 10:29 pm

It's my understanding that simple queues require fasttrack to be off (disable the default rule in the firewall). I'd then mark the packets with mangles by source or destination similar to what you did. I'd then use the packet-marks to match it into the queue you want.
 
weldox
just joined
Topic Author
Posts: 12
Joined: Mon Mar 06, 2017 2:35 pm

Re: How to mark packets UP and DOWN of differen VLANs

Mon May 01, 2017 9:33 pm

Thank You, but my rules doesn't work very well...

This is the problem:

I set the rules like this ones:

Chain = prerouting
Dst.address = 10.10.10.0/24 (VLAN10 subnet)
In.interface = my pppoe
Action = mark packet
New packet mark = Office-IN

Chain = postrouting
Src.address = 10.10.10.0/24 (VLAN10 subnet)
Out.interface = my pppoe
Action = mark packet
New packet mark = Office-OUT

The first rule gives no signs of life, packets 0
The second doesn't work well.
 
idlemind
Forum Guru
Forum Guru
Posts: 1148
Joined: Fri Mar 24, 2017 11:15 pm
Location: USA

Re: How to mark packets UP and DOWN of differen VLANs

Mon May 01, 2017 9:39 pm

Hi, you didn't answer my question. Is your fasttrack rule disabled?
 
idlemind
Forum Guru
Forum Guru
Posts: 1148
Joined: Fri Mar 24, 2017 11:15 pm
Location: USA

Re: How to mark packets UP and DOWN of differen VLANs

Mon May 01, 2017 9:52 pm

Also use only 1 rule. You can do 1 rule. If you only want to limit what is going out of my-ppoe then configure it only like this
/ip firewall mangle add action=mark-packet new-packet-mark=LimitTheScrubs1 src-address=10.10.10.0/24 out-interface=my-ppoe
Then limit the packets with a simple queue
/queue simple add target=my-ppoe packet-marks=LimitTheScrubs1 limit-at=56000/56000 comment="Limit everything sourced from 10.10.10.0/24 that needs to leave via my-ppoe to dial-up speeds."
With this method you can only limit how fast your sending data via that interface. You also can't control what comes down my-ppoe from the provider. The provider may still be filling the pipe between you and them with traffic that you are then only junking or trying to slow-down.

Reference: https://wiki.mikrotik.com/wiki/Manual:Packet_Flow
 
weldox
just joined
Topic Author
Posts: 12
Joined: Mon Mar 06, 2017 2:35 pm

Re: How to mark packets UP and DOWN of differen VLANs

Mon May 01, 2017 10:27 pm

I have fasttrack dummy rules on... I triyed to disable them but I cannot.
I tryied to switch my forward rules from "fasttrack connection" to "accept"...but still I cannot disable fasttrack dummy rules.

Is there no method that allow to control also the traffic from pppoe to my subnets?
 
idlemind
Forum Guru
Forum Guru
Posts: 1148
Joined: Fri Mar 24, 2017 11:15 pm
Location: USA

Re: How to mark packets UP and DOWN of differen VLANs

Mon May 01, 2017 11:16 pm

You can only control how data is processed from your ppoe connection. You can't control what enters your ppoe connection from your ISP. In other words you can't control at your router what comes down the ppoe connection your ISP would need to queue that traffic for you for it to be most effective.

Think of it terms of a water pipe. The queue mechanism is the valve that controls how much flows past it. The only valve you can control is your router. I can fill the pipe in front of your valve, the ISP connection, completely up. In order to prefer some traffic into the pipe between you and the ISP the valve at the ISP would have to be adjusted.

It's that reason I tend to not worry to much about ingress queueing on the Internet, PPPoE, side.
 
weldox
just joined
Topic Author
Posts: 12
Joined: Mon Mar 06, 2017 2:35 pm

Re: How to mark packets UP and DOWN of differen VLANs

Thu May 04, 2017 12:59 am

You can only control how data is processed from your ppoe connection. You can't control what enters your ppoe connection from your ISP. In other words you can't control at your router what comes down the ppoe connection your ISP would need to queue that traffic for you for it to be most effective.

Think of it terms of a water pipe. The queue mechanism is the valve that controls how much flows past it. The only valve you can control is your router. I can fill the pipe in front of your valve, the ISP connection, completely up. In order to prefer some traffic into the pipe between you and the ISP the valve at the ISP would have to be adjusted.

It's that reason I tend to not worry to much about ingress queueing on the Internet, PPPoE, side.
Thank You very much Idlemind for the explanation!! You example is really clear!

I've removed fasttrack! The simple queues works and limit upload speed!

PS: mangle chain must be "prerouting" right?

Thank You very much!
 
idlemind
Forum Guru
Forum Guru
Posts: 1148
Joined: Fri Mar 24, 2017 11:15 pm
Location: USA

Re: How to mark packets UP and DOWN of differen VLANs

Thu May 04, 2017 4:46 pm

PS: mangle chain must be "prerouting" right?
I'd imagine we'd want them in postrouting. The mangle rules take affect before NAT but if we are matching the mangle rule based on out-interface it wouldn't know that until after the routing decision is made.

To clarify one thing. Ingress or input queuing isn't always a negative idea. I use it at the access layer commonly to verify, correct or apply QoS markings to traffic. Shaping on ingress or input is just largely useless especially on the Internet pipe. This would be moving more into the topic of QoS on a large campus network. Likely not what you're working on. The last bit I'll leave you with is that QoS is meant to better manage tail drop packet loss. What this means is it helps your router to identify which traffic should be dropped and or preferred when queuing traffic out of an interface. Typically in a campus LAN you're not going to have a problem with congestion as most of our Internet connections are significantly smaller than the links within our campus. The exception being any link like a point-to-point wireless connection or something. The moral of the story is that QoS isn't the end all be all. It's a tool, when used correctly it can greatly improve the quality of important traffic but it is not a replacement for bandwidth when that's what's really needed.
 
weldox
just joined
Topic Author
Posts: 12
Joined: Mon Mar 06, 2017 2:35 pm

Re: How to mark packets UP and DOWN of differen VLANs

Sat May 06, 2017 11:27 am

Really thanks! It's all clear! I have the mangles in "postrouting"... I don't know why I wrote "prerouting"... :-? :lol:
Thank You very much for the explanation!

PS: The last question: about the queues types, have You got some advices? I read that "default-small" can cause a bigger amount of packet loss and someone suggest to use "default" is this right?

PPS: Is there a way for me to add You reputation points? I triyed but I think I cannot..
 
idlemind
Forum Guru
Forum Guru
Posts: 1148
Joined: Fri Mar 24, 2017 11:15 pm
Location: USA

Re: How to mark packets UP and DOWN of differen VLANs

Mon May 08, 2017 5:58 pm

No problem, I learn a lot by challenging myself to help others solve their problems. I find I learn the best when I force myself to try and explain a technology to others.

The queue size is really up to you and your environment. I wish I could find the video from way back in the early 2000s when I was in school...

Basically the queue depth is what you are configuring. If your rule backs up a lot of traffic in the queue you are telling it how many packets to hold onto before dropping them. Think of a queue managing say SMB from a server. You download a 100MB file and the queue is setup to limit speeds to dialup to and from the server (56kbps). Packets will start backing up in the queue. How many packets do you want to hold onto before you start dropping them? Default-small means 10 packets, default means 50. Each packet takes up resources to hold onto and inevitably some will be dropped which result in re-transmission from the client anyways. In some cases you don't care if packets fall on the floor in others you do. For example a voice queue while maybe limited in bandwidth you want to place significant queue depth to ensure you have a buffer in place in case of congestion before you can update the queue size.

So if you are following it's really just another knob for us to turn as we build out rule-sets. I haven't tried to monitor the queues in RouterOS yet but I imagine and hope you can track queue depth related drops like you can in Cisco land so you know if you need to adjust your rules or just to know at least how much traffic your queues are dropping.

As far as rating you can rate me personally by viewing my profile I believe. I've struggled trying to upvote posts in the past. I EMAILed support and apparently there is supposed to be a smiley face icon by each post but I don't see that so I'm not sure you do either.
 
weldox
just joined
Topic Author
Posts: 12
Joined: Mon Mar 06, 2017 2:35 pm

Re: How to mark packets UP and DOWN of differen VLANs

Sat May 13, 2017 10:31 pm

It's really good to found on people that help who ask for help... It's not so obvious nowaday!
Really thanks!! It's really :wink:

Who is online

Users browsing this forum: Baidu [Spider], Bing [Bot], erlinden, jakesbejoy, Znevna and 100 guests