Community discussions

MikroTik App
 
stalker802
newbie
Topic Author
Posts: 42
Joined: Mon Nov 22, 2010 3:50 pm

QoS for IPTV

Mon Mar 26, 2018 9:44 pm

Hi, i was trying simple queues, also queue tree to ensure constant bit rates for IPTV with no success. Do you have any ideas, how to correctly configure QoS?
You do not have the required permissions to view the files attached to this post.
 
sindy
Forum Guru
Forum Guru
Posts: 10206
Joined: Mon Dec 04, 2017 9:19 pm

Re: QoS for IPTV

Mon Mar 26, 2018 9:59 pm

Hi, i was trying simple queues, also queue tree to ensure constant bit rates for IPTV with no success. Do you have any ideas, how to correctly configure QoS?
Are you trying to slow down the IPTV or to give it absolute priority over everything? I assume the latter.
If so, read this topic and come back if you still have some questions after reading it.
 
stalker802
newbie
Topic Author
Posts: 42
Joined: Mon Nov 22, 2010 3:50 pm

Re: QoS for IPTV

Mon Mar 26, 2018 11:47 pm

I'm trying to give priority for IPTV.
I have to mention, that I replaced ISP router by my Mikrotik router to save some cost. I don't know if the ISP was doing any prioritization on the last router (or this should not be the problem?)
But anyway, i will try to reconfigure these brigde and switch interfaces as you suggested.
 
sindy
Forum Guru
Forum Guru
Posts: 10206
Joined: Mon Dec 04, 2017 9:19 pm

Re: QoS for IPTV

Tue Mar 27, 2018 12:00 am

I have to mention, that I replaced ISP router by my Mikrotik router to save some cost. I don't know if the ISP was doing any prioritization on the last router (or this should not be the problem?)
But anyway, i will try to reconfigure these brigdes and switches as you suggested.
The time-critical IPTV packets come from the network to your Set-Top Box or TV set, so your only task is not to delay or even drop them. You cannot affect the priority your ISP has given them, so if you experience issues, it is because your Mikrotik is unable to forward all of them.

The switch configuration depends heavily on the Mikrotik model you have. The awful hack suggested in the topic I've referred to is only necessary for devices with switch chip AR8237; looking at your configuration, I assume you've got hAP AC lite or hAP AC2, which makes a difference - hAP AC lite uses AR8237 so the hack is necessary while AC2 uses 8337 where hybrid ports are supported so the same can be done using ordinary methods.
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11444
Joined: Thu Mar 03, 2016 10:23 pm

Re: QoS for IPTV

Tue Mar 27, 2018 3:12 pm

A thought, but I might be kicking dead horse here: how did ISP's router handle the connection towards TV (Ether3 in your diagram)? As per configuration attached to the diagram, TV (set-top box?) receives un-tagged packets. If that multicast is delivered wrapped in VLAN-ID=3 and if ISP's router did not unwrap them, then set-top-box expects them tagged. It might work without tags with some issues (if set-top-box deals with it in some funny way).

In my case, ISP provider delivers IPTV multicast in VLAN-ID=3999 and ISP's router does not unwrap it, so I need to pass that VLAN further to the set-top-box. Performance wise that might be even better than your current set-up as VLAN-tagged packets would be handled within switch chip (if switch chip supports that) ... specially so if you don't intend to firewall TV from ISP. If you're concerned about untagged access from TV to rest of your LAN, you can create additional VLAN (and set Ether3 PVID to that), effectively pushing anything untagged to black hole. If your TV (set-top-box) actually need internet access (mine does to fetch EPG and whatnot), you can create separate IP subnet on that VLAN, add DHCP server, allow it to use RB's DNS and set up FW rules to prevent routing from the "TV" subnet anywhere but towards internet.
 
stalker802
newbie
Topic Author
Posts: 42
Joined: Mon Nov 22, 2010 3:50 pm

Re: QoS for IPTV

Wed Mar 28, 2018 8:07 pm

I'm using hAP lite.
I changed config according to sindy.
Now cpu reduced from 11-13% till 3-4% when watching IPTV.
But i'm not able to browse internet. Do i need to replace everything to vlan40 instead of ether 1, or to bridge interface?
I'm not getting IP address on vlan40. Does that mean, that i should change vlan number, because it is used already by ISP?
My wlan client even get public IP address.
 
sindy
Forum Guru
Forum Guru
Posts: 10206
Joined: Mon Dec 04, 2017 9:19 pm

Re: QoS for IPTV

Wed Mar 28, 2018 8:51 pm

I'm using hAP lite.
I changed config according to sindy.
Now cpu reduced from 11-13% till 3-4% when watching IPTV.
But i'm not able to browse internet. Do i need to replace everything to vlan40 instead of ether 1, or to bridge interface?
I'm not getting IP address on vlan40. Does that mean, that i should change vlan number, because it is used already by ISP?
My wlan client even get public IP address.
Please paste here the output of
/export hide-sensitive
, and if there are any public addresses in it, replace each of them systematically (using Ctrl-H in a text editor) with a distinctive pattern like
public.ip.addr.A
. You seem to have bridged the uplink port with the wireless AP interface which is definitely not what you want.
 
stalker802
newbie
Topic Author
Posts: 42
Joined: Mon Nov 22, 2010 3:50 pm

Re: QoS for IPTV

Wed Mar 28, 2018 11:38 pm

# mar/28/2018 18:59:11 by RouterOS 6.41.3
#
# model = RouterBOARD 952Ui-5ac2nD
/interface bridge
add name=bridgeTV
add fast-forward=no name=bridge
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n disabled=no frequency=2462 frequency-mode=regulatory-domain mode=ap-bridge ssid=MikroTik tx-power=6 tx-power-mode=\
all-rates-fixed
set [ find default-name=wlan2 ] antenna-gain=3 band=5ghz-onlyac channel-width=20/40/80mhz-Ceee disabled=no frequency=5500 frequency-mode=regulatory-domain mode=ap-bridge ssid=\
MikroTik2
/interface vlan
add interface=bridge name=vlan40 vlan-id=40
/interface ethernet switch port
set 0 vlan-mode=secure
set 2 default-vlan-id=3 vlan-header=always-strip vlan-mode=secure
set 5 vlan-mode=secure
/interface list
add name=WAN
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk eap-methods="" mode=dynamic-keys supplicant-identity=MikroTik
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/ip pool
add name=dhcp_pool0 ranges=192.168.1.1-192.168.1.253
/ip dhcp-server
add address-pool=dhcp_pool0 disabled=no interface=bridge name=dhcp1
/tool user-manager customer
set admin access=own-routers,own-users,own-profiles,own-limits,config-payment-gw
/interface bridge port
add bridge=bridge interface=ether2
add bridge=bridge interface=ether4
add bridge=bridge interface=ether5
add bridge=bridge interface=wlan1
add bridge=bridge interface=wlan2
add bridge=bridge interface=ether1 pvid=40
add bridge=bridge interface=ether3 pvid=3
add bridge=bridge interface=vlan40
/interface ethernet switch vlan
add ports=switch1-cpu,ether1 switch=switch1
add ports=ether1,ether3 switch=switch1 vlan-id=3
/interface list member
add interface=vlan40 list=WAN
/interface wireless access-list
add authentication=no interface=wlan1 mac-address=34:02:86:14:3E:58 vlan-mode=no-tag
add authentication=no interface=wlan1 mac-address=B4:6D:83:78:94:F2 vlan-mode=no-tag
/ip address
add address=192.168.1.254/24 interface=bridge network=192.168.1.0
/ip dhcp-client
add dhcp-options=hostname,clientid disabled=no interface=vlan40
/ip dhcp-server network
add address=192.168.1.0/24 gateway=192.168.1.254
/ip firewall filter
add action=drop chain=input dst-port=8728 in-interface=vlan40 protocol=tcp
add action=drop chain=input dst-port=8728 in-interface=vlan40 protocol=udp
add action=drop chain=input dst-port=8729 in-interface=vlan40 protocol=tcp
add action=drop chain=input dst-port=8729 in-interface=vlan40 protocol=udp
add action=drop chain=input dst-port=21 in-interface=vlan40 protocol=tcp
add action=drop chain=input dst-port=21 in-interface=vlan40 protocol=udp
add action=drop chain=input dst-port=22 in-interface=vlan40 protocol=tcp
add action=drop chain=input dst-port=22 in-interface=vlan40 protocol=udp
add action=drop chain=input dst-port=23 in-interface=vlan40 protocol=tcp
add action=drop chain=input dst-port=23 in-interface=vlan40 protocol=udp
add action=drop chain=input dst-port=8291 in-interface=vlan40 protocol=tcp
add action=drop chain=input dst-port=8291 in-interface=vlan40 protocol=udp
add action=drop chain=input dst-port=80 in-interface=vlan40 protocol=tcp
add action=drop chain=input dst-port=80 in-interface=vlan40 protocol=udp
add action=drop chain=input dst-port=443 in-interface=vlan40 protocol=tcp
add action=drop chain=input dst-port=443 in-interface=vlan40 protocol=udp
add action=drop chain=input in-interface=vlan40 protocol=icmp
/ip firewall nat
add action=masquerade chain=srcnat out-interface=vlan40
/system lcd
set contrast=0 enabled=no port=parallel type=24x4
/system lcd page
set time disabled=yes display-time=5s
set resources disabled=yes display-time=5s
set uptime disabled=yes display-time=5s
set packets disabled=yes display-time=5s
set bits disabled=yes display-time=5s
set version disabled=yes display-time=5s
set identity disabled=yes display-time=5s
set bridge disabled=yes display-time=5s
set bridgeTV disabled=yes display-time=5s
set wlan1 disabled=yes display-time=5s
set wlan2 disabled=yes display-time=5s
set ether1 disabled=yes display-time=5s
set ether2 disabled=yes display-time=5s
set ether3 disabled=yes display-time=5s
set ether4 disabled=yes display-time=5s
set ether5 disabled=yes display-time=5s
set vlan40 disabled=yes display-time=5s
/tool user-manager database
set db-path=flash/user-manager
 
HzMeister
Frequent Visitor
Frequent Visitor
Posts: 73
Joined: Sun Jan 28, 2018 9:48 pm

Re: QoS for IPTV

Thu Mar 29, 2018 4:13 am

Why don't set a static ip for your iptvs and mark those packets in mangle. Then you can use the queue tree to set priorities for them.
 
sindy
Forum Guru
Forum Guru
Posts: 10206
Joined: Mon Dec 04, 2017 9:19 pm

Re: QoS for IPTV

Thu Mar 29, 2018 6:14 pm

But i'm not able to browse internet. Do i need to replace everything to vlan40 instead of ether 1, or to bridge interface?
I'm not getting IP address on vlan40. Does that mean, that i should change vlan number, because it is used already by ISP?
My wlan client even get public IP address.
As expected, there is a small mess.
From your configuration and from the fact that your wireless client has got a public address assigned that on the Ethernet cable coming from the provider, I understand that the internet connection packets come tagless and the IPTV packets come tagged with VLAN ID 3, right?
If not, write here the actual setting.

If yes:
  • connect to the Mikrotik using any of (
    ether2
    ,
    ether4
    ,
    ether5
    ) while the cable from
    ether1
    is disconnected (to avoid getting an IP address from the provider rather than from the Mikrotik itself)
  • keep the
    /interface ethernet switch port
    and
    /interface ethernet switch vlan
    configurations as they are
  • rename the only currently existing bridge to
    bridge-lan
    (just for convenience of further description)
  • set
    hw=no
    to
    /interface bridge port
    items for
    ether2
    ,
    ether4
    ,
    ether5
    - maybe better step by step, i.e. first change one of those through which you are not connected, then reconnect to it, then change the rest
  • create another bridge named
    bridge-wan-iptv
  • change the
    /interface bridge port
    items for
    ether1
    and
    ether3
    to
    hw=yes bridge=bridge-wan-iptv
  • change the the
    /ip dhcp-client interface
    value from
    vlan40
    to
    bridge-wan-iptv
  • add
    bridge-wan-iptv
    to
    /interface list list=WAN
    and remove
    vlan40
    from there
  • in all your firewall rules, replace
    in-interface=vlan40
    by
    in-interface-list=WAN
    , analogically for
    out-interface
    and
    out-interface-list
  • connect back the cable from provider to
    ether1
That should be it. Tagless packets from
ether1
should now be received by the CPU on interface
bridge-wan-iptv
, packets tagged with VLAN ID 3 coming to
ether1
should be forwarded to
ether3
and untagged there by the switch chip alone, without CPU intervention. The LAN and WLAN interfaces would be bridged together on a software-only bridge
bridge-lan
.
 
stalker802
newbie
Topic Author
Posts: 42
Joined: Mon Nov 22, 2010 3:50 pm

Re: QoS for IPTV

Mon Apr 02, 2018 10:03 pm

HzMeister - seems that it is not QoS issue. It is CPU problem.
Sindy - seems that this config is working. As much as tests i did, i never saw packet loss on TV. You deserved bonus :)
 
stalker802
newbie
Topic Author
Posts: 42
Joined: Mon Nov 22, 2010 3:50 pm

Re: QoS for IPTV

Tue Apr 03, 2018 4:58 pm

Why do we need dummy vlan 40 and VLAN 0 on switchports?

Without VLAN 0 there is no internet. Without vlan 40 everything works as before. :)
 
sindy
Forum Guru
Forum Guru
Posts: 10206
Joined: Mon Dec 04, 2017 9:19 pm

Re: QoS for IPTV

Tue Apr 03, 2018 5:24 pm

Why do we need dummy vlan 40 and VLAN 0 on switchports?

Without VLAN 0 there is no internet. Without vlan 40 everything works as before. :)
We do not need VLAN 40, it is a zombie information from the other thread where it was just one of the ideas. I haven't written explicitly that you may delete it, sorry.

VLAN 0 is necessary because you need to set a mode on the switch where only vlans permitted on a port are let in and out on that port, and VLAN ID 0 means "no VLAN ID".

The whole thing is that the switch chip used in your router model cannot output tagged and tagless packets on the same port. So as you need iptv packets (VLAN 3) tagged and internet packets tagless on ether1, you have to use a special arrangement where the internet packets are not tagged anywhere. But as you also need to set VLAN filtering on ether1 (so that packets with any other VLAN ID than 3 would not be forwarded by that port), you need to configure the vlan secure mode on the port, set the egress (output to the wire) mode to "don't touch the tag", and tell the port to tag the ingress tagless packets with VLAN ID 0. If you would set any other VLAN ID than 0, you would have to set the same one at the WAN interface, so it would send the packets out tagged, and the ether1 would not be able to strip that tag. Packets with a tag but with VLAN ID 0 in it are treated as tagless from the VLAN point of view by all devices, so although the ether1 does not strip the tag, the remote device only reads the priority field from the tag but otherwise treats the packet as tagless.

But the table in the switch which controls which VLAN can be let in on which ports works with the VLAN ID 0 just as with any other one, so you need to permit VLAN ID 0 at the CPU port and at the ether1 port.
 
eftomi
just joined
Posts: 23
Joined: Wed Jan 25, 2017 6:29 pm

Re: QoS for IPTV

Wed Dec 26, 2018 9:55 am

Hi, I'll continue to use this thread since it depicts my situation quite well, however I'd like to do the opposite - to slow down IPTV.

In my setup, I have two set-top-boxes, they get IPTV traffic over VLAN (ID=3999), for internet access they use the same VLAN as other workstations (untagged traffic for STBs). When both STBs are on, web surfing slows down to be unbearable (on 100/40 fiber). I tried with another configuration where STBs are on separate LAN (exactly as mkx suggests above) however it doesn't help.

An interesting observation is that if I enable packet sniffing on the STBs' ports on hAP ac lite or 951G-2HnD, the web surfing is OK, and IPTV also works flawless. I suppose that Mikrotiks are slowing down the traffic with packet sniffing activity just as needed.

Additionally, my provider has an option to give a higher priority to the web traffic, however it doesn't help - I assume that's because it's implemented in the access modem, but it is in the bridge mode.

So, how would one slow down the IPTV traffic..?
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11444
Joined: Thu Mar 03, 2016 10:23 pm

Re: QoS for IPTV

Wed Dec 26, 2018 11:05 am

When internet is unbearably slow, is any direction blocking the whole traffic (e.g. is UL blocking or DL?) How's CPU load on routers during those periods of time? If load is high, what does profile show?

How are VLANs configured, on switch chip or on bridge? With packet sniffing things get configured differently ...
 
eftomi
just joined
Posts: 23
Joined: Wed Jan 25, 2017 6:29 pm

Re: QoS for IPTV

Wed Dec 26, 2018 11:47 am

Hi Metod,

The problem is DL, as it seems to me. CPU load goes from 0-1 % to 2-6%, both on the "main" RB (to the modem) and the ones that have STBs attached. VLANs are configured in switch chips.

For packet sniffing, I changed the setup according to the notion "Packets that are processed with hardware offloading enabled bridge will also not be visible (unknown unicast, broadcast and some multicast traffic will be visible to sniffer tool) https://wiki.mikrotik.com/wiki/Manual:T ... et_Sniffer"; STB is on ether5 and VLANs are set up with bridges:
  • bridge-lan has ether5 and other lan access ports (for untagged internet access)
  • bridge-iptv has ports vlan-3999-ether5 and vlan-3999-bridge-for-switch ports (for tagged VLAN ID 3999).
However, this setup is behaving the same regarding the web traffic blocking - it behaves better if I start with packet sniffing on ether5, with logging into a file. For that, the RB is on 25-40% CPU.
 
sindy
Forum Guru
Forum Guru
Posts: 10206
Joined: Mon Dec 04, 2017 9:19 pm

Re: QoS for IPTV

Wed Dec 26, 2018 1:34 pm

Your description sounds strange to me.

First, what I understand from your description is that you have two /interface vlan with vlan-id=3999 bridged together at one of the machines, one connected to a bridge and another one to an interface which is st the same time a member port of another bridge? That should not be possible to configure, but as you mention three bridges in total, I assume I have misunderstood something. So please export the whole /interface configuration sub-tree rather than describing just few lines out of it. The best would be to export the complete configuration of both devices, see my automatic signature below.

Second, I can imagine that you leave more bandwidth for internet by throttling the IPTV streams (no matter how that actually happens while you run the packet sniffer), but I cannot imagine how doing so could keep the picture quality unchanged. So either the TVs have lower screen resolution than the highest rate codec used for the video stream can handle, so a switchover to a lower rate codec has no impact on the picture, or the quality deterioration is there but you don't notice it for some other reason (it can be that picture dynamics is reduced, not pixel resolution).

In any case, to see the difference between the cases without actually affecting the throughput is a mission impossible with hAP ac lite as it has only 100 Mbit/s Ethernet ports. You can set the switch chip of the device next to the modem to mirror the WAN interface to an unused switch port, but both directions of a 100/40 Mbit/s link can't fit to a 100 Mbit/s egress direction of the mirror port so some frames would be lost, and the switch chip doesn't support mirroring each direction to a separate port.

Also, as you mention the modem to be in bridge mode, I would be thinking about the PPPoE throughput on the WAN-facing Mikrotik combined with other CPU load (if any). So a more powerful device like hAP ac², or some managed switch with port mirroring capability, will be necessary to move forward with the analysis. And it may come out that a more powerful device is necessary also to solve the internet speed issue if the bottleneck is not the physical link speed.

As for the ISP prioritization of the internet traffic over the IPTV traffic, there is almost no IPTV-related traffic in the uplink direction, so the important part of such prioritisation takes place at the ISP end, as the frames are sent down your uplink. And for prioritisation in this direction, it should not matter whether the modem is in bridge mode or not, unless the modem would be providing some feedback to the DSLAM - but I cannot see a reason for that. So if you configure a preference of the internet over the IPTV, and you cannot see any difference, I'd assume it is not the bandwidth of the uplink but the load of the CPU of the WAN-facing hAP ac lite which causes your issues.
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11444
Joined: Thu Mar 03, 2016 10:23 pm

Re: QoS for IPTV

Wed Dec 26, 2018 1:40 pm

The thing is that when you start sniffer, HW offload for involved ether port(s) should be disabled so that traffic passes RB's CPU, which is consistent with increased CPU load. So there's either some bug in switch chip or there's some non-optimal setting or there's some other mismatch.
Which kind of IPTV set-top box is giving you problems? In my setup (two RB951Gs, one RBD52G currently used as switch and a third-party managed ethernet switch) both my IPTV boxes (vintage Sagem and original Netgem box) work like a charm. Both RB951Gs are configured with VLAN filtering in switch chip while RBD52G is configured with modern bridge-vlan setup.

@sindy: IPTV streams are multicast with single bitrate. Many TV channels have two variations (HD and SD), but those variations are actually two distinct multicast streams with distinct mcast addresses. The only thing that matters in this case is that there's an unicast retransmission mechanism in place so that even in case of error in multicast reception set-top box can fetch correct data.
 
sindy
Forum Guru
Forum Guru
Posts: 10206
Joined: Mon Dec 04, 2017 9:19 pm

Re: QoS for IPTV

Wed Dec 26, 2018 2:26 pm

Many TV channels have two variations (HD and SD), but those variations are actually two distinct multicast streams with distinct mcast addresses. The only thing that matters in this case is that there's an unicast retransmission mechanism in place so that even in case of error in multicast reception set-top box can fetch correct data.
I wouldn't say it is the only thing that matters - the STB can opt to switch over to the SD stream and unsubscribe the HD one if it notices too many lost packets in the HD one, which is what I've called switching codec bitrate to simplify it. And the unicast retransmission mechanism contributes to clogging the download bandwidth as effectively the same packet gets sent twice, once as multicast and later as a unicast one. What I'm not sure, though, is how the playback of "recorded programs" is done, whether they are always unicast or whether multicast groups are created also for them so that multiple viewers of a recorded program can be served the same stream to save network bandwidth (so you have to wait to next whole minute or so when you order the playback).
 
eftomi
just joined
Posts: 23
Joined: Wed Jan 25, 2017 6:29 pm

Re: QoS for IPTV

Wed Dec 26, 2018 2:29 pm

Thank you both for these interesting notions. I suspect that something might be wrong with the modem setup (innbox g64) and/or the WAN facing RB951G. @sindy, I assume that RB951G is "strong" enough to deal with all the traffic. It's not the hAP ac lite that I use for the "main" router.

Both STBs that I have are Netgem N7800, and both introduce troubles for web surfing - but the TV plays just OK in HD, on both of them at the same time!

mkx, you mentioned in some other threads that you are using only one WAN facing port, untagged traffic to the modem and tagged traffic (3999) for IPTV. If I understand correctly, your modem in in bridge mode, too, and you do PPPoE with RB through that port (via untagged traffic to the modem), and your workstations and STBs are connecting to the internet in this way (by some other VLAN apart from IPTV traffic which is on ID 3999 all the way.) I'd be glad if you can share your thoughts and practice with the modem setup, if you have the same or similar model - at least the parameters that might be important. For instance, there is a setting "IGMP snooping - standard/block" under the LAN settings of a modem. I'm using two ports, one is data (WAN) and the other is video (for IPTV).
 
sindy
Forum Guru
Forum Guru
Posts: 10206
Joined: Mon Dec 04, 2017 9:19 pm

Re: QoS for IPTV

Wed Dec 26, 2018 3:09 pm

I assume that RB951G is "strong" enough to deal with all the traffic. It's not the hAP ac lite that I use for the "main" router.
According to wikidevi, the two MIPS processors used do not differ dramatically in performance:
MIPS 74Kc (RB951G-2HnD): 1.93 DMIPS/MHz and 3.48 Coremarks/MHz
MIPS 24Kc (RB952Ui-5ac2nD): 1.6 DMIPS/MHz and 3.1 Coremarks/MHz

The 650 MHz clock of the latter further lowers the difference (slightly) as the former only runs at 600 MHz.

What I'd consider a more important difference between the two is that the 951 has gigabit ports, so you could use the port mirroring to capture the uplink data if you have a PC fast enough to deal with a 140 Mbit/s input stream, and see what really happens - Wireshark is an incredibly powerful tool to visualize the bandwidth consumed by the individual streams.

Running PPPoE on the Mikrotik itself makes "hardware acceleration of bridge" (actually, switching) on that device useless as the PPPoE processing is done in the CPU anyway, so no frames travel unchanged between two ports of a switch. Running PPPoE at the modem (i.e. no bridge mode) would change the situation, as then the IPTV frames could completely bypass the CPU. But having the modem connected to the Mikrotik using two cables while using vlan filtering on the switch chip could be dangerous as it can result in Ethernet loop and broadcast storm, so I would definitely not include the two ports into the same bridge at Mikrotik side, and just make sure that the IPTV one is hardware accelerated.

The paragraph above is relevant if the CPU throughput is the issue. Each HD stream should take "only" 30 Mbit/s in average so there should still be 40 Mbit/s available for internet download if you watch two different programs simultaneously. Any PiP window takes at least another SD stream (25 Mbit/s in average).

There are ways to throttle the IPTV traffic by taking measures at your end, but their common property is that as a result the head end has to send with smaller bandwidth, otherwise you'd end up with the same bandwidth occupied on the download direction of the uplink and artifacts in the picture due to lost frames. Which translates into the STB asking for SD rather than HD due to high loss noticed.
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11444
Joined: Thu Mar 03, 2016 10:23 pm

Re: QoS for IPTV

Wed Dec 26, 2018 3:15 pm

What I'm not sure, though, is how the playback of "recorded programs" is done, whether they are always unicast or whether multicast groups are created also for them so that multiple viewers of a recorded program can be served the same stream to save network bandwidth (so you have to wait to next whole minute or so when you order the playback).
Time-shift is strictly unicast. And no, STB doesn't switch over to SD bitstream, as I said it's a different multicast address and playlist doesn't mix those.

.
mkx, you mentioned in some other threads that you are using only one WAN facing port, untagged traffic to the modem and tagged traffic (3999) for IPTV.
I'm using Innbox V60U in bridged config (bridged in my case simply means that "internet" connection on modem is unconfigured). I have a port configured as "trunk" which forwards data as untagged and IPTV as tagged with VLAN ID 3999. On RB I use all ports switched, hence ether port connecting modem is hybrid (for data it's untagged access port for VLAN ID 2, for IPTV it's tagged). That's port number 4 aka ether5-DSL below.
/interface ethernet switch port
set 0 vlan-mode=secure
set 1 vlan-mode=secure
set 2 default-vlan-id=42 vlan-header=always-strip vlan-mode=secure
set 3 vlan-mode=secure
set 4 default-vlan-id=2 vlan-header=always-strip vlan-mode=secure
set 5 vlan-mode=secure
/interface ethernet switch vlan
add independent-learning=yes ports=switch1-cpu,ether1-lan,ether2-rbDS,ether3-pilatus,ether4-pilatusMcast switch=switch1 vlan-id=42
add independent-learning=yes ports=ether1-lan,ether2-rbDS,ether5-DSL,ether4-pilatusMcast switch=switch1 vlan-id=3999
add independent-learning=yes ports=switch1-cpu,ether1-lan,ether2-rbDS switch=switch1 vlan-id=41
add independent-learning=yes ports=switch1-cpu,ether1-lan,ether2-rbDS switch=switch1 vlan-id=40
add independent-learning=yes ports=switch1-cpu,ether1-lan,ether2-rbDS,ether5-DSL,ether4-pilatusMcast switch=switch1 vlan-id=2
VLANs 40, 41 and 42 are "LAN" VLANs for different groups of users.

I have VLAN interfaces running on bridge with further config on top of them. PPPoE client is running on top of VLAN 2 interface.
/interface bridge
add admin-mac=E6:8D:8C:C6:11:C4 auto-mac=no fast-forward=no name=bridge priority=0x4000
/interface vlan
add interface=bridge name=vlan-2 vlan-id=2
add interface=bridge name=vlan-40 vlan-id=40
add interface=bridge name=vlan-41 vlan-id=41
add interface=bridge name=vlan-42 vlan-id=42
/interface pppoe-client
add add-default-route=yes disabled=no interface=vlan-2 keepalive-timeout=disabled name=pppoe-siol password=<password> user=<username>
Also wifi interfaces are members of same bridge with vlan-tag=use-tag vlan-id=<id> set. So in this setup all VLAN filtering is on switch chip (and wifi interfaces) while bridge is used as dumb switch between member ports.

Note that all switching between ether ports in setup above is HW accelerated, only wifi, routing and PPPoE is done by CPU. Load rarely exceeds 25% with my 30/5Mbps DSL line. It used to be higher, but fasttrack lowers CPU load nicely. Full Gbps switching works without notable CPU load.
 
sindy
Forum Guru
Forum Guru
Posts: 10206
Joined: Mon Dec 04, 2017 9:19 pm

Re: QoS for IPTV

Wed Dec 26, 2018 3:36 pm

STB doesn't switch over to SD bitstream, as I said it's a different multicast address and playlist doesn't mix those.
If so, the behaviour @eftomi describes is even more strange. Because what you say would mean that there is no way for the bandwidth of the incoming IPTV streams themselves to be automatically reduced, so dropping more IPTV packets cannot lead to such reduction, whereas running the packet sniffer just causes more load to the CPU.

Other than that, until now I've always thought that the "bridge mode" of a modem was a synonyme to having no PPPoE on it; what you wrote has shown me that at least on some modem models "bridge mode" means that only the L3 part is disabled while the PPPoE one is working. Kinda logical but I've never met or at least heard of such a modem until now.
 
eftomi
just joined
Posts: 23
Joined: Wed Jan 25, 2017 6:29 pm

Re: QoS for IPTV

Wed Dec 26, 2018 4:09 pm

Thanks, mkx! As I understand hybrid ports, in gigabit switch chips the setting vlan-header is ignored (with vlan-mode=secure), so your vlan-header=always-strip becomes vlan-header=leave-as-is, but on Atheros 8227 you have to be strict, putting for instance:
/interface ethernet switch port
set 4 default-vlan-id=2 vlan-header=leave-as-is vlan-mode=secure
 
eftomi
just joined
Posts: 23
Joined: Wed Jan 25, 2017 6:29 pm

Re: QoS for IPTV

Wed Dec 26, 2018 6:14 pm

PS: I started from scratch, separating workstations' internet access from STBs' internet access, and it seems to be working nicely, at last. Obviously, something somewhere went wrong.
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11444
Joined: Thu Mar 03, 2016 10:23 pm

Re: QoS for IPTV

Wed Dec 26, 2018 11:39 pm

Thanks, mkx! As I understand hybrid ports, in gigabit switch chips the setting vlan-header is ignored (with vlan-mode=secure), so your vlan-header=always-strip becomes vlan-header=leave-as-is, but on Atheros 8227 you have to be strict, putting for instance:
RB951G features AR8327 which is capable of stripping select VLAN tags needed by hybrid ports. Hence my setup is quite right and vlan-header=always-strip means "strip VLAN header on egress for packets with VLAN ID matching default-vlan-id for ingress".
.
Other than that, until now I've always thought that the "bridge mode" of a modem was a synonyme to having no PPPoE on it; what you wrote has shown me that at least on some modem models "bridge mode" means that only the L3 part is disabled while the PPPoE one is working.
In my post, I was quoting the wording from my DSL modem. In practice it means PPPoE client is not running.
At least with our ISP and their DSL modems it's always possible to use them in bridge mode even if PPPoE client is running, seems that they're not blocking PPPoE packets. With a limitation: if user has static IP address assigned, then only single PPPoE session per username (I guess, it could be per DSLAM port or something else) while with dynamic IP address, user could run (at least) two PPPoE connections in parallel, one could be terminated on DSL modem and another one on user's equipment (either a router or a PC).
 
eftomi
just joined
Posts: 23
Joined: Wed Jan 25, 2017 6:29 pm

Re: QoS for IPTV

Thu Dec 27, 2018 4:55 pm

OK, I found the culprint - I'll describe it if somebody gets stuck with that. And I also have a few more questions :-)

On the main, WAN facing RB951G the VLANs are set in switch chip in this way (for clarity I removed some items, but can produce them if needed):

/interface ethernet switch port
set 0 vlan-header=add-if-missing vlan-mode=secure #trunk
set 1 default-vlan-id=500 vlan-header=always-strip vlan-mode=secure #WAN
set 2 default-vlan-id=3999 vlan-header=always-strip vlan-mode=secure #IPTV
set 3 vlan-header=add-if-missing vlan-mode=secure #trunk
set 4 vlan-header=add-if-missing vlan-mode=secure #trunk
set 5 vlan-mode=secure

/interface ethernet switch vlan
add independent-learning=yes ports=ether1-trunk,ether2-trunk,ether5-trunk,switch1-cpu switch=switch1 vlan-id=100
add independent-learning=yes ports=ether1-trunk,ether2-trunk,ether5-trunk,switch1-cpu switch=switch1 vlan-id=150
add independent-learning=yes ports=ether1-trunk,ether2-trunk,ether4-iptv,ether5-trunk switch=switch1 vlan-id=3999

/interface bridge
add admin-mac=4C:5E:0C:0D:EA:6C auto-mac=no fast-forward=no name=bridge-for-switch protocol-mode=none
add fast-forward=no name=bridge-lan protocol-mode=none

/interface vlan
add comment=lan interface=bridge-for-switch name=vlan-100-bridge-switch vlan-id=100

/interface bridge port
add bridge=bridge-lan interface=vlan-100-bridge-switch
add bridge=bridge-for-switch interface=ether1-trunk
add bridge=bridge-for-switch interface=ether2-trunk
add bridge=bridge-for-switch interface=ether3-wan
add bridge=bridge-for-switch interface=ether4-iptv
add bridge=bridge-for-switch interface=ether5-trunk

In previous setup I run the IPTV VLAN ID 3999 over WDS link to another RB, which worked quite nicely with just one set-top-box. The above setup was changed as follows:

/interface ethernet switch vlan
add independent-learning=yes ports=ether1-trunk,ether2-trunk,ether5-trunk,switch1-cpu switch=switch1 vlan-id=100
add independent-learning=yes ports=ether1-trunk,ether2-trunk,ether5-trunk,switch1-cpu switch=switch1 vlan-id=150
#added switch1-cpu:
add independent-learning=yes ports=ether1-trunk,ether2-trunk,ether4-iptv,ether5-trunk,switch1-cpu switch=switch1 vlan-id=3999 

/interface bridge
add admin-mac=4C:5E:0C:0D:EA:6C auto-mac=no fast-forward=no name=bridge-for-switch protocol-mode=none
#bridges added:
add fast-forward=no name=bridge-lan protocol-mode=none
add fast-forward=no name=bridge-iptv protocol-mode=none
add fast-forward=no name=bridge-iptv-lan protocol-mode=none

/interface vlan
add comment=lan interface=bridge-for-switch name=vlan-100-bridge-switch vlan-id=100
#vlan interfaces added:
add interface=wds1 name=vlan-100-wds1 vlan-id=100
add comment=lan-iptv interface=bridge-for-switch name=vlan-150-bridge-switch vlan-id=150
add interface=wds1 name=vlan-150-wds1 vlan-id=150
add comment=iptv disabled=yes interface=bridge-for-switch name=vlan-3999-bridge-switch vlan-id=3999
add interface=wds1 name=vlan-3999-wds1 vlan-id=3999

/interface bridge port
add bridge=bridge-lan interface=vlan-100-bridge-switch
add bridge=bridge-for-switch interface=ether1-trunk
add bridge=bridge-for-switch interface=ether2-trunk
add bridge=bridge-for-switch interface=ether3-wan
add bridge=bridge-for-switch interface=ether4-iptv
add bridge=bridge-for-switch interface=ether5-trunk
#ports on bridges added:
add bridge=bridge-lan interface=vlan-100-wds1
add bridge=bridge-iptv-lan interface=vlan-150-bridge-switch
add bridge=bridge-iptv-lan interface=vlan-150-wds1
add bridge=bridge-iptv interface=vlan-3999-bridge-switch
add bridge=bridge-iptv interface=vlan-3999-wds1

The problem that I had (slow internet traffic on VLAN ID 100) was with switch1-cpu added to receive IPTV traffic (VLAN ID 3999), since it had to be bridged to WDS link. It seems that this somehow killed the performance for other traffic. Interestingly, the CPU usage was not really high when that happened.

For the sake of experiment, I now solved the problem with additional RB951 (luckily I have a spare one) serving just as an WDS-end, and the main RB is not dealing with this anymore. However, I wonder if the switch1-cpu could be protected in some or other way.

Another question is related to VLAN switching in switch chip and the bridge-for-switch bridge in the above configuration: If I understand correctly, if one needs only wire-speed VLAN switching functionality from a RB, everything can be done with /interface ethernet switch port and /interface ethernet switch vlan. However, if VLAN traffic has to be bridged/routed from some reason (e.g. to get a managing port), one creates VLAN interface on the bridge interface - the bridge which is related to the switch chip. An now the question: what is necessary to establish this relation? In the above configuration, I followed the RouterOS guidelines which are describing hardware offloading, but I'm not sure if this is a proper way, since this bridge-for-switch is doing nothing, except that is serves as an interface to create VLAN interfaces. And, if I am correct, that it groups the switch ports together similarly as pre-v6.41 configuration of master and slave ports.
 
sindy
Forum Guru
Forum Guru
Posts: 10206
Joined: Mon Dec 04, 2017 9:19 pm

Re: QoS for IPTV

Thu Dec 27, 2018 6:24 pm

The (hardware) switch chip only has wired Ethernet ports and the CPU port. L2 connection of the wireless part is always done using the (software) bridge as there is no direct path between the wireless interface and the switch chip.

The switch chip handling and bridge software handling are blended in a way which depends on features required. When sent to the CPU port, the frame from the ethernet port of the switch chip gets a proprietary tag identifying that port as a source. If all L2 processing is done in software, all received frames are forwarded to the cpu port regardless what the switch chip MAC address table says, and the bridge software uses its own MAC address table to determine where to send the frame, again giving it a proprietary tag so that the switch chip would know which port to use to egress the frame.

If all the L2 handling features required in bridge configuration can be provided by the switch chip itself, and unless you prohibit that using /interface bridge port setting hw=no, the bridge software permits the switch chip to forward frames between ports directly, using its own MAC address tables (which may be independent for each VLAN ID). This only works for a single brigde, yet the choice of which particular bridge it will be if several bridges use ports on the same switch chip and have hw set to yes is more or less unpredictable (not first come-first served). Handling of VLAN tags has to be permitted individually on each switch chip port (vlan-mode); in the default configuration the switch chip ignores them and forwards them transparently. But even if direct forwarding between switch ports is active, the CPU still sees those frames it gets from the switch chip as if the VLAN tag related settings weren't there, so if you want the VLAN tags to be processed properly on the CPU, you must have vlan-filtering=yes on the bridge, and basically replicate the /interface ethernet switch vlan and /interface ethernet switch port configuration sections in the /interface bridge vlan and /interface bridge port sections. See this post for details, just bear in mind it is for AR8327 which supports hybrid ports so the vlan-header setting is ignored; for AR8227, the settings would be slightly different.
 
eftomi
just joined
Posts: 23
Joined: Wed Jan 25, 2017 6:29 pm

Re: QoS for IPTV

Thu Dec 27, 2018 7:04 pm

Thanks, sindy, for your concise explanation, it's very helpful. Out of the curiosity, can this behaviour be regulated by various vlan-header options on switch1-cpu under /interface ethernet switch port, or is this setting ignored? In various descriptions that I read, the general idea is to just keep it as vlan-header=leave-as-is.
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11444
Joined: Thu Mar 03, 2016 10:23 pm

Re: QoS for IPTV

Thu Dec 27, 2018 7:40 pm

vlan-header=leave-as-is is fine for trunk ports or for "untagged enter untagged". For access ports VLAN headers have to be modified ... ideally on egress VLAN tags should be stripped. Whether this is done by switch chip because PVID is set or because you configure that explicitly with vlan-header= depends on switch chip. My opinion is that it's best to configure settings as close to how it's done as it gets even if some setting is ignored by particular switch chip ... it helps to understand the working and it helps when replicating setup on different type of hardware.
 
sindy
Forum Guru
Forum Guru
Posts: 10206
Joined: Mon Dec 04, 2017 9:19 pm

Re: QoS for IPTV

Thu Dec 27, 2018 9:20 pm

My opinion is that it's best to configure settings as close to how it's done as it gets even if some setting is ignored by particular switch chip ... it helps to understand the working and it helps when replicating setup on different type of hardware.
The problem is that the 8327 ignores the vlan-header setting completely as it dynamically chooses between leave-as-is for tagged egress frames whose VID doesn't match the port's default-vlan-id and always-strip for tagged egress frames whose VID matches it. So for a hybrid port none of the available settings is "close to what the chip does". And 8227 is unable to handle a hybrid port because none of the available handlings can choose the tag handling on egress depending on the default-vlan-id value. So the idea that it is easier to migrate a configuration if settings unused by one type of hardware are kept close to what is required somehow fails on the fact that the hardware which requires that setting cannot fully substitute the original one.

In another words, I see it rather as a fault of RouterOS that it even shows a configuration parameter which has no effect on the actual hardware.
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11444
Joined: Thu Mar 03, 2016 10:23 pm

Re: QoS for IPTV

Thu Dec 27, 2018 9:25 pm

In another words, I see it rather as a fault of RouterOS that it even shows a configuration parameter which has no effect on the actual hardware.
I can only agree with your words.

It seems that most RB devices are equipped with switch chips that are more or less useless for anything more complex than basic ethernet switching. While bridge vlan filtering solves problem about features, it becomes major bottleneck (even if CPU is powerful enough, interconnection between switch chip and CPU is not adequate).
 
sindy
Forum Guru
Forum Guru
Posts: 10206
Joined: Mon Dec 04, 2017 9:19 pm

Re: QoS for IPTV

Thu Dec 27, 2018 9:49 pm

It seems that most RB devices are equipped with switch chips that are more or less useless for anything more complex than basic ethernet switching. While bridge vlan filtering solves problem about features, it becomes major bottleneck (even if CPU is powerful enough, interconnection between switch chip and CPU is not adequate).
Most Mikrotik devices are built around SoC chips intended for SOHO devices for budget reasons. Nevertheless, already with 8327 it would be possible to redirect MSTP frames to the CPU port while dealing with the rest autonomously, so you could have a full MSTP handling in software along with "hardware accelerated" forwarding. The switch chip already supports independent forwarding tables for individual VLANs (maybe even for groups of VLANs to conserve memory, I haven't seen the programmer's guide), so all that would be needed would be to dynamically include and exclude the switch chip ports from VLANs to facilitate the topology changes. But either it would be too much effort for too little outcome, or gents in Riga are secretly working on it but don't tell anyone before finishing.
 
User avatar
pcunite
Forum Guru
Forum Guru
Posts: 1345
Joined: Sat May 25, 2013 5:13 am
Location: USA

Re: QoS for IPTV

Thu Dec 27, 2018 11:17 pm

I haven't seen the programmer's guide), so all that would be needed would be to dynamically include and exclude the switch chip ports from VLANs to facilitate the topology changes. But either it would be too much effort for too little outcome, or gents in Riga are secretly working on it but don't tell anyone before finishing.

I choose Secretly working on it for $500, Alex.
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11444
Joined: Thu Mar 03, 2016 10:23 pm

Re: QoS for IPTV

Fri Dec 28, 2018 8:22 am

... or gents in Riga are secretly working on it but don't tell anyone before finishing.


May your words reach whichever deity Mikrotik is obedient to ... I'd really like to see small devices being again capable of wirespeed switching with VLANs configured. And being stable at that.

Who is online

Users browsing this forum: anav, GoogleOther [Bot], intania, SlotTech and 88 guests