Packet Marking/VoIP QOS

westley · Mon Dec 03, 2018 11:52 pm

HI,

I have these rules set up, but it doesn't seem like the packets are being marked. The connection is, but not the packets (at least from looking at the counters in Winbox).

Code: Select all

0  D ;;; special dummy rule to show fasttrack counters

      chain=prerouting action=passthrough 



 1  D ;;; special dummy rule to show fasttrack counters

      chain=forward action=passthrough 



 2  D ;;; special dummy rule to show fasttrack counters

      chain=postrouting action=passthrough 



 3    chain=postrouting action=mark-connection new-connection-mark=RTP-Out-Connection passthrough=no 

      protocol=udp dst-address-list=Vitelity-Out port=10000-20000 log=no log-prefix="" 



 4    chain=postrouting action=mark-packet new-packet-mark=RTP-Out-Pkt passthrough=no 

      connection-mark=RTP-Out-Connection log=no log-prefix="" 



 5    chain=prerouting action=mark-connection new-connection-mark=RTP-Inbound-Connection passthrough=no 

      protocol=udp dst-port=5060,10000-20000 log=no log-prefix="" 



 6    chain=prerouting action=mark-packet new-packet-mark=RTP-Inbound-Packet passthrough=no 

      connection-mark=RTP-Inbound-Connection log=no log-prefix=""

Have I done something wrong?

Thanks,
Westley

Lodion · Tue Dec 04, 2018 3:41 am

The counters will show the number of connections matched, not the number of packets.

Check your matching queues to see the packets that are being matched by your connection marking.

westley · Tue Dec 04, 2018 4:19 am

Even the counters for the Queue Tree's are showing 0.

Code: Select all

 0   name="Upload Parent" parent=global packet-mark="" limit-at=0 queue=default 

     priority=8 max-limit=20M burst-limit=0 burst-threshold=0 burst-time=0s 

     bucket-size=0.1 



 1   name="RTP" parent=Upload Parent packet-mark=RTP-Out-Pkt limit-at=2M 

     queue=default priority=1 max-limit=20M burst-limit=0 burst-threshold=0 

     burst-time=0s bucket-size=0.1 



 2   name="Unmarked" parent=Upload Parent packet-mark=no-mark limit-at=2M 

     queue=default priority=8 max-limit=20M burst-limit=0 burst-threshold=0 

     burst-time=0s bucket-size=0.1 



 3   name="Download Parent" parent=bridge packet-mark="" limit-at=100M 

     queue=default-small priority=8 max-limit=100M burst-limit=0 

     burst-threshold=0 burst-time=0s bucket-size=0.1 



 4   name="RTP In" parent=Download Parent packet-mark=RTP-Inbound-Packet 

     limit-at=2M queue=default-small priority=1 max-limit=100M burst-limit=0 

     burst-threshold=0 burst-time=0s bucket-size=0.1 



 5   name="Unmarked In" parent=Download Parent packet-mark=no-mark limit-at=2M 

     queue=default-small priority=8 max-limit=100M burst-limit=0

My big concern is with the RTP-Out-Pkt. We are having a lot of problems with our outgoing audio and I am hoping setting up QOS will help.

Here's the latest stats

Code: Select all

 0   name="Upload Parent" parent=global packet-mark="" rate=16824 packet-rate=18 

     queued-bytes=0 queued-packets=0 bytes=93480608 packets=308853 dropped=0 



 1   name="RTP" parent=Upload Parent packet-mark=RTP-Out-Pkt rate=0 packet-rate=0 

     queued-bytes=0 queued-packets=0 bytes=0 packets=0 dropped=0 



 2   name="Unmarked" parent=Upload Parent packet-mark=no-mark rate=16824 

     packet-rate=18 queued-bytes=0 queued-packets=0 bytes=93471650 

     packets=308826 dropped=239 



 3   name="Download Parent" parent=bridge packet-mark="" rate=0 packet-rate=0 

     queued-bytes=0 queued-packets=0 bytes=81898246 packets=108069 dropped=0 



 4   name="RTP In" parent=Download Parent packet-mark=RTP-Inbound-Packet rate=0 

     packet-rate=0 queued-bytes=0 queued-packets=0 bytes=1144 packets=6 

     dropped=0 



 5   name="Unmarked In" parent=Download Parent packet-mark=no-mark rate=0 

     packet-rate=0 queued-bytes=0 queued-packets=0 bytes=81897102 

     packets=108063 dropped=0

Thanks,
Westley

westley · Fri Dec 07, 2018 5:37 pm

sebastia · Fri Dec 07, 2018 5:47 pm

Hi

Please provide the full config, so that others have all the needed info / elements

/export hide-sensitive compact

westley · Fri Dec 07, 2018 10:33 pm

Here it is.

Code: Select all

# dec/07/2018 14:28:29 by RouterOS 6.43.4

# software id = GYAA-XQ70

#

# model = 951G-2HnD

# serial number = 642F06F96BC2

/interface bridge

add admin-mac=6C:3B:6B:64:XX:XX auto-mac=no comment=defconf name=bridge

/interface wireless

set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-Ce \

    country="united states" disabled=no distance=indoors frequency=auto mode=\

    ap-bridge ssid=Corelifting wireless-protocol=802.11

/interface ethernet

set [ find default-name=ether1 ] speed=100Mbps

set [ find default-name=ether2 ] speed=100Mbps

set [ find default-name=ether3 ] speed=100Mbps

set [ find default-name=ether4 ] speed=100Mbps

set [ find default-name=ether5 ] speed=100Mbps

/interface list

add comment=defconf name=WAN

add comment=defconf name=LAN

/interface wireless security-profiles

set [ find default=yes ] authentication-types=wpa-psk,wpa2-psk mode=\

    dynamic-keys supplicant-identity=MikroTik

/ip pool

add name=default-dhcp ranges=192.168.88.10-192.168.88.254

/ip dhcp-server

add address-pool=default-dhcp interface=bridge name=defconf

/queue tree

add limit-at=100M max-limit=100M name="Download Parent" parent=bridge

add limit-at=2M max-limit=100M name="RTP In" packet-mark=RTP-Inbound-Packet \

    parent="Download Parent" priority=1

add limit-at=2M max-limit=100M name="Unmarked In" packet-mark=no-mark parent=\

    "Download Parent"

add max-limit=20M name="Upload Parent" parent=global queue=default

add limit-at=2M max-limit=20M name=RTP packet-mark=RTP-Out-Pkt parent=\

    "Upload Parent" priority=1 queue=default

add limit-at=2M max-limit=20M name=Unmarked packet-mark=no-mark parent=\

    "Upload Parent" queue=default

/interface bridge port

add bridge=bridge comment=defconf interface=ether2

add bridge=bridge comment=defconf interface=ether3

add bridge=bridge comment=defconf interface=ether4

add bridge=bridge comment=defconf interface=ether5

add bridge=bridge comment=defconf interface=wlan1

/ip neighbor discovery-settings

set discover-interface-list=LAN

/interface list member

add comment=defconf interface=bridge list=LAN

add comment=defconf interface=ether1 list=WAN

/ip address

add address=192.168.1.254/24 comment=defconf interface=ether2 network=\

    192.168.1.0

add address=A.B.C.12/19 interface=ether1 network=A.B.C.0

/ip dhcp-client

add comment=defconf dhcp-options=hostname,clientid interface=ether1

/ip dhcp-server network

add address=192.168.1.0/24 comment=defconf gateway=192.168.1.254 netmask=24

/ip dns

set allow-remote-requests=yes servers=68.105.28.29,68.105.28.16

/ip dns static

add address=192.168.1.254 name=router.lan

/ip firewall address-list

add address=outbound.vitelity.net list=Vitelity-Out

/ip firewall filter

add action=log chain=forward disabled=yes dst-address=216.146.208.49 \

    log-prefix=core-

add action=accept chain=input comment=\

    "defconf: accept established,related,untracked" connection-state=\

    established,related,untracked

add action=drop chain=input comment="defconf: drop invalid" connection-state=\

    invalid

add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp

add action=drop chain=input comment="defconf: drop all not coming from LAN" \

    in-interface-list=!LAN

add action=accept chain=forward comment="defconf: accept in ipsec policy" \

    ipsec-policy=in,ipsec

add action=accept chain=forward comment="defconf: accept out ipsec policy" \

    ipsec-policy=out,ipsec

add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \

    connection-state=established,related

add action=accept chain=forward comment=\

    "defconf: accept established,related, untracked" connection-state=\

    established,related,untracked

add action=drop chain=forward comment="defconf: drop invalid" \

    connection-state=invalid

add action=drop chain=forward comment=\

    "defconf:  drop all from WAN not DSTNATed" connection-nat-state=!dstnat \

    connection-state=new in-interface-list=WAN

/ip firewall mangle

add action=mark-connection chain=postrouting new-connection-mark=\

    RTP-Out-Connection passthrough=no port=10000-20000 protocol=udp

add action=mark-packet chain=postrouting connection-mark=RTP-Out-Connection \

    new-packet-mark=RTP-Out-Pkt passthrough=no

add action=mark-connection chain=prerouting dst-port=5060,10000-20000 \

    new-connection-mark=RTP-Inbound-Connection passthrough=no protocol=udp

add action=mark-packet chain=prerouting connection-mark=\

    RTP-Inbound-Connection new-packet-mark=RTP-Inbound-Packet passthrough=no

/ip firewall nat

add action=masquerade chain=srcnat comment="defconf: masquerade" \

    ipsec-policy=out,none out-interface-list=WAN

add action=dst-nat chain=dstnat comment=RDP dst-address=A.B.C.12 \

    dst-port=3389 protocol=tcp to-addresses=192.168.1.2 to-ports=3389

add action=dst-nat chain=dstnat comment=SIP dst-address=A.B.C.12 \

    dst-port=5060 protocol=tcp to-addresses=192.168.1.4 to-ports=5060

add action=dst-nat chain=dstnat comment=RTP dst-address=A.B.C.12 \

    dst-port=10000-20000 protocol=udp to-addresses=192.168.1.4 to-ports=\

    10000-20000

/ip route

add distance=1 gateway=A.B.C.1

/system clock

set time-zone-name=America/Chicago

/system routerboard settings

set silent-boot=no

/tool mac-server

set allowed-interface-list=LAN

/tool mac-server mac-winbox

set allowed-interface-list=LAN

/tool sniffer

set file-limit=40000KiB file-name=003.pcap filter-interface=all

sebastia · Fri Dec 07, 2018 11:38 pm

Some remarks:

global don't work with fasttracking
TODO:
* change global -> ether1 (=wan)
add max-limit=20M name="Upload Parent" parent=ether1 queue=default

you are fasttracking everything
TODO:
* you need to exclude traffic for "RTP" from fasttracking
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related connection-bytes=8000-0 connection-mark=!RTP

your marking is incorrect
TODO:
* connection marking is for both in & outbound leg => it's one connection
* once connection gets marked, packets needs too, so best to split connection & packet marks: connection in forward, packet in postrouting
* only mark if needed
/ip firewall mangle
add action=mark-connection chain=forward dst-port=5060,10000-20000 new-connection-mark=RTP passthrough=no protocol=udp connection-mark=no-mark
add action=mark-packet chain=postrouting connection-mark=RTP new-packet-mark=RTP passthrough=no
(+ adj packet-mark on queue)

(edited by hand, so some errors may exist)

westley · Sat Dec 08, 2018 12:08 am

All of the fasttracking stuff is the defaults from a new router.

Every resource I looked at for VoIP QOS had marking both the inbound and outbound connections separately.

I made the changes as suggested, but I'm still not seeing anything in the queue tree counters.

Here are the changes I made:

Code: Select all

/queue tree

add limit-at=100M max-limit=100M name="Download Parent" parent=bridge

add limit-at=2M max-limit=100M name="RTP In" packet-mark=RTP-Inbound-Packet \

    parent="Download Parent" priority=1

add limit-at=2M max-limit=100M name="Unmarked In" packet-mark=no-mark parent=\

    "Download Parent"

add max-limit=20M name="Upload Parent" parent=ether1 queue=default

add limit-at=2M max-limit=20M name=RTP packet-mark=RTP parent="Upload Parent" \

    priority=1 queue=default

add limit-at=2M max-limit=20M name=Unmarked packet-mark=no-mark parent=\

    "Upload Parent" queue=default

Code: Select all

/ip firewall address-list

add address=outbound.vitelity.net list=Vitelity-Out

/ip firewall filter

add action=passthrough chain=forward comment=\

    "special dummy rule to show fasttrack counters-copy" disabled=yes

add action=fasttrack-connection chain=forward connection-bytes=8000-0 \

    connection-mark=!RTP connection-state=established,related

add action=log chain=forward disabled=yes dst-address=216.146.208.49 \

    log-prefix=core-

add action=accept chain=input comment=\

    "defconf: accept established,related,untracked" connection-state=\

    established,related,untracked

add action=drop chain=input comment="defconf: drop invalid" connection-state=\

    invalid

add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp

add action=drop chain=input comment="defconf: drop all not coming from LAN" \

    in-interface-list=!LAN

add action=accept chain=forward comment="defconf: accept in ipsec policy" \

    ipsec-policy=in,ipsec

add action=accept chain=forward comment="defconf: accept out ipsec policy" \

    ipsec-policy=out,ipsec

add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \

    connection-state=established,related

add action=accept chain=forward comment=\

    "defconf: accept established,related, untracked" connection-state=\

    established,related,untracked

add action=drop chain=forward comment="defconf: drop invalid" \

    connection-state=invalid

add action=drop chain=forward comment=\

    "defconf:  drop all from WAN not DSTNATed" connection-nat-state=!dstnat \

    connection-state=new in-interface-list=WAN

/ip firewall mangle

add action=mark-connection chain=postrouting disabled=yes \

    new-connection-mark=RTP-Out-Connection passthrough=no port=10000-20000 \

    protocol=udp

add action=mark-packet chain=postrouting connection-mark=RTP-Out-Connection \

    disabled=yes new-packet-mark=RTP-Out-Pkt passthrough=no

add action=mark-connection chain=prerouting disabled=yes dst-port=\

    5060,10000-20000 new-connection-mark=RTP-Inbound-Connection passthrough=\

    no protocol=udp

add action=mark-packet chain=prerouting connection-mark=\

    RTP-Inbound-Connection disabled=yes new-packet-mark=RTP-Inbound-Packet \

    passthrough=no

add action=mark-connection chain=forward connection-mark=no-mark dst-port=\

    5060,10000-20000 new-connection-mark=RTP passthrough=no protocol=udp

add action=mark-packet chain=postrouting connection-mark=RTP new-packet-mark=\

    RTP passthrough=no

sebastia · Sat Dec 08, 2018 1:01 am

I know... but the default doesn't have queues either

.

And it's not wrong, FOR packets. It is wrong for connections. A UDP "connection" has packets travelling in both directions. So which connection mark should it have: RTP In or RTP Out???

try this

/queue tree
add limit-at=100M max-limit=100M name="Download Parent" parent=bridge
add limit-at=2M max-limit=100M name="RTP In" packet-mark=RTP parent="Download Parent" priority=1
add limit-at=2M max-limit=100M name="Unmarked In" packet-mark=no-mark parent="Download Parent"
add max-limit=20M name="Upload Parent" parent=ether1 queue=default
add limit-at=2M max-limit=20M name="RTP Out" packet-mark=RTP parent="Upload Parent" priority=1 queue=default
add limit-at=2M max-limit=20M name="Unmarked Out" packet-mark=no-mark parent="Upload Parent" queue=default

/ip firewall filter
...
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related connection-bytes=8000-0 connection-mark=!RTP
...

/ip firewall mangle
add action=mark-connection chain=forward dst-port=5060,10000-20000 new-connection-mark=RTP passthrough=no protocol=udp connection-mark=no-mark
add action=mark-packet chain=postrouting connection-mark=RTP new-packet-mark=RTP passthrough=no

Packet Marking/VoIP QOS

Packet Marking/VoIP QOS

Re: Packet Marking/VoIP QOS

Re: Packet Marking/VoIP QOS

Re: Packet Marking/VoIP QOS

Re: Packet Marking/VoIP QOS

Re: Packet Marking/VoIP QOS

Re: Packet Marking/VoIP QOS

Re: Packet Marking/VoIP QOS

Re: Packet Marking/VoIP QOS

Who is online