Community discussions

 
gotsprings
Forum Veteran
Forum Veteran
Topic Author
Posts: 722
Joined: Mon May 14, 2012 9:30 pm

GoogleFiber

Sat Apr 27, 2019 1:26 pm

First install with GoogleFiber.

After looking into several documents I found that Small Business accounts ABSOLUTELY could remove the Google Router and go straight to their own router.
The install I was working on was residential so Google refused to "click that switch" or help me get around the need for their router.
https://support.google.com/fiber/answer/6078065

After some more digging I found a 2 years old HOW TO that stated... "Add a VLAN Tag of 2 to your DHCP client.

/interface vlan
add interface=ether6-Google name=GoogleVLAN vlan-id=2
/ip dhcp-client
add add-default-route=no comment=1RLCInt dhcp-options=hostname,clientid \
    disabled=no interface=GoogleVLAN  use-peer-dns=no use-peer-ntp=no
    
That got me an IP address and I added that interface to the WAN interface list.

Traffic flows over it and I get downloads in the 700+ range.
The Uploads are some how stuck right around 10?

I found a Ubiquiti help post that showed needing into add a QOS priority of 3 to the WAN interface.
https://community.ubnt.com/t5/UniFi-Rou ... -p/2669607

That was a much newer article.

Would the RB3011 require this too?
"It ain't what you don't know that gets you into trouble. It's what you know for sure that just ain't so."
Mark Twain
 
msatter
Forum Guru
Forum Guru
Posts: 1090
Joined: Tue Feb 18, 2014 12:56 am
Location: Netherlands / Nīderlande

Re: GoogleFiber

Sat Apr 27, 2019 1:39 pm

Two RB760iGS (hEX S) in series. One does PPPoE/IKEv2 and the other does the rest of the tasks.
Running:
RouterOS 6.45Beta / Winbox 3.18 / MikroTik APP 1.2.6
Having an Android device, use https://github.com/M66B/NetGuard/releases (no root required)
 
gotsprings
Forum Veteran
Forum Veteran
Topic Author
Posts: 722
Joined: Mon May 14, 2012 9:30 pm

Re: GoogleFiber

Sat Apr 27, 2019 1:48 pm

So in Mangle they want this?
/ip firewall mangle
add chain=forward out-interface=GoogleVLAN action=set-priority \
    new-priority=3 comment="All other traffic with priority 3"
  
I added it and released the DHCP-Client and got a new address.

Now if I could get a bandwidth test server to let me connect.
"It ain't what you don't know that gets you into trouble. It's what you know for sure that just ain't so."
Mark Twain
 
msatter
Forum Guru
Forum Guru
Posts: 1090
Joined: Tue Feb 18, 2014 12:56 am
Location: Netherlands / Nīderlande

Re: GoogleFiber

Sat Apr 27, 2019 2:03 pm

That is correct, you got an IP without that line active so you could also omit that line.

Can't test because I am not even on the same continent. ;-)
Two RB760iGS (hEX S) in series. One does PPPoE/IKEv2 and the other does the rest of the tasks.
Running:
RouterOS 6.45Beta / Winbox 3.18 / MikroTik APP 1.2.6
Having an Android device, use https://github.com/M66B/NetGuard/releases (no root required)
 
gotsprings
Forum Veteran
Forum Veteran
Topic Author
Posts: 722
Joined: Mon May 14, 2012 9:30 pm

Re: GoogleFiber

Sat Apr 27, 2019 2:09 pm

That is correct, you got an IP without that line active so you could also omit that line.

Can't test because I am not even on the same continent. ;-)
Thanks for the help.

Will get someone on site to check it.
"It ain't what you don't know that gets you into trouble. It's what you know for sure that just ain't so."
Mark Twain
 
sindy
Forum Guru
Forum Guru
Posts: 3284
Joined: Mon Dec 04, 2017 9:19 pm

Re: GoogleFiber

Sat Apr 27, 2019 3:03 pm

That is correct, you got an IP without that line active so you could also omit that line.
Well, I wouldn't be that sure on what gents there may have created - as they don't use just the VLAN IDs to discriminate between services and need the CoS marks as well, I could theoretically imagine that two DHCPDISCOVER messages coming from the same MAC address and with the same Vendor ID etc. may be served by different DHCPOFFER depending on the different CoS marks they arrive with. So we cannot say whether it is directly the CoS value of 3 that chooses the traffic shaper profile on upload or whether it is the IP address assigned from a different pool.

If the CoS mark was only important in the DHCPDISCOVERY (and DHCPREQUEST) packets, it would have a positive impact on the CPU load because if you need to set CoS in every output frame (which is what I assume to be the case, but I'm on the same continent like @msatter so I cannot check that), you cannot use fasttracking, and even if you don't use fasttracking for some other reasons, setting CoS is still one action more to be taken on an egress packet so it costs some CPU cycles. I think some CRS handle that in hardware but I think we are discussing a 3011 here, right?
Instead of writing novels, post /export hide-sensitive. Use find&replace in your favourite text editor to systematically replace all occurrences of each public IP address potentially identifying you by a distinctive pattern such as my.public.ip.1.
 
pe1chl
Forum Guru
Forum Guru
Posts: 5270
Joined: Mon Jun 08, 2015 12:09 pm

Re: GoogleFiber

Sat Apr 27, 2019 4:02 pm

Also check if your ethernet interface negotiates to the correct speed and duplex.
 
gotsprings
Forum Veteran
Forum Veteran
Topic Author
Posts: 722
Joined: Mon May 14, 2012 9:30 pm

Re: GoogleFiber

Sun Apr 28, 2019 10:09 pm

Also check if your ethernet interface negotiates to the correct speed and duplex.
Status shows as Unknown.
"It ain't what you don't know that gets you into trouble. It's what you know for sure that just ain't so."
Mark Twain
 
gotsprings
Forum Veteran
Forum Veteran
Topic Author
Posts: 722
Joined: Mon May 14, 2012 9:30 pm

Re: GoogleFiber

Sun Apr 28, 2019 10:10 pm

That is correct, you got an IP without that line active so you could also omit that line.
but I think we are discussing a 3011 here, right?
Correct
"It ain't what you don't know that gets you into trouble. It's what you know for sure that just ain't so."
Mark Twain
 
msatter
Forum Guru
Forum Guru
Posts: 1090
Joined: Tue Feb 18, 2014 12:56 am
Location: Netherlands / Nīderlande

Re: GoogleFiber

Sun Apr 28, 2019 11:30 pm

Also check if your ethernet interface negotiates to the correct speed and duplex.
Status shows as Unknown.
Then set it manually.
Two RB760iGS (hEX S) in series. One does PPPoE/IKEv2 and the other does the rest of the tasks.
Running:
RouterOS 6.45Beta / Winbox 3.18 / MikroTik APP 1.2.6
Having an Android device, use https://github.com/M66B/NetGuard/releases (no root required)
 
gotsprings
Forum Veteran
Forum Veteran
Topic Author
Posts: 722
Joined: Mon May 14, 2012 9:30 pm

Re: GoogleFiber

Tue Apr 30, 2019 8:12 pm

Support just got back to me and set to set the chain in Mangle to OUTPUT.

That seems odd.
Hello,

In RouterOS you can set QoS priority 3 to outgoing VLAN packets using this rule:

/ip firewall mangle
add chain=output out-interface=GoogleVLAN action=set-priority new-priority=3

Best regards,
"It ain't what you don't know that gets you into trouble. It's what you know for sure that just ain't so."
Mark Twain
 
sindy
Forum Guru
Forum Guru
Posts: 3284
Joined: Mon Dec 04, 2017 9:19 pm

Re: GoogleFiber

Tue Apr 30, 2019 11:22 pm

Support just got back to me and set to set the chain in Mangle to OUTPUT.

That seems odd.
This advice would only make sense to me if the priority should be set only in the VLAN CoS field of the outgoing DHCP packets (DHCPDISCOVER, DHCPREQUEST) but not of the packets routed from other hosts. However, the DHCP client is actually bound closer to the wire than the ip firewall, so /ip firewall mangle chain=output rules never match on outgoing DHCP packets.
Instead of writing novels, post /export hide-sensitive. Use find&replace in your favourite text editor to systematically replace all occurrences of each public IP address potentially identifying you by a distinctive pattern such as my.public.ip.1.
 
sindy
Forum Guru
Forum Guru
Posts: 3284
Joined: Mon Dec 04, 2017 9:19 pm

Re: GoogleFiber

Wed May 01, 2019 9:23 am

but I think we are discussing a 3011 here, right?
Correct
So this makes you Lucky Luke, because the switch chips of 3011 are QCA8337 which bless us with hardware manipulation of frame headers.

To set the priority field of the VLAN tag of all frames sent by the CPU and tagged with VLAN ID 2 towards the MAC address of google's gateway in VLAN 2 to the magic value of 3, regardless whether the IP packets they carry are generated locally (like the DHCP ones) or routed from LAN, and also if they carry ARP packets, you need to do the following:

/interface ethernet switch rule add switch=switch2 ports=switch2-cpu vlan-id=2 new-vlan-priority=3
/interface ethernet switch rule add switch=switch2 ports=switch2-cpu dst-mac-address=gg:gg:gg:00:00:00/ff:ff:ff:ff:ff:ff new-vlan-priority=3

The above is true if the uplink is really connected to ether6-google as you've stated in your OP; if you connected the fibre to an SFP module inserted directly into the 3011, you wouldn't be able to benefit from the switch chip features as the SFP cage is connected directly to the CPU, bypassing the switch chip. So in that case, you'd have to make the SFP interface a member port of a bridge and use /interface bridge filter rules instead, which would make the WAN processing more CPU costly. If the frames carrying DHCP packets (or ARP packets) need not have the vlan priority field set to 3, /ip firewall mangle add chain=postrouting action=set-priority new-priority=3 out-interface=GoogleVLAN is sufficient as it covers both the locally originated IP traffic (except DHCP) and the IP traffic routed (and NATed) from LAN. But ARP is not IP traffic so it this rule won't set the priority field in frames carrying ARP packets either because it won't ever see the ARP packets.

EDIT: I'm not sure now why but the miracle above actually doesn't happen because the priority value is not being set for frames which ingress the chip via its cpu-facing port; I've seen the rule to work for the ethernet ingress ports, but when sniffing what the switch chip has forwarded from the cpu port to an ethernet port on a device connected to that ethernet port, the priority has to be set using the /ip firewall bridge filter or /ip firewall mangle to be seen at the sniffing device. The switch chip rule doesn't overwrite it.

EDIT 2: matching on vlan-id on the CPU port seems to be the spoiler of the miracle. I've tried to replace the vlan-id matching in the original rule by different match condition serving the same purpose in my environment and the rule started matching and setting the priority field. I guess it has something to do with the proprietary format of the frame header which is used between the CPU and the switch. In my case, I was matching a single dst-mac-address because I have more VLANs on the bridge and port; in your case, as the /interface ethernet switch rule don't allow to match on the egress port, it might make sense to match only the first three bytes of the gateway's MAC address, i.e. the vendor ID. Also, I haven't tested whether /interface ethernet switch rule works the same even if the egress port is not a member of any bridge in ROS (i.e. when the /interface VLAN is attached directly to ether6 as in your setup).
Instead of writing novels, post /export hide-sensitive. Use find&replace in your favourite text editor to systematically replace all occurrences of each public IP address potentially identifying you by a distinctive pattern such as my.public.ip.1.
 
gotsprings
Forum Veteran
Forum Veteran
Topic Author
Posts: 722
Joined: Mon May 14, 2012 9:30 pm

Re: GoogleFiber

Thu May 02, 2019 5:10 pm

Support just got back to me and set to set the chain in Mangle to OUTPUT.

That seems odd.
Hello,

In RouterOS you can set QoS priority 3 to outgoing VLAN packets using this rule:

/ip firewall mangle
add chain=output out-interface=GoogleVLAN action=set-priority new-priority=3

Best regards,
Follow up from Support...
Sorry, it is my mistake, the forum rule will be the correct one for traffic trough the router. Mine is for traffic sent from the router itself.
"It ain't what you don't know that gets you into trouble. It's what you know for sure that just ain't so."
Mark Twain
 
sindy
Forum Guru
Forum Guru
Posts: 3284
Joined: Mon Dec 04, 2017 9:19 pm

Re: GoogleFiber

Thu May 02, 2019 5:45 pm

So did you have a chance to check whether it is necessary to set the VLAN priority field to 3 also in the DHCP packets to gain the full upload bandwith or whether it is sufficient to do that on the "real" traffic?
Instead of writing novels, post /export hide-sensitive. Use find&replace in your favourite text editor to systematically replace all occurrences of each public IP address potentially identifying you by a distinctive pattern such as my.public.ip.1.
 
berzerker
just joined
Posts: 5
Joined: Thu Oct 26, 2017 6:55 am

Re: GoogleFiber

Sat Jun 08, 2019 9:26 pm

Support just got back to me and set to set the chain in Mangle to OUTPUT.

That seems odd.
Hello,

In RouterOS you can set QoS priority 3 to outgoing VLAN packets using this rule:

/ip firewall mangle
add chain=output out-interface=GoogleVLAN action=set-priority new-priority=3

Best regards,
Follow up from Support...
Sorry, it is my mistake, the forum rule will be the correct one for traffic trough the router. Mine is for traffic sent from the router itself.
Not sure if you're still trying to figure this out or not, but I did get this to work for me (and to anyone who comes across this problem).

You don't want to use the output chain because it's not covering traffic going out of WAN, just ones originating from the router itself via the mangle ruleset.

You want to use the postrouting chain so it hits all packets going out WAN, not just ones generated locally.
/ip firewall mangle add chain=postrouting action=set-priority new-priority=3 out-interface=<WAN>
This allows me to not need an ethernet switch rule anywhere (I'm uplinking via SFP+ on an RB4011, so that wouldn't work anyway), and allows me to achieve full gigabit symmetrical speeds.
 
gotsprings
Forum Veteran
Forum Veteran
Topic Author
Posts: 722
Joined: Mon May 14, 2012 9:30 pm

Re: GoogleFiber

Mon Jun 10, 2019 12:54 pm

Gave up weeks ago and seteled for DMZ mode.

Found Google service at this location to be "questionable" at best.
"It ain't what you don't know that gets you into trouble. It's what you know for sure that just ain't so."
Mark Twain

Who is online

Users browsing this forum: No registered users and 23 guests