
pls see my scenario below:
1. I want do limitation to one IP. let say 172.16.31.89. so, i do mangle(connection-mark and packet-mark) in prerouting(upload) and postrouting(download) with Passthrought=NO and then apply it in global-in(upload), global-out(download) in Queue Tree. i also set limit-at to 32k and max-limit to 128k for both download and upload traffic. please refer to below config:
>ip mangle print
82 ;;172.16.31.89-conn-down
chain=postrouting action=mark-connection new-connection-mark=chanty-conn-download passthrough=yes src-address=172.16.31.89
83 ;;172.16.31.89-pack-down
chain=postrouting action=mark-packet new-packet-mark=chanty-packet-download passthrough=no connection-mark=chanty-conn-download
84 ;;172.16.31.89-conn-up
chain=pretrouting action=mark-connection new-connection-mark=chanty-conn-upload passthrough=yes src-address=172.16.31.89
85 ;;172.16.31.89-pack-up
chain=prerouting action=mark-packet new-packet-mark=chanty-packet-upload passthrough=no connection-mark=chanty-pack-upload
>queue tree print
86 name="chanty-inner-download" parent=Total-Download packet-mark="" limit-at=128000 queue=default priority=8 max-limit=128000 burst-limit=0 burst-threshold=0 burst-time=0s
87 name="chanty-inner-upload" parent=Total-Upload packet-mark="" limit-at=128000 queue=default priority=8 max-limit=128000 burst-limit=0 burst-threshold=0 burst-time=0s
64 name="chanty-down" parent=chanty-inner-download packet-mark=chanty-packet-download limit-at=100000 queue=default priority=8 max-limit=120000 burst-limit=0 burst-threshold=0 burst-time=0s
65 name="chanty-up" parent=chanty-inner-upload packet-mark=chanty-packet-upload limit-at=100000 queue=default priority=8 max-limit=120000 burst-limit=0 burst-threshold=0 burst-time=0s
2. I want to give priority to incoming ICMP traffic. so, i do mangle(packet-mark only) in both prerouting(upload) and postrouting(download) specifying Protocol=ICMP.
>ip firewall mangle print
0 ;;; icmp-packet-upload
chain=prerouting action=mark-packet new-packet-mark=icmp-packet-upload passthrough=yes protocol=icmp
1 ;;; icmp-packet-download
chain=postrouting action=mark-packet new-packet-mark=icmp-packet-download passthrough=yes protocol=icmp
>queue tree print
66 name="icmp-priority-download" parent=chanty-inner-upload packet-mark=icmp-packet-upload limit-at=28000 queue=default priority=2 max-limit=120000 burst-limit=0 burst-threshold=0 burst-time=0s
67 name="icmp-priority-download" parent=chanty-inner-download packet-mark=icmp-packet-download limit-at=28000 queue=default priority=2 max-limit=120000 burst-limit=0 burst-threshold=0 burst-time=0s
My problem is ICMP cannot get priority. Everytime, i try to test full download or upload, ICMP will get a lot delay time.
can anyone please advise on the configuration?
Thanks,