Page 1 of 1

QoS for hotspot - Can it be done, whilst keeping all rules?

Posted: Mon Jun 14, 2010 2:07 am
by bigguns
Hi there,
I've been trying to create QoS rules for my hotspot, but I'm having problems using PDQ with it - I believe based on the standard hotspot rules created, its prevent the QoS from working correctly.
Has anyone got a working configuration they wouldn't mind sharing or if someone could point me in the right direction?

My internet speed is 50mb down / 1.5mb upload
Hotspot shell is based on 10.5.50.X
All AP's are based on 192.168.1.X


Thank you for your help .

Re: QoS for hotspot - Can it be done, whilst keeping all rul

Posted: Mon Jun 14, 2010 3:06 am
by fewi
Hotspots use simple queues. Most QoS configs use queue trees. You can use both but must be very careful to understand how the two interact.

For example, queue trees attached to global-in and global-out fire before simple queues.

Re: QoS for hotspot - Can it be done, whilst keeping all rul

Posted: Mon Jun 14, 2010 8:59 am
by bigguns
Thanks for your reply - This is what I've been trying to apply, but I guess I'm going wrong somewhere with the setup of QoS. Can you suggest another way of doing it - so that all users have equal bandwidth (but upto the 50mb download if they were the only user).

Thanks

Re: QoS for hotspot - Can it be done, whilst keeping all rul

Posted: Mon Jun 14, 2010 9:29 am
by telomasen
Thanks for your reply - This is what I've been trying to apply, but I guess I'm going wrong somewhere with the setup of QoS. Can you suggest another way of doing it - so that all users have equal bandwidth (but upto the 50mb download if they were the only user).

Thanks
well...on your problem...you can try setting up the profile for your hotspot users.......then set the the burst time.....

Re: QoS for hotspot - Can it be done, whilst keeping all rul

Posted: Mon Jun 14, 2010 11:17 am
by bigguns
Has anyone got a set of working rules that I can have a look at please - just to try and help me figure out what I've done wrong.

Re: QoS for hotspot - Can it be done, whilst keeping all rul

Posted: Mon Jun 14, 2010 4:51 pm
by fewi
I do at work. I will post it later.

Re: QoS for hotspot - Can it be done, whilst keeping all rul

Posted: Mon Jun 14, 2010 6:43 pm
by fewi
The below is taken from internal documents with a few things removed.

You can further optimize that by using the address-list option on the Hotspot User Profile - users are automatically added to that address-list on login and are removed again on logout. There's also a corresponding RADIUS attribute. That would allow you to mark packets not only on interface but also based on address-list so you could run different policies (and rate limits) on the same interface.


Rate Limiting (Users and Networks)

Note: This is a very simplified view of QoS on RouterOS, a full description can be found at http://wiki.mikrotik.com/wiki/Queue, http://wiki.mikrotik.com/wiki/Packet_Flow in detail describes how packets flow through the router.

Hotspot users are usually rate limited via dynamically created simple queues. When a user logs in, a simple queue with the user's IP address as a target is created. Upload and download limits are taken from the user profile applied during login. There is no built in way to define a bandwidth pool to be shared between users, each rate limit is user specific. This works fine for per user products such as [retracted] and no further configuration is required.

When a network as a whole should be rate limited, [retracted], manual QoS must be configured. In addition to rate limiting a pool of network connections as a whole this can also be extended to create a rate limit not to be exceeded by a pool of connections with each connection specifically rate limited by a smaller queue. This is achieved via queue trees. Queue trees are hierarchical and at the bottom of the tree inherit from global-in and global-out, or from specific interfaces. Packets are then shifted further down the tree to a specific bucket by merit of packet marks. Queue trees attached directly to global-in and global-out get hit before simple queues are evaluated, so if a packet is eligible for rate limiting via a simple queue and a global-in/out inherited queue tree the queue tree rate limit will take. This enables us to combine Hotspots and their redirects and user authentication with global rate limits.

First, packets must be marked. In this example, a packet mark of 'hotspot1-up' is applied to all packets coming into the router through the hotspot1 interface. A packet mark of 'hotspot1-down' is applied to all packets leaving the router through the hotspot1 interface.
/ip firewall mangle
add chain=prerouting action=mark-packet in-interface=hotspot1 new-packet-mark=hotspot1-up passthrough=yes
add chain=postrouting action=mark-packet out-interface=hotspot1 new-packet-mark=hotspot1-down passthrough=yes
Flags: X - disabled, I - invalid, D - dynamic
0 chain=prerouting action=mark-packet
new-packet-mark=hotspot1-up passthrough=yes
in-interface=hotspot1

1 chain=postrouting action=mark-packet
new-packet-mark=hotspot1-down passthrough=yes
out-interface=hotspot1
Then two queues - one for upload and one for download - are created based on the packet marks. In this example a total of 5mbps downstream and 2mbps upstream are configured.
/queue tree
add name=hotspot1-down parent=global-out packet-mark=hotspot1-down max-limit=5000000 queue=default
add name=hotspot1-up parent=global-in packet-mark=hotspot1-up max-limit=2000000 queue=default
Flags: X - disabled, I - invalid
0 name="hotspot1-down" parent=global-out
packet-mark=hotspot1-down limit-at=0 queue=default
priority=8 max-limit=5M burst-limit=0
burst-threshold=0 burst-time=0s

1 name="hotspot1-up" parent=global-in
packet-mark=hotspot1-up limit-at=0 queue=default
priority=8 max-limit=2M burst-limit=0
burst-threshold=0 burst-time=0s
If the 5mbps/2mbps global rate limit is to be applied together with each user not exceeding 512kbps down and 256kbps down, PCQ can be used to dynamically create queues based on the source and destination addresses. For upstream traffic the source address is used as an identifier as it corresponds to the not yet NAT'd client IP address. For downstream traffic the destination address is used as an identifier as it corresponds to the client IP address after client NAT to the router public IP has been reversed (refer to above linked packet flow diagram for details).

First, PCQ queue types are created:
/queue type
add name=hotspot1-down-per-user kind=pcq pcq-rate=512000 pcq-classifier=dst-address
add name=hotspot1-up-per-user kind=pcq pcq-rate=256000 pcq-classifier=src-address
0 name="default" kind=pfifo pfifo-limit=50

1 name="ethernet-default" kind=pfifo pfifo-limit=50

2 name="wireless-default" kind=sfq sfq-perturb=5
sfq-allot=1514

3 name="synchronous-default" kind=red red-limit=60
red-min-threshold=10 red-max-threshold=50 red-burst=20
red-avg-packet=1000

4 name="hotspot-default" kind=sfq sfq-perturb=5
sfq-allot=1514

5 name="hotspot1-up-per-user" kind=pcq pcq-rate=256000
pcq-limit=50 pcq-classifier=src-address
pcq-total-limit=2000

6 name="hotspot1-down-per-user" kind=pcq pcq-rate=512000
pcq-limit=50 pcq-classifier=dst-address
pcq-total-limit=2000

7 name="default-small" kind=pfifo pfifo-limit=10
Then the PCQ queue types are applied to the queue trees - now a dynamic queue will be created for each user, but all those dynamic queues combined may not exceeded the queue tree limit of 5mbps/2mbps:
/queue tree
set [find name=hotspot1-down] queue=hotspot1-down-per-user
set [find name=hotspot1-up] queue=hotspot1-up-per-user
Flags: X - disabled, I - invalid
0 name="hotspot1-down" parent=global-out
packet-mark=hotspot1-down limit-at=0
queue=hotspot1-down-per-user priority=8 max-limit=5M
burst-limit=0 burst-threshold=0 burst-time=0s

1 name="hotspot1-up" parent=global-in
packet-mark=hotspot1-up limit-at=0
queue=hotspot1-up-per-user priority=8
max-limit=3m burst-limit=0 burst-threshold=0
burst-time=0s

Re: QoS for hotspot - Can it be done, whilst keeping all rul

Posted: Mon Jun 14, 2010 11:23 pm
by bigguns
Thanks for the good guide on QoS for hotspots - now based on this, how can I allow my AP's to a have unlimited bandwidth?

Also is there away I can test QoS just to ensure its working correctly?

Re: QoS for hotspot - Can it be done, whilst keeping all rul

Posted: Mon Jun 14, 2010 11:28 pm
by fewi
Instead of rate limiting to 5/2 in the example, set max-limits that are very high (e.g. 100mbps) and don't use the PCQ piece.

To test, create the conditions under which QoS would come into play. For that you usually have to generate enough traffic to trigger the actions.

Re: QoS for hotspot - Can it be done, whilst keeping all rul

Posted: Mon Jun 14, 2010 11:37 pm
by bigguns
Instead of rate limiting to 5/2 in the example, set max-limits that are very high (e.g. 100mbps) and don't use the PCQ piece.
But won't this have an effect across all clients and AP's?
My clients are based on 10.5.50.X; whereas the AP is based on 192.168.1.X.

Re: QoS for hotspot - Can it be done, whilst keeping all rul

Posted: Mon Jun 14, 2010 11:48 pm
by fewi
I'm not entirely sure what your network layout is. But the example I gave shows you how to do queue trees based on packet marks. So all that's left to do is to adjust the queue tree itself (set it to a high rate limit to fake unlimited) and to adjust what you set packet marks on (set it not only based on interface, but also on source address).

Instead of
/ip firewall mangle
add chain=prerouting action=mark-packet in-interface=hotspot1 new-packet-mark=hotspot1-up passthrough=yes
add chain=postrouting action=mark-packet out-interface=hotspot1 new-packet-mark=hotspot1-down passthrough=yes
you use
/ip firewall mangle
add chain=prerouting action=mark-packet in-interface=hotspot1 new-packet-mark=hotspot1-up src-address=192.168.1.0/24 passthrough=yes
add chain=postrouting action=mark-packet out-interface=hotspot1 new-packet-mark=hotspot1-down dst-address=192.168.1.0/24 passthrough=yes
Traffic to or from 10.5.50.0/24 doesn't match that and won't have packet marks applied. Therefore the queue trees won't fire as they're based on packet marks, traffic will fall through to the simple queues that Hotspots dynamically create and that traffic to or from 10.5.50.0/24 will be rate limited as usual.

Re: QoS for hotspot - Can it be done, whilst keeping all rul

Posted: Mon Jun 14, 2010 11:55 pm
by bigguns
Brilliant that just what I need now I can see what i need to do with them all.

Thanks again for all your help.