Community discussions

MUM Europe 2020
 
newtoCS
newbie
Topic Author
Posts: 36
Joined: Wed Jul 14, 2010 11:04 pm

How to make Queue trees

Wed Aug 11, 2010 8:13 am

I really can't find anywhere in the manual has explained how to make a queue tree and what is
the role of the inner queues.

-I want to implement HTB at each router for each user in this network but the manual is
so confusing and incomplete that I do not know what to do. Can anyone please help?

- for example at RB2 I must implement 3 HTB queues for the traffic from 3 users u1, u2, u3.
For download traffic I know the top parent would be "global-out", but do I need inner queues?
what they are and what they do? do I need any extra inner queus for u1 and u2 since
they come from the same interface?

-Please point me to somewhere that talks about how to make the queue trees and identify
the parents and inner queues.
You do not have the required permissions to view the files attached to this post.
Last edited by newtoCS on Wed Aug 11, 2010 6:12 pm, edited 2 times in total.
 
usmc58xx
newbie
Posts: 25
Joined: Tue Aug 03, 2010 12:39 am

Re: How to make Queue trees

Wed Aug 11, 2010 8:46 am

 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8327
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: How to make Queue trees

Wed Aug 11, 2010 4:23 pm

why do you need it on each router? simply setup it on RB3 =)
Russian-speaking forum: https://forum.mikrotik.by/. Welcome!

For every complex problem, there is a solution that is simple, neat, and wrong.

MikroTik. Your life. Your routing.
 
newtoCS
newbie
Topic Author
Posts: 36
Joined: Wed Jul 14, 2010 11:04 pm

Re: How to make Queue trees

Wed Aug 11, 2010 5:08 pm

I need to give each customer some service, so when number of users go up and the links sometimes become overloaded then I have to monitor traffic to each router and drop the non-committed rates if necessary.

So I don't know at all how to set up the queue trees. even on RB3 I don't know how to do that. I do not know what the inner queues should be and if I only need one parent like global-out and some children like u1-u3? and no other inner parents in between? I don't know how to draw the tree and then write the scripts. There is mo manual help.

please help!

thanks very much!
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8327
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: How to make Queue trees

Wed Aug 11, 2010 6:13 pm

to satisfy CIR, parent=global-out for all leaves is enough. just create leaf with limit-at=CIR for the customer's traffic and one more leaf for all the rest
Russian-speaking forum: https://forum.mikrotik.by/. Welcome!

For every complex problem, there is a solution that is simple, neat, and wrong.

MikroTik. Your life. Your routing.
 
newtoCS
newbie
Topic Author
Posts: 36
Joined: Wed Jul 14, 2010 11:04 pm

Re: How to make Queue trees

Wed Aug 11, 2010 6:15 pm


yes I have. It still does not say when and why some inner queues are needed. the HTB examples one the web show many inner queue classes but never show what kind of network they correspond to. inversely, I don't know my network coresponds to what kind of queue tree. there should be a step by step manual to help beginners draw their corresponding queue tree, but there is nothing at all!
 
newtoCS
newbie
Topic Author
Posts: 36
Joined: Wed Jul 14, 2010 11:04 pm

Re: How to make Queue trees

Wed Aug 11, 2010 6:20 pm

to satisfy CIR, parent=global-out for all leaves is enough. just create leaf with limit-at=CIR for the customer's traffic and one more leaf for all the rest
do I need to attach my customers leaf to an inner parent before the global-out? like the second picture? or they should be directly connected to the global-out? on winbox if I do the latter I can't see any hierarchy.
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8327
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: How to make Queue trees

Wed Aug 11, 2010 6:22 pm

do I need to attach my customers leaf to an inner parent before the global-out? like the second picture? or they should be directly connected to the global-out? on winbox if I do the latter I can't see any hierarchy.
directly. inner parent is necessary if you need to limit summary speed of leaves, for example - you can't set 'max-limit' for 'global-out' =)
Russian-speaking forum: https://forum.mikrotik.by/. Welcome!

For every complex problem, there is a solution that is simple, neat, and wrong.

MikroTik. Your life. Your routing.
 
newtoCS
newbie
Topic Author
Posts: 36
Joined: Wed Jul 14, 2010 11:04 pm

Re: How to make Queue trees

Wed Aug 11, 2010 6:35 pm

do I need to attach my customers leaf to an inner parent before the global-out? like the second picture? or they should be directly connected to the global-out? on winbox if I do the latter I can't see any hierarchy.
directly. inner parent is necessary if you need to limit summary speed of leaves, for example - you can't set 'max-limit' for 'global-out' =)

so how about my other two leaves (u1 and u2)? I have reasons to have a separate HTB queue for them on RB2. Now do they need another parent like my ""third figure"", or they are just treated like u3? if they need another parent what that would be? ether3 or an imaginary parent? what would be the limits on this parent?
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8327
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: How to make Queue trees

Wed Aug 11, 2010 10:19 pm

you need QoS mainly for CIR, so you don't need complex hierarchy - use parent=global-out
Russian-speaking forum: https://forum.mikrotik.by/. Welcome!

For every complex problem, there is a solution that is simple, neat, and wrong.

MikroTik. Your life. Your routing.
 
newtoCS
newbie
Topic Author
Posts: 36
Joined: Wed Jul 14, 2010 11:04 pm

Re: How to make Queue trees

Wed Aug 11, 2010 11:19 pm

you need QoS mainly for CIR, so you don't need complex hierarchy - use parent=global-out
ok, thanks very much.
 
newtoCS
newbie
Topic Author
Posts: 36
Joined: Wed Jul 14, 2010 11:04 pm

Re: How to make Queue trees

Thu Aug 12, 2010 3:00 am

to satisfy CIR, parent=global-out for all leaves is enough. just create leaf with limit-at=CIR for the customer's traffic and one more leaf for all the rest
If I want to do something like this (send all of the aggregate traffic to a separate queue) I won't be able to guarantee my CIRs in case the network is larger and congested. But if I implement 2 queues for the aggregate traffic (not from the local user attached to the router) I might be able to avoid HTB per user at each router.

In one queue I want to put the packets belonging to the transmitters sending below their CIR, and in the other Queue I want to put packets belonging to the transmitters sending above their CIRs. This way I will know what packets must be dropped if the network is congested. But I must somehow mark the packets right before transmission from their original router.

How can I do packet marking based on the state of a local HTB queue. In green state mark the packets as "blow-CIR" or something and in the yellow and red state mark them as "above-CIR". Then when the packets become aggregate to the upcoming routers they go to their corresponding queues. CAN I DO THIS? HOW can I identify the color of a queue in a mangling rule? can I use any "if statement" :) ? is this question so naive or funny! :lol:
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8327
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: How to make Queue trees

Thu Aug 12, 2010 6:13 pm

yep, a bit naive =) color has nothing to do with CIR =) http://forum.mikrotik.com/viewtopic.php ... 16#p198916

and don't try to send packets to different queues depending on current traffic - it's what HTB was developed for, don't try to prevent it from doing its work =)
Russian-speaking forum: https://forum.mikrotik.by/. Welcome!

For every complex problem, there is a solution that is simple, neat, and wrong.

MikroTik. Your life. Your routing.
 
newtoCS
newbie
Topic Author
Posts: 36
Joined: Wed Jul 14, 2010 11:04 pm

Re: How to make Queue trees

Thu Aug 12, 2010 8:29 pm

yep, a bit naive =) color has nothing to do with CIR =) http://forum.mikrotik.com/viewtopic.php ... 16#p198916

and don't try to send packets to different queues depending on current traffic - it's what HTB was developed for, don't try to prevent it from doing its work =)
That color post is very confusing, I have to read it in depth later. So forget about the colors. If I want to mark packets based on whether the CIR has reached or not, sending UDP packets of one connection to different queues does not harm anything as there is no guarantee they arrive in order. For the TCP packets though, if I send them to different queues that does not change the orders since a TCP session will stay above CIR until the next ACK arrives. So the packets going to the CIR queue will go through, and the tail which is in the "above CIR" queue will either pass or discarded. If all of them pass the ACK will be returned, if not the window size drops. So I think we don't have out of order problem with TCP packets either. So do you think I can mark packets based on the traffic?

I really appreciate your help and sharing your knowledge Chupaka.
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8327
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: How to make Queue trees

Thu Aug 12, 2010 9:48 pm

you do NOT need to use some additional queues for "under/over CIR". queue do not affect packets all until limit-at value is reached
Russian-speaking forum: https://forum.mikrotik.by/. Welcome!

For every complex problem, there is a solution that is simple, neat, and wrong.

MikroTik. Your life. Your routing.
 
newtoCS
newbie
Topic Author
Posts: 36
Joined: Wed Jul 14, 2010 11:04 pm

Re: How to make Queue trees

Thu Aug 12, 2010 10:04 pm

I guess I was not able to explain what I intend to do.

I read the mangle is valid only within one router. Can I somehow mark the packets such that the packet mark travels with the packet in my network?
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8327
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: How to make Queue trees

Thu Aug 12, 2010 10:09 pm

you may use DSCP (ToS) value of IP packet
Russian-speaking forum: https://forum.mikrotik.by/. Welcome!

For every complex problem, there is a solution that is simple, neat, and wrong.

MikroTik. Your life. Your routing.
 
newtoCS
newbie
Topic Author
Posts: 36
Joined: Wed Jul 14, 2010 11:04 pm

Re: How to make Queue trees

Thu Aug 12, 2010 11:06 pm

OK,

step1) now suppose RB1 wants to mark U1 and U2 packets in the DSCP field right before tranmitting to RB2 such that if U1 or U2 is sending below CIR its packets are marked as 1, and if above CIR it packets are marked as 2 in the DSCP field.

step 2) When RB2 recieves packet from U1 and U2, looks into their DSCP fields. If they are marked as 1 they are sent to Q1, and if they are marked as 2 they are sent to Q2.

Question: Can I write a script for RB1 to mark the packets the way I explaiend in step1 right before transmitting to RB2?
if yes how? if not why?
 
fewi
Forum Guru
Forum Guru
Posts: 7734
Joined: Tue Aug 11, 2009 3:19 am

Re: How to make Queue trees

Fri Aug 13, 2010 12:01 am

DSCP values are set in mangle rules, just like packet marks. There's no real way to determine whether or not someone is sending/receiving above CIR in all their combined connections in mangle rules.
 
fewi
Forum Guru
Forum Guru
Posts: 7734
Joined: Tue Aug 11, 2009 3:19 am

Re: How to make Queue trees

Fri Aug 13, 2010 12:15 am

But really I don't see why you would need to mark packets that way. Just use DSCP to mark the packets to uniquely identify that they are from U1, then implement the same queues on all routers and mark packets based on DSCP as well. That way R2 can decide all by itself if traffic is above CIR in its own queue trees.
 
newtoCS
newbie
Topic Author
Posts: 36
Joined: Wed Jul 14, 2010 11:04 pm

Re: How to make Queue trees

Fri Aug 13, 2010 2:38 am

But really I don't see why you would need to mark packets that way. Just use DSCP to mark the packets to uniquely identify that they are from U1, then implement the same queues on all routers and mark packets based on DSCP as well. That way R2 can decide all by itself if traffic is above CIR in its own queue trees.
that's because of new users in the network; I want to unify the commited and uncommitted rates. The router ars located at people's home and I cannot update the HTB configurations on these routers each time a new customer signs up, or the services are changed. Any suggestion to deal with new users?

thanks
 
fewi
Forum Guru
Forum Guru
Posts: 7734
Joined: Tue Aug 11, 2009 3:19 am

Re: How to make Queue trees

Fri Aug 13, 2010 2:56 am

Depends on your network. How do you identify users? PPPoE? Static IPs?
I'd probably go off address lists, either static ones you manually put new users on or dynamic ones populated when they log in.
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8327
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: How to make Queue trees

Fri Aug 13, 2010 3:24 am

huh... if each of your users is connected to dedicated interface, you can use Traffc Monitor tool to change DSCP value in mangle rule... kind of perversion :D
Russian-speaking forum: https://forum.mikrotik.by/. Welcome!

For every complex problem, there is a solution that is simple, neat, and wrong.

MikroTik. Your life. Your routing.
 
newtoCS
newbie
Topic Author
Posts: 36
Joined: Wed Jul 14, 2010 11:04 pm

Re: How to make Queue trees

Fri Aug 13, 2010 5:28 pm

huh... if each of your users is connected to dedicated interface, you can use Traffc Monitor tool to change DSCP value in mangle rule... kind of perversion :D
I think this start-up company (I am an intern there) is going to use Static IP addresse and also they are going to use IPSec.

The figure I've shown above does not show the wireless equipments at each node. Each customer (in a house with window) has a router and some wireless equipments (directional MIMO transcivers). So the network I have shown is only the wired part, since I have nothing to do with the wireless part.

I don't want to impelement an HTB that requies reconfiguring the routers each time a new customer enters the network. That's why I came up with the idea of having only two queues for the agrregate traffic so that we don't care for the IP addresses and only give priority to the packets which are sent below CIR.

Now as for the DSCP field, why and where should the traffic monitor change it?

Any idea how to deal with new customers?
 
newtoCS
newbie
Topic Author
Posts: 36
Joined: Wed Jul 14, 2010 11:04 pm

Re: How to make Queue trees

Mon Aug 16, 2010 8:13 pm

Chupaka:
could you please check my script? I don't know how to mangle the packets with DSCP field. How I should choose the new-packet-mark if my dscp=1 for this user? and if the new-packet-mark will be known to other routers. I have mangled U1 for upload like this:

ip firewall mangle> add src-address=192.168.1.2 \
\... action=mark-connection new-connection-mark=u1-up chain=prerouting
ip firewall mangle> add connection-mark=u1-up \
\... action=mark-packet dscp=1 new-packet-mark=dscp.1 chain=prerouting

1) is the name chosen for new-packet-mark arbitrary?
2) will RB2 recognize this name if I want to implement an HTB queue for U1 at RB2 as well?

3) is something like this acceptable at RB2 for HTB queue for U1?

queue tree> add name=U1-U parent=ether4 \
\... packet-mark=dscp.1 limit-at=5242880 max-limit=10485760

please let me know what you think. I really appreciate that.
Last edited by newtoCS on Mon Aug 16, 2010 11:23 pm, edited 1 time in total.
 
fewi
Forum Guru
Forum Guru
Posts: 7734
Joined: Tue Aug 11, 2009 3:19 am

Re: How to make Queue trees

Mon Aug 16, 2010 8:46 pm

You need to set DSCP and packet marks differently. They are unrelated.

On router 1, mark the connection and based on the connection mark set DSCP on the packet as well as a packet mark for QoS:
/ip firewall mangle
add chain=prerouting src-address=192.168.1.2 action=mark-connection new-connection-mark=u1-up passthrough=yes
add chain=prerouting connection-mark=u1-up action=change-dscp new-dscp=1 passthrough=yes
add chain=prerouting connection-mark=u1-up action=mark-packet new-packet-mark=u1-up
The router then processes the packet according to the queues you have set up firing on that packet mark. Packet marks are never transmitted to the wire (they only exist within that one router), but DSCP values are set in the IP header and make it on the wire and to the next router.

On router 2, you can set a packet mark based on the DSCP value that got preserved, mapping a DSCP value of 1 back to u1-up:
/ip firewall mangle
add chain=prerouting dscp=1 action=mark-packet new-packet-mark=u1-up
And set up queues that fire on that packet mark.
 
newtoCS
newbie
Topic Author
Posts: 36
Joined: Wed Jul 14, 2010 11:04 pm

Re: How to make Queue trees

Mon Aug 16, 2010 10:26 pm

You need to set DSCP and packet marks differently. They are unrelated.

On router 1, mark the connection and based on the connection mark set DSCP on the packet as well as a packet mark for QoS:
/ip firewall mangle
add chain=prerouting src-address=192.168.1.2 action=mark-connection new-connection-mark=u1-up passthrough=yes
add chain=prerouting connection-mark=u1-up action=change-dscp new-dscp=1 passthrough=yes
add chain=prerouting connection-mark=u1-up action=mark-packet new-packet-mark=u1-up
The router then processes the packet according to the queues you have set up firing on that packet mark. Packet marks are never transmitted to the wire (they only exist within that one router), but DSCP values are set in the IP header and make it on the wire and to the next router.

On router 2, you can set a packet mark based on the DSCP value that got preserved, mapping a DSCP value of 1 back to u1-up:
/ip firewall mangle
add chain=prerouting dscp=1 action=mark-packet new-packet-mark=u1-up
And set up queues that fire on that packet mark.
thanks very much Fewie, I think I understand what you are saying? where can I learn all these things? am sure not from the manual.
 
fewi
Forum Guru
Forum Guru
Posts: 7734
Joined: Tue Aug 11, 2009 3:19 am

Re: How to make Queue trees

Mon Aug 16, 2010 10:31 pm

Cisco, Juniper and Foundry have pretty decent documentation that is freely available. DSCP is a networking standard. The RouterOS manuals usually don't cover too many fundamentals, so read general network books to understand what is possible. After that the RouterOS manual is pretty good about showing all the possible options to implement a specific technology.
 
newtoCS
newbie
Topic Author
Posts: 36
Joined: Wed Jul 14, 2010 11:04 pm

Re: How to make Queue trees

Tue Aug 17, 2010 4:32 pm

Cisco, Juniper and Foundry have pretty decent documentation that is freely available. DSCP is a networking standard. The RouterOS manuals usually don't cover too many fundamentals, so read general network books to understand what is possible. After that the RouterOS manual is pretty good about showing all the possible options to implement a specific technology.
fewi, what does passthrough=yes means, and why do we need this?
where can I find good documentation regarding how to write the rules for router configuration. I have already studied theory of networks for many years but I lack practical aspects. any help/link will be greatly appreciated. There are many Cisco documentations on the web, but they are more about setting up a router for home use.
 
fewi
Forum Guru
Forum Guru
Posts: 7734
Joined: Tue Aug 11, 2009 3:19 am

Re: How to make Queue trees

Tue Aug 17, 2010 4:42 pm

passthrough=yes changes the default behavior of the firewall to stop processing a packet after first match. Normally, each packet is processed against each rule in the set until one matches. Then that action is applied and processing stops in that facility. You need to first mark the connection, then the packet, and then change the DSCP field of the IP header - do you don't want to stop processing right after marking the connection, or right after setting the packet mark. You only bail out after setting DSCP.

Cisco has a metric buttload of documentation that isn't for home users. Hell, it hasn't been long that they've put their name of the Linksys brand. Do a Google search for "Cisco DSCP", for example. Or "Juniper DSCP".

Sorry, I don't have any specific links. Maybe someone else does.
 
newtoCS
newbie
Topic Author
Posts: 36
Joined: Wed Jul 14, 2010 11:04 pm

Re: How to make Queue trees

Tue Aug 17, 2010 8:45 pm

[quote="fewi"]passthrough=yes changes the default behavior of the firewall to stop processing a packet after first match. Normally, each packet is processed against each rule in the set until one matches. Then that action is applied and processing stops in that facility. You need to first mark the connection, then the packet, and then change the DSCP field of the IP header - do you don't want to stop processing right after marking the connection, or right after setting the packet mark. You only bail out after setting DSCP.

thanks very much fewi :). I never forget your karma (don't know if anyone would care though!)
 
newtoCS
newbie
Topic Author
Posts: 36
Joined: Wed Jul 14, 2010 11:04 pm

Re: How to make Queue trees

Wed Aug 18, 2010 6:32 am

Fewi, I am still thinking about the new users that come to this network. Implementing an HTB queue on each router per customer is not practical since the routers are located at customers homes. The pcq approach that you mentioned in the other post implements equal services for all users while every user might have different needs. Would you please explain more about your pcq suggestion?

Is it possible to mangle the traffic after queuing right before transmitting on the wire? I want to mangle the traffic based on the current rate of the transmitter. If it is sending above CIR set the DSCP to 2 or if below CIR set the DSCP to 1. This way I only need two Queues for the aggregate traffic at each router. Do you think this type of mangling is possible?

thanks
 
fewi
Forum Guru
Forum Guru
Posts: 7734
Joined: Tue Aug 11, 2009 3:19 am

Re: How to make Queue trees

Wed Aug 18, 2010 7:01 am

To the best of my knowledge it is impossible to know whether a particular packet was transmitted above or below CIR, so you cannot possibly tell on the next hop.

You can have multiple PCQ queues with different per user rate limits. PCQ queues as such aren't special, they fire on packet marks like other HTB queues.

The basic idea is to mark the packet with DSCP on entry to the network. Then you can make a QoS decision on every router based on the DSCP value and the interface the packet came in from, then you mark the packet and queue it accordingly. On border routers where traffic leaves your network (and where accordingly you have to deal with return traffic) you also mark the connection so you can recognize related traffic, and mark DSCP accordingly for those return packets entering your network from the WAN.

For new users you just hop into the router they connect to and either add their static IP to address list, give them a static DHCP lease that dynamically adds them to an address list or mark based on PPPoE interface - all depending on how users connect to your routers. If they connect via a method that authenticated via RADIUS you can assign address lists dynamically from the AAA.

PCQ queues can also have total limits, and they scale all users down equally as there is less bandwidth available. Coupled with priorities you can make sure that users with more expensive plans borrow from users with cheaper plans and get their CIR fulfilled.

You can also get external systems involved that analyze AAA accounting records and reach out to routers to punish users that have strained their connection limits or undo punishments after cool down periods, but you can't do that just on the router and there's no generic template available.

If I have lots of time this week I can maybe post a very rough draft but it depends on how busy work gets.
 
newtoCS
newbie
Topic Author
Posts: 36
Joined: Wed Jul 14, 2010 11:04 pm

Re: How to make Queue trees

Wed Aug 18, 2010 5:13 pm

Thanks very much fewi. I'll work on your multiple PCQ implementation idea and post my questions. It would be wonderful if you could provide a draft. I really don't know how I can thank you for that.
 
newtoCS
newbie
Topic Author
Posts: 36
Joined: Wed Jul 14, 2010 11:04 pm

Re: How to make Queue trees

Wed Aug 18, 2010 11:41 pm

Fewi, from your suggestion here is what I think I should do to be able to serve new customers without the need for reconfiguring the routers. would you please check and comment?

1) Decide on several available services (CIR, MIR combinations) for offerring to the customers.
2) for each possible service reserve a number of DSCP values
3) for each DSCP value implement a PCQ with corresponding service limits
4) when a new user enter the network depending on what kind of service it requests,the administrator assigns a DSCP value (and so the pre-defined PCQ queue at each router)

FYI: We will use DHCP to assign public IP addresses to customers. We haven't decided how to assign local IP addresses to our infrastructure (DHCP, or 10.+ a hash of the MAC address?).

Please let me know if this is what I need to implement or I am totally wrong :).
 
fewi
Forum Guru
Forum Guru
Posts: 7734
Joined: Tue Aug 11, 2009 3:19 am

Re: How to make Queue trees

Wed Aug 18, 2010 11:56 pm

I think that should work as a general plan, yes.
 
newtoCS
newbie
Topic Author
Posts: 36
Joined: Wed Jul 14, 2010 11:04 pm

Re: How to make Queue trees

Thu Aug 19, 2010 2:50 am

I think that should work as a general plan, yes.
But I don't understand why I should do it with PCQ queue type? why not a regular HTB queue with default queue type? that's why I think I do not understand what you suggested. will you please explain?
 
fewi
Forum Guru
Forum Guru
Posts: 7734
Joined: Tue Aug 11, 2009 3:19 am

Re: How to make Queue trees

Fri Aug 20, 2010 10:14 pm

Because a regular queue isn't going to rate limit per user. It was my impression that you are looking to provide data rates per customer.

Anyway, here a quick sketch:
quick_diagram.PNG
Prerequisites and assumptions:

- an address list that contains all AS IP space (all IPs that you control within your network), so that you can exempt them from the rate limits applied to WAN traffic. Intranetwork traffic should have a low priority, but be able to pass at very high speeds when bandwidth is available
- ways to identify a customers connection class at the entry point into the network. For simplicity on each router the address lists Silver_Customers_Local_To_Router and Gold_Customers_Local_To_Router are assumed - they could be populated statically or dynamically via DHCP or RADIUS
- two connection classes are assumed: Gold and Silver. Gold grants 1544kbps up/down, Silver grants 512kbps up/down
- DSCP value 3 is the silver class, DSCP value 4 is the gold class. There's also a DSCP value of 2 for things we couldn't classify into either Gold or Silver, these connections receive 512kbps/512kbps
- there's no prioritizing by protocol, only by customer. You could expand on this, read the QoS best practices from the MUM 2009 for details
- you have Gigabit on the backbone in your network, and a DS3 to the WAN
- this is for connections originating with your customers only. If you're also allowing inbound services adjustments are required (first packet makes it through as unknown, connection marks are applied on the egress point to the customer and the rest of the packets in that connection can from that point on be correctly classified)
- you also need to make exceptions for management traffic, this is for customer traffic only (but will consume all traffic, so deal with management traffic first)


On router C, mangle traffic coming in from customers. First, mark all traffic that is within the AS. No need for DSCP as we can just redetermine this on every router easily.
/ip firewall mangle 
add chain=prerouting src-address-list=AS_Local dst-address-list=AS_Local action=mark-packet new-packet-mark=AS_Local passthrough=no
Mark all traffic coming into the router for gold and silver connections. This doesn't yet deal with traffic coming into the uplink on ether1 because no packet from there would have router local users as a source IP address. First we set a packet mark, and then also a DSCP value.
/ip firewall mangle
add chain=prerouting src-address-list=Silver_Customers_Local_To_Router action=mark-packet new-packet-mark=Silver passthrough=yes
add chain=prerouting packet-mark=Silver action=change-dscp new-dscp=3 passthrough=no
add chain=prerouting src-address-list=Gold_Customers_Local_To_Router action=mark-packet new-packet-mark=Gold passthrough=yes
add chain=prerouting packet-mark=Gold action=change-dscp new-dscp=4 passthrough=no
Now deal with traffic coming in on ether1 and reassign packet marks based on their DSCP values. This covers traffic that will eventually be output to the customer.
/ip firewall mangle
add chain=prerouting in-interface=ether1 dscp=4 action=mark-packet new-packet-mark=Gold passthrough=no
add chain=prerouting in-interface=ether1 dscp=3 action=mark-packet new-packet-mark=Silver passthrough=no
add chain=prerouting in-interface=ether1 dscp=2 action=mark-packet new-packet-mark=Unknown passthrough=no
Now a fallback - the above should cover everything that comes in from locally connected users, as well as traffic that has come in via the uplink. These marks will ensure that other traffic is rate limited, and it probably makes sense to check counters periodically and make sure you know what this traffic is so you can classify it better.
/ip firewall mangle 
add chain=prerouting action=mark-packet new-packet-mark=Unknown passthrough=yes
add chain=prerouting packet-mark=Unknown action=change-dscp new-dscp=2 passthrough=no
For queues, there's one PCQ type each for upload and download for each connection class. The pcq-total-limit must be tweaked according to how many total users you have. Oversubscribe it, and periodically check and adjust according to the current user base. For details on what the parameters do see the PCQ wiki.
/queue type
add name=Gold-down kind=pcq pcq-rate=1544000 pcq-limit=50 pcq-classifier=dst-address pcq-total-limit=2000
add name=Gold-up kind=pcq pcq-rate=1544000 pcq-limit=50 pcq-classifier=src-address pcq-total-limit=2000
add name=Silver-down kind=pcq pcq-rate=512000 pcq-limit=50 pcq-classifier=dst-address pcq-total-limit=2000
add name=Silver-up kind=pcq pcq-rate=512000 pcq-limit=50 pcq-classifier=src-address pcq-total-limit=2000
add name=Unknown-down kind=pcq pcq-rate=512000 pcq-limit=50 pcq-classifier=dst-address pcq-total-limit=2000
add name=Unknown-up kind=pcq pcq-rate=512000 pcq-limit=50 pcq-classifier=src-address pcq-total-limit=2000
Then the actual queues - backbone is 1Gbps, we'll allow backbone saturation but AS local traffic has the lowest priority. WAN is DS3 speeds and has highest priority. Gold customers have higher priority than Silver customers, Unknown traffic has the lowest priority. These will need tweaking, as is Gold customers can take the entire WAN circuit if you're way oversubscribed. They're kinda spaced out to show the tree.
/queue tree
add name=Upload parent=global-in limit-at=1000000000
  add name=WAN_Upload parent=Upload limit-at=44100000 priority=1 
    add name=Gold-Upload parent=WAN_Upload queue=Gold-up priority=1
    add name=Silver-Upload parent=WAN_Upload queue=Silver-up priority=4
    add name=Unknown-Upload parent=WAN_Upload queue=Unknown-up priority=8
  add name=AS_Local_Upload parent=Upload priority=8 packet-mark=AS_Local
add name=Download parent=global-out limit-at=1000000000
  add name=WAN_Download parent=Download limit-at=44100000 priority=1 
    add name=Gold-WAN_Download parent=WAN_Download queue=Gold-down priority=1
    add name=Silver-WAN_Download parent=WAN_Download queue=Silver-down priority=4
    add name=Unknown-WAN_Download parent=WAN_Download queue=Unknown-down priority=8
  add name=AS_Local_Download parent=Download priority=8 packet-mark=AS_Local
On router B there's very similar rules, but there are two uplinks (ether1 and ether2) so DSCP must be translated to packet marks twice. The queues are the same.
/ip firewall mangle 
add chain=prerouting src-address-list=AS_Local dst-address-list=AS_Local action=mark-packet new-packet-mark=AS_Local passthrough=no
add chain=prerouting src-address-list=Silver_Customers_Local_To_Router action=mark-packet new-packet-mark=Silver passthrough=yes
add chain=prerouting packet-mark=Silver action=change-dscp new-dscp=3 passthrough=no
add chain=prerouting src-address-list=Gold_Customers_Local_To_Router action=mark-packet new-packet-mark=Gold passthrough=yes
add chain=prerouting packet-mark=Gold action=change-dscp new-dscp=4 passthrough=no
add chain=prerouting in-interface=ether1 dscp=4 action=mark-packet new-packet-mark=Gold passthrough=no
add chain=prerouting in-interface=ether1 dscp=3 action=mark-packet new-packet-mark=Silver passthrough=no
add chain=prerouting in-interface=ether1 dscp=2 action=mark-packet new-packet-mark=Unknown passthrough=no
add chain=prerouting in-interface=ether2 dscp=4 action=mark-packet new-packet-mark=Gold passthrough=no
add chain=prerouting in-interface=ether2 dscp=3 action=mark-packet new-packet-mark=Silver passthrough=no
add chain=prerouting in-interface=ether2 dscp=2 action=mark-packet new-packet-mark=Unknown passthrough=no
add chain=prerouting action=mark-packet new-packet-mark=Unknown passthrough=yes
add chain=prerouting packet-mark=Unknown action=change-dscp new-dscp=2 passthrough=no
On router A the ruleset again is similar, but connections must be marked for traffic going out the WAN interface so that return traffic can be assigned the right DSCP marks. The queues are the same.

First, mark connections going out to the WAN according to their DSCP value, and clear the DSCP value.
/ip firewall mangle
add chain=postrouting out-interface=ether1 dscp=4 action=mark-connection new-connection-mark=Gold passthrough=yes
add chain=postrouting connection-mark=Gold action=change-dscp new-dscp=0 passthrough=no
add chain=postrouting out-interface=ether1 dscp=3 action=mark-connection new-connection-mark=Silver passthrough=yes
add chain=postrouting connection-mark=Silver action=change-dscp new-dscp=0 passthrough=no
add chain=postrouting out-interface=ether1 dscp=2 action=mark-connection new-connection-mark=Unknown passthrough=yes
add chain=postrouting connection-mark=Unknown action=change-dscp new-dscp=0 passthrough=no
Start out with the usual ruleset for traffic that comes from locally connected customers as well as the uplink to router B:
/ip firewall mangle 
add chain=prerouting src-address-list=AS_Local dst-address-list=AS_Local action=mark-packet new-packet-mark=AS_Local passthrough=no
add chain=prerouting src-address-list=Silver_Customers_Local_To_Router action=mark-packet new-packet-mark=Silver passthrough=yes
add chain=prerouting packet-mark=Silver action=change-dscp new-dscp=3 passthrough=no
add chain=prerouting src-address-list=Gold_Customers_Local_To_Router action=mark-packet new-packet-mark=Gold passthrough=yes
add chain=prerouting packet-mark=Gold action=change-dscp new-dscp=4 passthrough=no
add chain=prerouting in-interface=ether2 dscp=4 action=mark-packet new-packet-mark=Gold passthrough=no
add chain=prerouting in-interface=ether2 dscp=3 action=mark-packet new-packet-mark=Silver passthrough=no
add chain=prerouting in-interface=ether2 dscp=2 action=mark-packet new-packet-mark=Unknown passthrough=no
Translate connection marks for traffic coming from the WAN back into packet marks and DSCP values
/ip firewall mangle
add chain=prerouting in-interface=ether1 connection-mark=Gold action=mark-packet new-packet-mark=Gold passthrough=yes
add chain=prerouting in-interface=ether1 connection-mark=Gold action=change-dscp new-dscp=4 passthrough=no
add chain=prerouting in-interface=ether1 connection-mark=Silver action=mark-packet new-packet-mark=Silver passthrough=yes
add chain=prerouting in-interface=ether1 connection-mark=Silver action=change-dscp new-dscp=4 passthrough=no
add chain=prerouting in-interface=ether1 action=mark-packet new-packet-mark=Unknown passthrough=yes
add chain=prerouting in-interface=ether1 packet-mark=Unknown action=change-dscp new-dscp=0 passthrough=no
And the usual fallback:
/ip firewall mangle
add chain=prerouting action=mark-packet new-packet-mark=Unknown passthrough=yes
add chain=prerouting packet-mark=Unknown action=change-dscp new-dscp=2 passthrough=no
There you go. Completely untested, might not work at all. Chupaka (or someone else) is hopefully going to pick that apart as there are far more knowledgeable people than me on this board when it comes to this kind of stuff.
You do not have the required permissions to view the files attached to this post.
 
newtoCS
newbie
Topic Author
Posts: 36
Joined: Wed Jul 14, 2010 11:04 pm

Re: How to make Queue trees

Tue Aug 24, 2010 5:13 am

There you go. Completely untested, might not work at all. Chupaka (or someone else) is hopefully going to pick that apart as there are far more knowledgeable people than me on this board when it comes to this kind of stuff.
Fewi, thanks very much. I am still trying to understand. will get back!

Who is online

Users browsing this forum: Bing [Bot] and 71 guests