Community discussions

MikroTik App
 
WirelessRudy
Forum Guru
Forum Guru
Topic Author
Posts: 3097
Joined: Tue Aug 08, 2006 5:54 pm
Location: Spain

Wher to mangle for QoS in bridge mode

Wed Dec 01, 2010 8:14 pm

I have one router in bridge mode and want to do transparant QoS

I presume all mangle filters can be done in ´forward´ chain?

Also, do I need to use the incoming interface in each filter? I would think not but am I right?
If I have to, what will be the incoming interface? The local? Or the Bridge?

Or maybe I should use the src address range (/24) as classifier?

Do I have to tell filter where to look for the other classifiers to do the mangle? Can I leave source, destination or in-/out going interface alone (not mention it) and the fact I use "forward" chain means all traffic is mangled anyway.

I have the feeling my present QoS is not performing like it should.
 
Feklar
Forum Guru
Forum Guru
Posts: 1726
Joined: Tue Dec 01, 2009 11:46 pm

Re: Wher to mangle for QoS in bridge mode

Wed Dec 01, 2010 11:41 pm

Yes you can basically bridge two ports together and in this case it really won't matter what chain you mark packets on as the MikroTik is not going to be doing any of the routing, so the packets will not be altered in anyway by default. I've played around with this some, but not in any depth. Be sure to check to use the IP Firewall in the bridge configuration.

Unless you care about delivering higher quality of service to people based off of what IP they are coming in on, then you really don't need to specify the IP address. You just need to somehow classify your kinds of traffic and mark the packets accordingly.

As for where to place the queues, I would still use the physical interface as the parent as it will make things easier, however if you plan on having multiple uplink/downlik ports you can use the global-in and global-out as your parents. Also you will want to use Queue trees and not simple queues for what you want.
 
User avatar
fatonk
Member
Member
Posts: 439
Joined: Tue Feb 22, 2005 11:06 am
Location: Mitrovica/Kosova

Re: Wher to mangle for QoS in bridge mode

Thu Dec 02, 2010 12:38 am

Hi,

I have setup such "QoS" device in the network forwarding 1.2 gbit/s, and honestly I have no issues with it, what I have used is as follows;
Mangle rules are in forward chain (in bridge mode it's recommended chain to mark traffic).
Traffic is classified in different ways, by connection bytes, dst-ports, dst-address etc.
Queue-tree it is mandatory for good QoS solution, especially if there is any traffic priority.

Fr more details I can give you the export of my config.

Best regards.
 
WirelessRudy
Forum Guru
Forum Guru
Topic Author
Posts: 3097
Joined: Tue Aug 08, 2006 5:54 pm
Location: Spain

Re: Wher to mangle for QoS in bridge mode

Fri Dec 03, 2010 2:56 pm

I edited my mangle completely now.

Lan facing interface as well as internet facing interface are both in the bridge and "Use IP firewall" is enabled.
Mangle takes place in forward chain with first a set (conn marker followed by packet marker for that conns) that uses a /29 net for all my Voip/Skype devices on my network to give it highest priority.

Then all other filters are based on incoming bridge port and their other classifiers of need.

The Queue Tree is using now the resulting packet marks.
Here I use the physical ports (so not the bridge ports, mayby I should?) to queue on the incoming or outgoing direction.

I have a similar setup on yet another rb600 that is connected to 3 adsl lines.
The mangle here works in the forward chain without further port or network classifier. I presume I need to change this one no as well into at least incoming port basis.

The queues for this router are done on the local port with aggregated download speeds of the 3 adsl lines as rate while each public (PPoE connection) interface has its own set of queues whit the line speed as rate.

I thing this is the proper setup.
 
Feklar
Forum Guru
Forum Guru
Posts: 1726
Joined: Tue Dec 01, 2009 11:46 pm

Re: Wher to mangle for QoS in bridge mode

Fri Dec 03, 2010 5:02 pm

That all sounds right to me. The most important thing to remember in setting these things up, is the router cannot do anything about the traffic it has received on an interface, so for your WAN interface(s) the limit you set only affects the upload, for the LAN interface(s) it only affects download.
 
WirelessRudy
Forum Guru
Forum Guru
Topic Author
Posts: 3097
Joined: Tue Aug 08, 2006 5:54 pm
Location: Spain

Re: Wher to mangle for QoS in bridge mode

Sat Dec 04, 2010 12:55 am

That all sounds right to me. The most important thing to remember in setting these things up, is the router cannot do anything about the traffic it has received on an interface, so for your WAN interface(s) the limit you set only affects the upload, for the LAN interface(s) it only affects download.
Yes, I am aware of this. Hence the parent for download is put on the interface facing the LAN. In case of the 3-adsl router this mean I can use the combined download speed of these lines since they go throug one pipe to next LAN router that distributes traffic over the several networks.

On the upload I have to limit on each PPoE interface to guarantee priority is set and uploads limited for each line separately since they only have 800kbps upload.

I am only not 100% sure on what interfaces to use for the parents in the Queue in the transparent routers that just sits in-between my border router and a symmetric HQ line. Do I set the parent here to the physical port or to the physical bridge port?

Also, in this last case, I was thinking of using Global Total as parent and only one set of queues since both upload and download have the same speed. But when I do such no traffic flows through the queues.....
 
Feklar
Forum Guru
Forum Guru
Posts: 1726
Joined: Tue Dec 01, 2009 11:46 pm

Re: Wher to mangle for QoS in bridge mode

Sat Dec 04, 2010 1:12 am

I would place them on the physical interfaces myself, assuming that you are only using two ports. It will be just like your PPPoE configuration, uplink port for your total upload speed and downlink port for your total download speed.
 
WirelessRudy
Forum Guru
Forum Guru
Topic Author
Posts: 3097
Joined: Tue Aug 08, 2006 5:54 pm
Location: Spain

Re: Wher to mangle for QoS in bridge mode

Sat Dec 04, 2010 3:20 am

I would place them on the physical interfaces myself, assuming that you are only using two ports. It will be just like your PPPoE configuration, uplink port for your total upload speed and downlink port for your total download speed.
Well, it looks we haven't anything to choose. In the queue tree is no option to use ´bridge-port´ as parent so they are on the fysical ports.
 
macbook168
just joined
Posts: 3
Joined: Thu Nov 27, 2008 12:28 pm

Re: Wher to mangle for QoS in bridge mode

Wed Dec 08, 2010 6:52 am

I edited my mangle completely now.

Lan facing interface as well as internet facing interface are both in the bridge and "Use IP firewall" is enabled.
Mangle takes place in forward chain with first a set (conn marker followed by packet marker for that conns) that uses a /29 net for all my Voip/Skype devices on my network to give it highest priority.

Then all other filters are based on incoming bridge port and their other classifiers of need.

The Queue Tree is using now the resulting packet marks.
Here I use the physical ports (so not the bridge ports, mayby I should?) to queue on the incoming or outgoing direction.

I have a similar setup on yet another rb600 that is connected to 3 adsl lines.
The mangle here works in the forward chain without further port or network classifier. I presume I need to change this one no as well into at least incoming port basis.

The queues for this router are done on the local port with aggregated download speeds of the 3 adsl lines as rate while each public (PPoE connection) interface has its own set of queues whit the line speed as rate.

I thing this is the proper setup.
perhaps maybe u can share whit us your config script , i'm try to running a shaper @ bridge mode also. my case was http://forum.mikrotik.com/viewtopic.php?f=2&t=47288 , thank's before for your's kind..
 
WirelessRudy
Forum Guru
Forum Guru
Topic Author
Posts: 3097
Joined: Tue Aug 08, 2006 5:54 pm
Location: Spain

Re: Wher to mangle for QoS in bridge mode

Fri Dec 10, 2010 12:44 am

Here's my mangle export for the transparent QoS unit.
If any questions or remarks I will be happy to hear them...

/ip firewall mangle
add action=mark-connection chain=forward comment="\"VOIP\" srce address list traffic conn. marker" connection-state=new connection-type="" disabled=no \
new-connection-mark=U_high passthrough=yes src-address=84.232.92.192/26
add action=mark-packet chain=forward comment="\"U_high\" connection marked traffic gets \"U-High\" packet mark" connection-mark=U_high disabled=no \
new-packet-mark=U_HIGH passthrough=no
add action=mark-connection chain=forward comment="All tcp p2p protocol traffic conn. mrk" connection-state=new disabled=no in-bridge-port=local \
new-connection-mark=p2p p2p=all-p2p passthrough=yes protocol=tcp
add action=mark-connection chain=forward comment="All udp p2p protocol traffic conn. mrk" connection-state=new disabled=no in-bridge-port=local \
new-connection-mark=p2p p2p=all-p2p passthrough=yes protocol=udp
add action=mark-packet chain=forward comment="P2P MT Identified pakket marker is NOT passed through." connection-mark=p2p disabled=no new-packet-mark=LOW \
passthrough=no
add action=mark-connection chain=forward comment="ALL tcp traffic get \"all_conn\" conn. mark" connection-mark=!heavy_traffic_conn connection-state=new \
disabled=no in-bridge-port=local new-connection-mark=all_conn passthrough=yes
add action=mark-connection chain=forward comment="Heavy tcp traffic get \"heavy_traffic_conn\" conn. mark" connection-bytes=15000000-0 connection-mark=\
all_conn connection-rate=512k-100M disabled=no new-connection-mark=heavy_traffic_conn passthrough=yes protocol=tcp
add action=mark-connection chain=forward comment="Heavy udp traffic get \"heavy_traffic_conn\" conn. mark" connection-bytes=500000-0 connection-mark=\
all_conn connection-rate=512k-100M disabled=no new-connection-mark=heavy_traffic_conn passthrough=yes protocol=udp
add action=mark-packet chain=forward comment="heavy_traffic_user gets \"LOW\" Packet mark" connection-mark=heavy_traffic_conn disabled=no \
new-packet-mark=LOW passthrough=no
add action=mark-connection chain=forward comment="TOS 7 Conn. marker" connection-state=new disabled=no dscp=7 in-bridge-port=local new-connection-mark=\
U_high passthrough=yes
add action=mark-connection chain=forward comment="Dns udp conn. mrk" connection-state=new disabled=no dst-port=53 in-bridge-port=local \
new-connection-mark=U_high passthrough=yes protocol=udp
add action=mark-connection chain=forward comment="ICMP traffic" connection-state=new disabled=no in-bridge-port=local new-connection-mark=U_high \
passthrough=yes protocol=icmp
add action=mark-connection chain=forward comment="Winbox traffic" connection-state=new disabled=no dst-port=8291 in-bridge-port=local \
new-connection-mark=U_high passthrough=yes protocol=tcp
add action=mark-connection chain=forward comment="Imapi mail server Traffic" connection-state=new disabled=no dst-port=143,993 in-bridge-port=local \
new-connection-mark=U_high passthrough=yes protocol=tcp
add action=mark-packet chain=forward comment="\"U_high\" connection marked traffic gets \"U-High\" packet mark" connection-mark=U_high disabled=no \
new-packet-mark=U_HIGH passthrough=no
add action=mark-connection chain=forward comment="VOIP & SIP tcp traffic get conn. mrk \"High\"" connection-state=new disabled=no dst-port=5060-5070 \
in-bridge-port=local new-connection-mark=U_high passthrough=yes protocol=tcp src-port=1024-65535
add action=mark-connection chain=forward comment="VOIP & SIP udp traffic get conn. mrk \"High\"" connection-state=new disabled=no dst-port=\
5000-5010,5060-5070 in-bridge-port=local new-connection-mark=U_high passthrough=yes protocol=udp src-port=1024-65535
add action=mark-connection chain=forward comment="SkypeOut L7 traffic get conn. mrk \"High\"" connection-state=new disabled=no in-bridge-port=local \
layer7-protocol=skypeout new-connection-mark=U_high passthrough=yes
add action=mark-connection chain=forward comment="SkypeToSkype L7 traffic get conn. mrk \"High\"" connection-state=new disabled=no in-bridge-port=local \
layer7-protocol=skypetoskype_MT new-connection-mark=U_high passthrough=yes
add action=mark-connection chain=forward comment="Windows/MSN Voice tcp traffic get conn. mrk \"High\"" connection-state=new disabled=no dst-port=\
1863,2001-2120,6891-6901 in-bridge-port=local new-connection-mark=U_high passthrough=yes protocol=tcp src-port=1024-65535
add action=mark-connection chain=forward comment="Windows/MSN Voice udp traffic get conn. mrk \"High\"" connection-state=new disabled=no dst-port=1863 \
in-bridge-port=local new-connection-mark=U_high passthrough=yes protocol=udp src-port=1024-65535
add action=mark-connection chain=forward comment="MSN Pc to phone (udp-port) traffic get conn. mrk \"High\"" connection-state=new disabled=no dst-port=\
6801,6901,2001-2120 in-bridge-port=local new-connection-mark=U_high passthrough=yes protocol=udp
add action=mark-packet chain=forward comment="\"U_high\" connection marked traffic gets \"U-High\" packet mark" connection-mark=U_high disabled=no \
new-packet-mark=U_HIGH passthrough=no
add action=mark-connection chain=forward comment=TEST disabled=yes in-bridge-port=local new-connection-mark=High passthrough=yes src-address=84.232.92.13
add action=mark-connection chain=forward comment="SSH conn. mrk " connection-state=new disabled=no dst-port=22 in-bridge-port=local new-connection-mark=\
High passthrough=yes protocol=tcp src-port=1024-65535
add action=mark-connection chain=forward comment="SSL conn. mrk" connection-state=new disabled=no dst-port=443 in-bridge-port=local new-connection-mark=\
High passthrough=yes protocol=tcp src-port=1024-65535
add action=mark-connection chain=forward comment="Streaming video" connection-state=new disabled=no dst-port=554 in-bridge-port=local \
new-connection-mark=High passthrough=yes protocol=tcp src-port=1024-65535
add action=mark-connection chain=forward comment="PlayStation udp conn. mark" connection-state=new disabled=no dst-port=3074,3478-3479 begin_of_the_skype_highlighting              3478-3479      end_of_the_skype_highlighting begin_of_the_skype_highlighting              3478-3479      end_of_the_skype_highlighting,3658 \
in-bridge-port=local new-connection-mark=High passthrough=yes protocol=udp src-port=1024-65535
add action=mark-connection chain=forward comment="PlayStation tcp conn. mark" connection-state=new disabled=no dst-port=5223 in-bridge-port=local \
new-connection-mark=High passthrough=yes protocol=tcp src-port=1024-65535
add action=mark-connection chain=forward comment="Yahoo Messenger, Voice, Chat & Webcam conn. mrk" connection-state=new disabled=no dst-port=\
5000-5010,5050,5100 in-bridge-port=local new-connection-mark=High passthrough=yes protocol=tcp src-port=1024-65535
add action=mark-connection chain=forward comment="Windows REMOTE DESKTOP conn. mrk" connection-state=new disabled=no dst-port=3389 in-bridge-port=local \
new-connection-mark=High passthrough=yes protocol=tcp src-port=1024-65535
add action=mark-connection chain=forward comment="AOL Messenger, ICQconn. mrk" connection-state=new disabled=no dst-port=5190-5193 in-bridge-port=local \
new-connection-mark=High passthrough=yes protocol=tcp src-port=1024-65535
add action=mark-connection chain=forward comment="VCN Remote control conn. mrk" connection-state=new disabled=no dst-port=5900-5901 in-bridge-port=local \
new-connection-mark=High passthrough=yes protocol=tcp src-port=1024-65535
add action=mark-packet chain=forward comment="\"High\" connection marked traffic gets \"HIGH\" packet mark" connection-mark=High disabled=no \
new-packet-mark=HIGH passthrough=no
add action=mark-connection chain=forward comment="HTTP conn. mrk" connection-state=new disabled=no dst-port=80 in-bridge-port=local new-connection-mark=\
normal-traffic passthrough=yes protocol=tcp src-port=1024-65535
add action=mark-connection chain=forward comment="News (ARPHA) conn. mrk" connection-state=new disabled=no dst-port=119 in-bridge-port=local \
new-connection-mark=normal-traffic passthrough=yes protocol=tcp src-port=1024-65535
add action=mark-connection chain=forward comment="SMTP (tcp port 25) conn. mrk (Client send mail to mail server)" connection-state=new disabled=no \
dst-port=25 in-bridge-port=local new-connection-mark=normal-traffic passthrough=yes protocol=tcp src-port=1024-65535
add action=mark-connection chain=forward comment="POP3 (tcp port 110) conn. mrk (Client request mail fm. mail server)" connection-state=new disabled=no \
dst-port=110 in-bridge-port=local new-connection-mark=normal-traffic passthrough=yes protocol=tcp src-port=1024-65535
add action=mark-connection chain=forward comment="tft conn. mrk" connection-state=new disabled=no dst-port=21 in-bridge-port=local new-connection-mark=\
normal-traffic passthrough=yes protocol=tcp src-port=1024-65535
add action=mark-packet chain=forward comment="All \"normal_traffic\"` marked conns. get packet mark \"MED\"" connection-mark=normal-traffic disabled=no \
new-packet-mark=MED passthrough=no
add action=mark-connection chain=forward comment="connections not marked yet get conn mark \"low\"" connection-mark=no-mark disabled=no in-bridge-port=\
local new-connection-mark=low passthrough=yes
add action=mark-connection chain=forward comment="Packet still withour mark get new conn mark \"low\"" disabled=no in-bridge-port=local \
new-connection-mark=low packet-mark=no-mark passthrough=yes
add action=mark-packet chain=forward comment="\"low\" marked conns get new packet mark \"LOW
\"" connection-mark=low disabled=no in-bridge-port=local \
new-packet-mark=LOW passthrough=no
 
WirelessRudy
Forum Guru
Forum Guru
Topic Author
Posts: 3097
Joined: Tue Aug 08, 2006 5:54 pm
Location: Spain

Re: Wher to mangle for QoS in bridge mode

Fri Dec 10, 2010 12:47 am

And here's my Queue tree:

/queue tree
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=19M name=Servic_DWN parent=local priority=5
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=9M max-limit=19M name=UHP-D packet-mark=U_HIGH parent=Servic_DWN priority=1 queue=\
pcq_dwn
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=4M max-limit=19M name=HP-DWN packet-mark=HIGH parent=Servic_DWN priority=3 queue=\
pcq_dwn
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=3M max-limit=19M name=MP-DWN packet-mark=MED parent=Servic_DWN priority=5 queue=\
pcq_dwn
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=3M max-limit=19M name=LP-DWN packet-mark=LOW parent=Servic_DWN priority=8 queue=\
pcq_dwn
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=19M name=Servic_Up parent=WAN1 priority=4
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=9M max-limit=19M name=UHP-U packet-mark=U_HIGH parent=Servic_Up priority=1 queue=\
pcq_up
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=4M max-limit=19M name=HP-U packet-mark=HIGH parent=Servic_Up priority=3 queue=\
pcq_up
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=3M max-limit=19M name=MED-U packet-mark=MED parent=Servic_Up priority=5 queue=\
pcq_up
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=3M max-limit=19M name=LOW-U packet-mark=LOW parent=Servic_Up priority=8 queue=\
pcq_up



/queue type
set default kind=pfifo name=default pfifo-limit=50
set ethernet-default kind=pfifo name=ethernet-default pfifo-limit=50
set wireless-default kind=sfq name=wireless-default sfq-allot=1514 sfq-perturb=5
set synchronous-default kind=red name=synchronous-default red-avg-packet=1000 red-burst=20 red-limit=60 red-max-threshold=50 red-min-threshold=10
set hotspot-default kind=sfq name=hotspot-default sfq-allot=1514 sfq-perturb=5
add kind=pcq name=pcq pcq-classifier=src-address,dst-address pcq-limit=50 pcq-rate=0 pcq-total-limit=2000
add kind=pcq name=pcq_dwn pcq-classifier=dst-address pcq-limit=50 pcq-rate=0 pcq-total-limit=2000
add kind=pcq name=pcq_up pcq-classifier=src-address pcq-limit=50 pcq-rate=0 pcq-total-limit=2000
add kind=pcq name=P2P_pcq-up pcq-classifier=src-address pcq-limit=50 pcq-rate=265000 pcq-total-limit=2000
add kind=pcq name=P2P_pcq_dwn pcq-classifier=dst-address pcq-limit=50 pcq-rate=1000000 pcq-total-limit=2000
set default-small kind=pfifo name=default-small pfifo-limit=10
 
WirelessRudy
Forum Guru
Forum Guru
Topic Author
Posts: 3097
Joined: Tue Aug 08, 2006 5:54 pm
Location: Spain

Re: Wher to mangle for QoS in bridge mode

Fri Dec 10, 2010 12:52 am

/interface ethernet
set 0 arp=enabled auto-negotiation=yes comment="" disabled=no full-duplex=yes l2mtu=1600 mac-address=00:0C:42:28:D7:C1 mtu=1500 name=local speed=100Mbps
set 1 arp=enabled auto-negotiation=yes comment="" disabled=no full-duplex=yes l2mtu=1600 mac-address=00:0C:42:28:D7:C2 mtu=1500 name=ether2 speed=100Mbps
set 2 arp=proxy-arp auto-negotiation=yes comment="" disabled=no full-duplex=yes l2mtu=1600 mac-address=00:0C:42:28:D7:C3 mtu=1500 name=WAN1 speed=100Mbps

/interface bridge
add admin-mac=00:0C:42:20:81:A5 ageing-time=5m arp=enabled auto-mac=yes comment="" disabled=no forward-delay=15s l2mtu=1600 max-message-age=20s mtu=1500 \
name=bridge1 priority=0x8000 protocol-mode=none transmit-hold-count=6

/interface bridge port
add bridge=bridge1 comment="" disabled=no edge=auto external-fdb=auto horizon=none interface=local path-cost=10 point-to-point=auto priority=0x80
add bridge=bridge1 comment="" disabled=no edge=auto external-fdb=auto horizon=none interface=WAN1 path-cost=10 point-to-point=auto priority=0x80

/interface bridge settings
set use-ip-firewall=yes use-ip-firewall-for-pppoe=no use-ip-firewall-for-vlan=no
 
prince90s
just joined
Posts: 22
Joined: Sun Jan 23, 2011 9:44 pm

Re: Wher to mangle for QoS in bridge mode

Mon Jan 24, 2011 10:25 am

hi,thank you.I‘ll test it.
 
roiti
just joined
Posts: 3
Joined: Fri Jun 29, 2012 4:12 pm

Re: Wher to mangle for QoS in bridge mode

Fri Jun 29, 2012 4:49 pm

how was the test? Now I'm trial this configuration, only with small change in the mangle...
 
WirelessRudy
Forum Guru
Forum Guru
Topic Author
Posts: 3097
Joined: Tue Aug 08, 2006 5:54 pm
Location: Spain

Re: Wher to mangle for QoS in bridge mode

Mon Jul 02, 2012 11:26 am

how was the test? Now I'm trial this configuration, only with small change in the mangle...
?? 18 months between last message and your question..... :?
Show your appreciation of this post by giving me Karma! Thanks.

Rudy R. Puister

WISP operator based on MT routerboard & ROS.
 
roiti
just joined
Posts: 3
Joined: Fri Jun 29, 2012 4:12 pm

Re: Wher to mangle for QoS in bridge mode

Mon Jul 02, 2012 6:21 pm

I'm sorry. I'm new in this Forum... :(

Who is online

Users browsing this forum: CoMMyz and 92 guests