Hi
what is the DSCP marking for SSL (https)
i want to prioritise sites like gmail .. https://www.mail.google.com
Re: how to mark SSL with DSCP?
Hi,
correct me, if i'm wrong, but DSCP is the wrong way, because you don't have any influence on
the internet Routers and they will definitely not 'look' at your DSCP Value. What you need to go
for is priority Queues.
http://wiki.mikrotik.com/wiki/Manual:Qu ... Q_Examples
regards
correct me, if i'm wrong, but DSCP is the wrong way, because you don't have any influence on
the internet Routers and they will definitely not 'look' at your DSCP Value. What you need to go
for is priority Queues.
http://wiki.mikrotik.com/wiki/Manual:Qu ... Q_Examples
regards
Re: how to mark SSL with DSCP?
hi thanks for the reply.Hi,
correct me, if i'm wrong, but DSCP is the wrong way, because you don't have any influence on
the internet Routers and they will definitely not 'look' at your DSCP Value. What you need to go
for is priority Queues.
http://wiki.mikrotik.com/wiki/Manual:Qu ... Q_Examples
regards
but i am using DSCP and it is recognising different sorts of traffic, but, not ssl.
i followed this tut:
http://wiki.mikrotik.com/wiki/DSCP_based_QoS_with_HTB
Re: how to mark SSL with DSCP?
Looks like in the example above the router 'looks' at the DSCP Value and sort the Traffic into the appropriate queues. So you need do set a DSCP Value to your SSL Traffic, that it getshi thanks for the reply.Hi,
correct me, if i'm wrong, but DSCP is the wrong way, because you don't have any influence on
the internet Routers and they will definitely not 'look' at your DSCP Value. What you need to go
for is priority Queues.
http://wiki.mikrotik.com/wiki/Manual:Qu ... Q_Examples
regards
but i am using DSCP and it is recognising different sorts of traffic, but, not ssl.
i followed this tut:
http://wiki.mikrotik.com/wiki/DSCP_based_QoS_with_HTB
sorted into the right queue.
Re: how to mark SSL with DSCP?
yeah, how do i do it?Looks like in the example above the router 'looks' at the DSCP Value and sort the Traffic into the appropriate queues. So you need do set a DSCP Value to your SSL Traffic, that it getshi thanks for the reply.Hi,
correct me, if i'm wrong, but DSCP is the wrong way, because you don't have any influence on
the internet Routers and they will definitely not 'look' at your DSCP Value. What you need to go
for is priority Queues.
http://wiki.mikrotik.com/wiki/Manual:Qu ... Q_Examples
regards
but i am using DSCP and it is recognising different sorts of traffic, but, not ssl.
i followed this tut:
http://wiki.mikrotik.com/wiki/DSCP_based_QoS_with_HTB
sorted into the right queue.
Re: how to mark SSL with DSCP?
can you try to mangle dscp value in the pre-routing chain ?!?
Re: how to mark SSL with DSCP?
i tried this, [below] but it did not work.can you try to mangle dscp value in the pre-routing chain ?!?
Code: Select all
add action=mark-packet chain=forward comment="" disabled=no dst-port=443 \
new-packet-mark=ssl passthrough=yes protocol=tcpCode: Select all
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=queue1 packet-mark=ssl parent=ether2 priority=1 \
queue=defaultRe: how to mark SSL with DSCP?
A mangle rule with dest port 443, new dscp value 42 and chain
prerouting should do it. Dont know if it works in the forward chain
if the rule is somewhere at the top.
prerouting should do it. Dont know if it works in the forward chain
if the rule is somewhere at the top.
Re: how to mark SSL with DSCP?
i tried this:
then it picks up the SSL connections (i can see the stats moving whenever i access a ssl site)
BUT, the queue doesnt catch it. i did the queue in the following way:
i tried switching passthrough on but still never work
Code: Select all
/ip firewall mangle
add action=mark-packet chain=forward comment=dscp_42 disabled=no dst-port=443 \
new-packet-mark=ssl passthrough=no protocol=tcpBUT, the queue doesnt catch it. i did the queue in the following way:
Code: Select all
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=queue1 packet-mark=ssl parent=global-in priority=1 \
queue=defaulRe: how to mark SSL with DSCP?
btw, how about doing this?:
shouldnt that set the ssl to high priority?
Code: Select all
add action=set-priority chain=forward comment=dscp_42 disabled=no dst-port=\
443 new-priority=1 passthrough=yes protocol=tcp
Re: how to mark SSL with DSCP?
that 'priority' is either 802.1p field, or something about wifi and WMM - it's one more field for packet, it does not affect packet processing directly (well, in case of WMM it does 
)
)Re: how to mark SSL with DSCP?
i would try this:
/ip firewall mangle
add action=change-dscp chain=prerouting disabled=no dst-port=443 new-dscp=42 \
protocol=tcp
/ip firewall mangle
add action=change-dscp chain=prerouting disabled=no dst-port=443 new-dscp=42 \
protocol=tcp