As most of the people that went to investigate QoS, I started with the presentation from Megis.
The PCQ is mostly clear, even though I had to investigate further to configure this properly for a NATting router.
The config for the PCQ part was inspired by this thread: http://forum.mikrotik.com/viewtopic.php ... 80#p254980
I had to use global-out with individual marking for upstream and downstream traffic.
Now to the next part. Using the theory to have two stages of marking: first in prerouting to use that for the global-in queue in order to prioritise traffic; then second in forward to mark upstream and downstream and apply PCQ in global-out.
The issue here is that marking in the prerouting doesn't seem to get all the traffic when marking in forwarding chain is active i.e. when I start a 10Mbps http download the global-out (forward) is seeing the whole traffic. But at the same time the 'http_load' leaf in global-in (prerouting) gets only... 500kbps of http traffic. Naturally traffic prioritisation doesn't work.
If I disable the forward mangling rule (for PCQ) the prerouting rule suddenly sees the complete traffic.
Prerouting is before forward, so the marking of the prerouting would be overwritten by forward i know that, but how come the packet/byte counters are affected? If the same type of traffic is first market in prerouting, then later in forward, how would the packet/byte counters for said rules behave? Would only the counters on rule in forward increase or both in forward and in prerouting?
Am I using the prerouting mangling properly since I always first mark the connection and then the packets?
Thanks for all the suggestions.
ROS 5.24 @ RB2011UAS-2HND
Code: Select all
/ip firewall mangle
add action=mark-connection chain=prerouting disabled=no new-connection-mark=\
icmp-conn passthrough=yes protocol=icmp
add action=mark-packet chain=prerouting connection-mark=icmp-conn disabled=no \
new-packet-mark=icmp passthrough=no
add action=mark-connection chain=prerouting disabled=no dst-port=53 \
new-connection-mark=dns-conn passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting disabled=no dst-port=53 \
new-connection-mark=dns-conn passthrough=yes protocol=udp
add action=mark-packet chain=prerouting connection-mark=dns-conn disabled=no \
new-packet-mark=dns passthrough=no
add action=mark-connection chain=prerouting connection-bytes=500000-0 disabled=\
no dst-port=80,443 new-connection-mark=http_load-conn passthrough=yes \
protocol=tcp src-address=10.2.0.0/24
add action=mark-packet chain=prerouting connection-mark=http_load-conn \
disabled=no new-packet-mark=http_load passthrough=no
add action=mark-connection chain=prerouting connection-bytes=0-500000 disabled=\
no dst-port=80,443 new-connection-mark=http_req-conn passthrough=yes \
protocol=tcp src-address=10.2.0.0/24
add action=mark-packet chain=prerouting connection-mark=http_req-conn disabled=\
no new-packet-mark=http_req passthrough=no
add action=mark-connection chain=prerouting disabled=no dst-port=21 \
new-connection-mark=ftp-conn passthrough=yes protocol=tcp src-address=\
10.2.0.0/24
add action=mark-packet chain=prerouting connection-mark=ftp-conn disabled=no \
new-packet-mark=ftp passthrough=no
add action=mark-connection chain=forward disabled=no new-connection-mark=\
all_us-conn out-interface=ether10-gateway passthrough=yes
add action=mark-packet chain=forward connection-mark=all_us-conn disabled=no \
new-packet-mark=all_us out-interface=ether10-gateway passthrough=no
add action=mark-connection chain=forward disabled=no in-interface=\
ether10-gateway new-connection-mark=all_ds-conn passthrough=yes
add action=mark-packet chain=forward connection-mark=all_ds-conn disabled=no \
in-interface=ether10-gateway new-packet-mark=all_ds passthrough=no
Code: Select all
/queue tree
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=11300k name=Download packet-mark="" parent=global-out priority=\
1
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=1100k name=Upload packet-mark="" parent=global-out priority=1
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=Priority packet-mark="" parent=global-in priority=1
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=http_req packet-mark=http_req parent=Priority priority=3 \
queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=http_load packet-mark=http_load parent=Priority \
priority=7 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=dns packet-mark=dns parent=Priority priority=1 queue=\
default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=icmp packet-mark=icmp parent=Priority priority=1 queue=\
default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=PCQ_ds packet-mark=all_ds parent=Download priority=8 \
queue=DSL_download
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=PCQ_us packet-mark=all-us parent=Upload priority=8 \
queue=DSL_upload
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=ftp packet-mark=ftp parent=Priority priority=8 queue=\
default
Code: Select all
/queue type
add kind=pcq name=DSL_download pcq-burst-rate=0 pcq-burst-threshold=0 pcq-burst-time=10s \
pcq-classifier=dst-address pcq-dst-address-mask=32 pcq-dst-address6-mask=64 pcq-limit=\
100 pcq-rate=0 pcq-src-address-mask=32 pcq-src-address6-mask=64 pcq-total-limit=2000
add kind=pcq name=DSL_upload pcq-burst-rate=0 pcq-burst-threshold=0 pcq-burst-time=10s \
pcq-classifier=src-address pcq-dst-address-mask=32 pcq-dst-address6-mask=64 pcq-limit=\
100 pcq-rate=0 pcq-src-address-mask=32 pcq-src-address6-mask=64 pcq-total-limit=2000
