Community discussions

MikroTik App
 
_saik0
Member Candidate
Member Candidate
Topic Author
Posts: 127
Joined: Sun Aug 26, 2007 11:18 pm

QoS - PCQ and prioritisation with NAT

Sat Mar 09, 2013 2:34 pm

Hi,

As most of the people that went to investigate QoS, I started with the presentation from Megis.
The PCQ is mostly clear, even though I had to investigate further to configure this properly for a NATting router.

The config for the PCQ part was inspired by this thread: http://forum.mikrotik.com/viewtopic.php ... 80#p254980
I had to use global-out with individual marking for upstream and downstream traffic.

Now to the next part. Using the theory to have two stages of marking: first in prerouting to use that for the global-in queue in order to prioritise traffic; then second in forward to mark upstream and downstream and apply PCQ in global-out.

The issue here is that marking in the prerouting doesn't seem to get all the traffic when marking in forwarding chain is active i.e. when I start a 10Mbps http download the global-out (forward) is seeing the whole traffic. But at the same time the 'http_load' leaf in global-in (prerouting) gets only... 500kbps of http traffic. Naturally traffic prioritisation doesn't work.
If I disable the forward mangling rule (for PCQ) the prerouting rule suddenly sees the complete traffic.


Prerouting is before forward, so the marking of the prerouting would be overwritten by forward i know that, but how come the packet/byte counters are affected? If the same type of traffic is first market in prerouting, then later in forward, how would the packet/byte counters for said rules behave? Would only the counters on rule in forward increase or both in forward and in prerouting?

Am I using the prerouting mangling properly since I always first mark the connection and then the packets?

Thanks for all the suggestions.

ROS 5.24 @ RB2011UAS-2HND
/ip firewall mangle
add action=mark-connection chain=prerouting disabled=no new-connection-mark=\
    icmp-conn passthrough=yes protocol=icmp
add action=mark-packet chain=prerouting connection-mark=icmp-conn disabled=no \
    new-packet-mark=icmp passthrough=no
add action=mark-connection chain=prerouting disabled=no dst-port=53 \
    new-connection-mark=dns-conn passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting disabled=no dst-port=53 \
    new-connection-mark=dns-conn passthrough=yes protocol=udp
add action=mark-packet chain=prerouting connection-mark=dns-conn disabled=no \
    new-packet-mark=dns passthrough=no
add action=mark-connection chain=prerouting connection-bytes=500000-0 disabled=\
    no dst-port=80,443 new-connection-mark=http_load-conn passthrough=yes \
    protocol=tcp src-address=10.2.0.0/24
add action=mark-packet chain=prerouting connection-mark=http_load-conn \
    disabled=no new-packet-mark=http_load passthrough=no
add action=mark-connection chain=prerouting connection-bytes=0-500000 disabled=\
    no dst-port=80,443 new-connection-mark=http_req-conn passthrough=yes \
    protocol=tcp src-address=10.2.0.0/24
add action=mark-packet chain=prerouting connection-mark=http_req-conn disabled=\
    no new-packet-mark=http_req passthrough=no
add action=mark-connection chain=prerouting disabled=no dst-port=21 \
    new-connection-mark=ftp-conn passthrough=yes protocol=tcp src-address=\
    10.2.0.0/24
add action=mark-packet chain=prerouting connection-mark=ftp-conn disabled=no \
    new-packet-mark=ftp passthrough=no
add action=mark-connection chain=forward disabled=no new-connection-mark=\
    all_us-conn out-interface=ether10-gateway passthrough=yes
add action=mark-packet chain=forward connection-mark=all_us-conn disabled=no \
    new-packet-mark=all_us out-interface=ether10-gateway passthrough=no
add action=mark-connection chain=forward disabled=no in-interface=\
    ether10-gateway new-connection-mark=all_ds-conn passthrough=yes
add action=mark-packet chain=forward connection-mark=all_ds-conn disabled=no \
    in-interface=ether10-gateway new-packet-mark=all_ds passthrough=no
/queue tree
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=11300k name=Download packet-mark="" parent=global-out priority=\
    1
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=1100k name=Upload packet-mark="" parent=global-out priority=1
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=Priority packet-mark="" parent=global-in priority=1
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=http_req packet-mark=http_req parent=Priority priority=3 \
    queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=http_load packet-mark=http_load parent=Priority \
    priority=7 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=dns packet-mark=dns parent=Priority priority=1 queue=\
    default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=icmp packet-mark=icmp parent=Priority priority=1 queue=\
    default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=PCQ_ds packet-mark=all_ds parent=Download priority=8 \
    queue=DSL_download
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=PCQ_us packet-mark=all-us parent=Upload priority=8 \
    queue=DSL_upload
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=ftp packet-mark=ftp parent=Priority priority=8 queue=\
    default
/queue type
add kind=pcq name=DSL_download pcq-burst-rate=0 pcq-burst-threshold=0 pcq-burst-time=10s \
    pcq-classifier=dst-address pcq-dst-address-mask=32 pcq-dst-address6-mask=64 pcq-limit=\
    100 pcq-rate=0 pcq-src-address-mask=32 pcq-src-address6-mask=64 pcq-total-limit=2000
add kind=pcq name=DSL_upload pcq-burst-rate=0 pcq-burst-threshold=0 pcq-burst-time=10s \
    pcq-classifier=src-address pcq-dst-address-mask=32 pcq-dst-address6-mask=64 pcq-limit=\
    100 pcq-rate=0 pcq-src-address-mask=32 pcq-src-address6-mask=64 pcq-total-limit=2000
 
_saik0
Member Candidate
Member Candidate
Topic Author
Posts: 127
Joined: Sun Aug 26, 2007 11:18 pm

Re: QoS - PCQ and prioritisation with NAT

Mon Mar 11, 2013 2:01 am

anyone?

or is everyone at MUM? :)
 
_saik0
Member Candidate
Member Candidate
Topic Author
Posts: 127
Joined: Sun Aug 26, 2007 11:18 pm

Re: QoS - PCQ and prioritisation with NAT

Thu Mar 21, 2013 12:37 pm

Someone PLEASE help?

Thanks!
 
tmcnulty1982
just joined
Posts: 11
Joined: Sat Feb 13, 2016 11:29 pm

Re: QoS - PCQ and prioritisation with NAT

Wed Jul 06, 2016 7:15 am

Did you ever figure this out? I am having a similar issue. I am downloading an Ubuntu ISO at 3.2MB/sec:
Screen Shot 2016-07-06 at 12.12.46 AM.png
however, the firewall rules show only ~2000 KB downloaded total:
Screen Shot 2016-07-06 at 12.13.01 AM.png
My rules are as follows:
/ip firewall mangle
add action=mark-packet chain=prerouting in-interface=bridge new-packet-mark=client_upload
add action=mark-packet chain=prerouting in-interface=outside new-packet-mark=client_download
You do not have the required permissions to view the files attached to this post.
 
User avatar
chechito
Forum Guru
Forum Guru
Posts: 1769
Joined: Sun Aug 24, 2014 3:14 am
Location: Bogota Colombia
Contact:

Re: QoS - PCQ and prioritisation with NAT

Fri Jul 08, 2016 7:27 am

try the following:

step 1. Mark the connection on prerouting chain
step 2. Then mark the packets for upload traffic with the corresponding mark different form the mark used for download traffic, on postrouting chain and matching the connection mark of step 1 and matching the out interface the wan interface you are using, uncheck pass-through
step 3. Then mark the packets for download traffic with the corresponding mark different form the mark used for upload traffic, on prerouting chain and matching the connection mark of step 1 and matching the in interface  the wan interface you are using, uncheck pass-through

with this you will have marked the packets to use that packet mark for queue tree

something like this:
add action=mark-connection chain=prerouting comment=RDP connection-state=new dst-port=3389,3390 new-connection-mark=RDP passthrough=no protocol=tcp
add action=mark-connection chain=prerouting connection-state=new dst-port=3389,3390 new-connection-mark=RDP passthrough=no protocol=udp
add action=mark-packet chain=postrouting connection-mark=RDP new-packet-mark=RDP_U out-interface=wan1 passthrough=no
add action=mark-packet chain=prerouting connection-mark=RDP in-interface=wan1 new-packet-mark=RDP_D passthrough=no

Who is online

Users browsing this forum: carlosaat, CheshirCa, meetriks, Zacharias and 153 guests