I have a long post: http://forum.mikrotik.com/viewtopic.php ... 19#p365019 ,but here ask about something more simple and concrete.
I want to control incoming and outgoing traffic through a typical tree (for http, p2p, etc.). Both trees (download an upload) have branches for http, p2p, etc.
Where should mark packets in mangle? Is it necessary to mark once to the incoming traffic and again for outbound traffic? Is it enough to mark traffic once in prerouting or forward or posrouting? if yes, wich?
Currently, in my mangle, I mark in PREROUTING for incoming traffic (for the download tree), and mark in POSTROUTING for outgoing traffic (for processing in the upload tree).
Re: Where to mark packets in mangle?
I mark in prerouting for my tree queuing. Prerouting means before the routing decision is made.
Re: Where to mark packets in mangle?
Only in prerouting? Is this point valid for marck packets for process in download tree AND upload tree?
Then you use the same packet mark fot both trees?
Thanks
Then you use the same packet mark fot both trees?
Thanks
Re: Where to mark packets in mangle?
I could be wrong but I am pretty sure I only use the prerouting chain and the mark stays until the packet is remarked or the packet leaves the router.
You should be able to test by adding a mark and the create a passthrough counter in the post routing chain and see if they both increment.
You should be able to test by adding a mark and the create a passthrough counter in the post routing chain and see if they both increment.
Re: Where to mark packets in mangle?
Then you use the same mark for upload tree?, or you are not controling upload?
thank you very much for your help
thank you very much for your help
Re: Where to mark packets in mangle?
Whenever possible you only want to queue on egress. When you queue on ingress your taking a packet that you have already received and delaying or discarding them.
One case that queuing on ingress is useful is when you want to drop unimportant traffic in order to ensure that important traffic always has headroom. For example if your ingress is queued at 10Mbps by another carrier but they are not guaranteeing any quality you could queue the ingress at 9.5Mbps to ensure that you choose which packets to drop rather then the up-line. Then you can prioritize traffic within that queue. If an when you hit the queue limit you can be sure which traffic is dropped.
Another case for queuing ingress would be controlling speed on down line equipment like a customers radio that you manage. If possible you want to queue on your equipment up-line on egress rather on the down-line on ingress.
Furthermore, after getting off my iphone and back to my imac I found that I misled you. I was not marking packets on prerouting I am actually using the postrouting mangle chain. I do all of my queue config by copy & paste form some text documents that I maintain. I have a dropbox folder with about 15 text files that I use to configure my MikroTiks.
I am only using sfq for QoS
Then in the addPacketMarks chain I use code like the following:
I have about 15 more rules in the various Packet Priority Chains.
Then I queue on my interface like this:
One case that queuing on ingress is useful is when you want to drop unimportant traffic in order to ensure that important traffic always has headroom. For example if your ingress is queued at 10Mbps by another carrier but they are not guaranteeing any quality you could queue the ingress at 9.5Mbps to ensure that you choose which packets to drop rather then the up-line. Then you can prioritize traffic within that queue. If an when you hit the queue limit you can be sure which traffic is dropped.
Another case for queuing ingress would be controlling speed on down line equipment like a customers radio that you manage. If possible you want to queue on your equipment up-line on egress rather on the down-line on ingress.
Furthermore, after getting off my iphone and back to my imac I found that I misled you. I was not marking packets on prerouting I am actually using the postrouting mangle chain. I do all of my queue config by copy & paste form some text documents that I maintain. I have a dropbox folder with about 15 text files that I use to configure my MikroTiks.
I am only using sfq for QoS
Code: Select all
/queue type set 0 kind=sfq
/queue type set 2 kind=sfq
/queue type set 6 kind=sfq
/ip firewall mangle
add action=jump chain=postrouting comment="jump to addPacketMarks Chain" \
jump-target=addPacketMarks
Code: Select all
add action=jump chain=addPacketMarks comment="jump to setPacketPriorityForVoIP Chain"\
jump-target=setPacketPriorityForVoIP dst-address=204.106.xxx.xxx/xx
add action=jump chain=addPacketMarks comment="jump to setPacketPriorityForVoIP Chain"\
jump-target=setPacketPriorityForVoIP src-address=204.106.xxx.xxx/xx
add action=mark-packet chain=setPacketPriorityForVoIP comment="Important UDP communication with VoIP server"\
new-packet-mark=voip-packet passthrough=no port=1024-65535 protocol=udp
Then I queue on my interface like this:
Code: Select all
#Set interface here
:global interfaceBandwidth "25M"
:global outboundInterface "ether5-somewhereBH"
:global parentPrefix "somewhereBH"
:global parentQueue ($parentPrefix . "_InterfaceQueue")
:global queueType "wireless-default"
/queue tree
add max-limit=$interfaceBandwidth name=$parentQueue parent=$outboundInterface priority=8 queue=$queueType
add name=($parentPrefix . "_Network-MGMT")\
packet-mark=network-mgmt-packet parent=$parentQueue priority=1 queue=$queueType
add name=($parentPrefix . "_Essential")\
packet-mark=essential-packet parent=$parentQueue priority=2 queue=$queueType
add name=($parentPrefix . "_VoIP")\
packet-mark=voip-packet parent=$parentQueue priority=3 queue=$queueType
add name=($parentPrefix . "_VoIP-MGMT")\
packet-mark=voip-mgmt-packet parent=$parentQueue priority=4 queue=$queueType
add name=($parentPrefix . "_Elivated")\
packet-mark=elivated-packet parent=$parentQueue priority=5 queue=$queueType
add name=($parentPrefix . "_Important")\
packet-mark=important-packet parent=$parentQueue priority=6 queue=$queueType
add name=($parentPrefix . "_Bulk")\
packet-mark=no-mark parent=$parentQueue priority=7 queue=$queueType
add name=($parentPrefix . "_Penalized")\
packet-mark=penalized-packet parent=$parentQueue priority=8 queue=$queueType
You do not have the required permissions to view the files attached to this post.