Community discussions

MUM Europe 2020
 
midsizewisp
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 54
Joined: Tue Dec 08, 2009 10:34 pm

Seeing BGP/OSPF Traffic in Queue Tree

Thu Jun 13, 2013 12:27 am

I'm tagging BGP/OSPF traffic in the firewall with mangle rules. I show the counters increasing on the mangle rules showing the traffic is tagged. However, in queue tree, I'm looking for the tagged packets, but getting nothing.

Mangle Rules
/ip firewall mangle
add action=mark-connection chain=prerouting comment="Prioritize BGP" \
disabled=no dst-port=179 new-connection-mark=bgp_conn passthrough=yes \
protocol=tcp
add action=mark-connection chain=prerouting disabled=no new-connection-mark=\
bgp_conn passthrough=yes protocol=tcp src-port=179
add action=mark-packet chain=prerouting comment="Prioritize OSPF" disabled=no \
new-packet-mark=bgp passthrough=no protocol=ospf
add action=mark-packet chain=prerouting comment="Prioritize BGP Packet" \
connection-mark=bgp_conn disabled=no new-packet-mark=bgp passthrough=no
Queue Tree
/queue tree
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=25M \
max-limit=25M name=all_out packet-mark="" parent=ether2 priority=8
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=bgp_out packet-mark=bgp parent=all_out priority=1 queue=\
default
Any idea why the counters in the queue tree aren't showing any packets passing through them?
 
User avatar
Cha0s
Forum Veteran
Forum Veteran
Posts: 923
Joined: Tue Oct 11, 2005 4:53 pm

Re: Seeing BGP/OSPF Traffic in Queue Tree

Sat Aug 01, 2015 4:19 am

Did you find any solution to this?

I have the same problem.

I am trying to give priority to BGP and BFD so when the uplink is congested BFD won't drop the BGP peer.

While mangle rules count the matched packets for both BGP and BFD, the queues do not match any packets.
 
lambert
Long time Member
Long time Member
Posts: 537
Joined: Fri Jul 23, 2010 1:09 am

Re: Seeing BGP/OSPF Traffic in Queue Tree

Sat Aug 01, 2015 5:28 am

I'm tagging BGP/OSPF traffic in the firewall with mangle rules. I show the counters increasing on the mangle rules showing the traffic is tagged. However, in queue tree, I'm looking for the tagged packets, but getting nothing.

Mangle Rules
<snip>

Queue Tree
/queue tree
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=25M \
max-limit=25M name=all_out packet-mark="" parent=ether2 priority=8
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=bgp_out packet-mark=bgp parent=all_out priority=1 queue=\
default
Any idea why the counters in the queue tree aren't showing any packets passing through them?
Which counters in the queue tree? Does all_out show any packets matched? Showing us the results of
 
 /queue tree print packets
may help us understand what you mean exactly.

Do you see connections in /ip firewall connections with the bgp_conn connection mark?

Are there other mangle rules or queue tree entries which you didn't show to simplify the question? If so, they could be causing issues.

Shouldn't you also have a queue tree entry for packet-mark=!bgp so that you can limit non-bgp traffic at 24M thereby reserving enough room for your BGP packets to get through without too much latency? It will also tell you if you have packets being matched which do not have the bgp packet-mark because there should be counters incrementing on that one.

For priorities to work, I think they have to be at the same branch level of the tree. Without more entries under all_out, there is nothing to prioritize/de-prioritize vs anything else.
 
User avatar
Cha0s
Forum Veteran
Forum Veteran
Posts: 923
Joined: Tue Oct 11, 2005 4:53 pm

Re: Seeing BGP/OSPF Traffic in Queue Tree

Sun Aug 02, 2015 3:25 pm

Did you find any solution to this?

I have the same problem.

I am trying to give priority to BGP and BFD so when the uplink is congested BFD won't drop the BGP peer.

While mangle rules count the matched packets for both BGP and BFD, the queues do not match any packets.
In my case it was just bad configuration on my part. Queuing for BGP/BFD works perfectly fine.
Also those packets are generated with DSCP(TOS) 48 by defalult, so they are easily mark-able :)

Who is online

Users browsing this forum: darkprocess, InoX, mada3k and 106 guests