Community discussions

MikroTik App
 
eivind
newbie
Topic Author
Posts: 30
Joined: Sat Aug 18, 2007 3:12 am

QoS on clean switch

Wed Apr 02, 2014 4:56 pm

I've been using a QoS script from the guy calling himself bax, and it still works exellent for my purpose.

Is it possible to use mangle and Queue-tree on a clean CCR switch? I have tried a lot of different setups, but cannot get it to queue traffic.
The switch has no nat or routing. Just a bridge with connected ethernet ports. As simple as it can be.
The basic plan is to queue traffic between one wan port to the bridge ports. No other ip-addresses involved in queues exept a management address.

In a switch with routing or nat this is no problem.
I've been searching all over internet but I cannot find any suggestions og examples, and it makes me wonder if it is impossible to do with this way of making a switch.
Is there someone out there who can tell me if it's possible or not? Or even better, already have a working solution?
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 2954
Joined: Tue Feb 25, 2014 12:49 pm
Location: Capalbio, Tuscany, Italy

Re: QoS on clean switch

Wed Apr 02, 2014 5:47 pm

You must activate on bridge / Settings
"Use IP firewall"
I'm Italian, not English. Sorry for my imperfect grammar.
 
eivind
newbie
Topic Author
Posts: 30
Joined: Sat Aug 18, 2007 3:12 am

Re: QoS on clean switch

Thu Apr 03, 2014 1:02 am

Done. Use firewall on bridge, and connection tracking in firewall.
It works if I in my test setup specify the computers IP-address, but not if I want to specify a port or a port cluster connected to a bridge.
Test setup on a RB450
Ether1 is wan port and bridge is local ports wanted to be affected by Qos.
Mangle is pointed to ether1 like this:
add action=mark-packet chain=prerouting comment=100bao_p2p in-interface=ether1 layer7-protocol=100bao new-packet-mark=100bao_p2p_in
add action=mark-packet chain=postrouting layer7-protocol=imesh new-packet-mark=imesh_p2p_out out-interface=ether1

and the rest...
Queue tree is like this
add limit-at=100M max-limit=100M name=ether1_in parent=global priority=1 queue=default
add limit-at=50k max-limit=50k name=100bao_p2p_in packet-mark=100bao_p2p_in parent=ether1_in queue=default

and the rest...

Based on layer7 protocols

Routerboard config:
/interface bridge
add l2mtu=1520 name=bridge1
/ip hotspot user profile
set [ find default=yes ] idle-timeout=none keepalive-timeout=2m mac-cookie-timeout=3d
/port
set 0 name=serial0
/interface bridge port
add bridge=bridge1 interface=ether2
add bridge=bridge1 interface=ether3
add bridge=bridge1 interface=ether4
add bridge=bridge1 interface=ether5
/interface bridge settings
set use-ip-firewall=yes
/ip address
add address=192.168.2.2/24 interface=bridge1 network=192.168.2.0
/ip firewall connection tracking
set enabled=yes
/ip upnp
set allow-disable-external-interface=no
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 2954
Joined: Tue Feb 25, 2014 12:49 pm
Location: Capalbio, Tuscany, Italy

Re: QoS on clean switch

Thu Apr 03, 2014 1:10 am

[OT: if you not use hotspot, mpls and routing (nothing to do about /ip route) disble (not uninstall) the packages, on system/packages, and reboot]

RB450 are not paragonable with one CCR...

This
add limit-at=100M max-limit=100M name=ether1_in parent=global priority=1 queue=default
must be
add limit-at=100M max-limit=100M name=ether1_in parent=ether1 priority=1 queue=default
If you want mark packet from ether1 / wan because you have max 100M on upload, not all the traffic inside routerboard (global)
I'm Italian, not English. Sorry for my imperfect grammar.
 
eivind
newbie
Topic Author
Posts: 30
Joined: Sat Aug 18, 2007 3:12 am

Re: QoS on clean switch

Thu Apr 03, 2014 4:33 pm

Don'work..
Cannot see traffic in mangle so I believe either the traffic cannot be cached by L7 protocol or marked in Mangle. Something there is'n correct.
Added a config copy with reduced L7 mangle and Queue Tree just for testing purpose.
This QoS routine was written for routers and it seems not to fit "as is" in a switch setup.

Networking is a bit far from my own profession, but I'm trying as good as I'm able to. Most of it so far learned from "Google", the best and most timeconsuming school in the world :-)

Thank You for Your interest, and Your English is more than good enough for me...

/interface bridge
add l2mtu=1520 name=bridge1
/ip firewall layer7-protocol
add name=dns regexp="^.\?.\?.\?.\?[\01\02].\?.\?.\?.\?.\?.\?[\01-\?][a-z0-9][\
\01-\?a-z]*[\02-\06][a-z][a-z][fglmoprstuvz]\?[aeop]\?(um)\?[\01-\10\1C][\
\01\03\04\FF]"
add name=pop3 regexp="^(\\+ok |-err )"
add name=dhcp regexp="^[\01\02][\01- ]\06.*c\82sc"
/ip hotspot user profile
set [ find default=yes ] idle-timeout=none keepalive-timeout=2m \
mac-cookie-timeout=3d
/port
set 0 name=serial0
/queue tree
add limit-at=1G max-limit=1G name=ether1_in parent=global priority=1 queue=\
default
add limit-at=1G max-limit=1G name=dhcp_in packet-mark=dhcp_in parent=\
ether1_in priority=2 queue=default
add limit-at=1G max-limit=1G name=DNS_in packet-mark=DNS_in parent=ether1_in \
priority=1 queue=default
add limit-at=1G max-limit=1G name=pop3_in packet-mark=pop3_in parent=\
ether1_in priority=5 queue=default
add limit-at=1G max-limit=1G name=ether1_out parent=global priority=1 queue=\
default
add limit-at=1G max-limit=1G name=dhcp_out packet-mark=dhcp_out parent=\
ether1_out priority=2 queue=default
add limit-at=1G max-limit=1G name=DNS_out packet-mark=DNS_out parent=\
ether1_out priority=1 queue=default
add limit-at=1G max-limit=1G name=pop3_out packet-mark=pop3_out parent=\
ether1_out priority=4 queue=default
/interface bridge port
add bridge=bridge1 interface=ether2
add bridge=bridge1 interface=ether3
add bridge=bridge1 interface=ether4
add bridge=bridge1 interface=ether5
add bridge=bridge1 interface=ether1
/interface bridge settings
set use-ip-firewall=yes
/ip address
add address=192.168.2.3/24 interface=bridge1 network=192.168.2.0
/ip firewall connection tracking
set enabled=yes
/ip firewall mangle
add action=mark-packet chain=prerouting comment=dhcp in-interface=ether1 \
layer7-protocol=dhcp new-packet-mark=dhcp_in
add action=mark-packet chain=postrouting layer7-protocol=dhcp \
new-packet-mark=dhcp_out out-interface=ether1
add action=mark-packet chain=prerouting comment="DNS - Domain Name System " \
in-interface=ether1 layer7-protocol=dns new-packet-mark=DNS_in
add action=mark-packet chain=postrouting layer7-protocol=dns new-packet-mark=\
DNS_out out-interface=ether1
add action=mark-packet chain=prerouting comment=\
"POP3 - Post Office Protocol version 3" in-interface=ether1 \
layer7-protocol=pop3 new-packet-mark=pop3_in
add action=mark-packet chain=postrouting layer7-protocol=pop3 \
new-packet-mark=pop3_out out-interface=ether1
/ip route
add distance=1 gateway=192.168.2.1
/ip upnp
set allow-disable-external-interface=no

Who is online

Users browsing this forum: Google [Bot] and 112 guests