Community discussions

MikroTik App
 
User avatar
azurtem
Trainer
Trainer
Topic Author
Posts: 216
Joined: Mon May 16, 2011 5:35 pm
Location: Nice, France
Contact:

Mangling

Wed Jan 20, 2016 5:33 pm

Hi

I understand the difference between prerouting, forward and postrouting chains in terms of the relative position they occupy in the flow of things

What I'm not sure about is which one to use and why

For instance, I setup mangling of VoIP traffic based on the remote Asterisk server's IP
I first created prerouting mangling rules, and noticed that it wasn't picking up many packets
When I switched over to forward chains things picked up considerably with regards to marked packets
add action=mark-packet chain=forward comment=VoIP new-packet-mark=VOIP-PMD \
    passthrough=no src-address=2xx.xxx.xxx.149
add action=mark-packet chain=forward dst-address=2xx.xxx.xxx.149 \
    new-packet-mark=VOIP-PMU passthrough=no
Furthermore, why would one use postrouting rules since the packets are pratically out the door and one has no control beyond this point

Is there a rule of thumb to know which chain is better suited ?

thanks
yann
 
User avatar
ZeroByte
Forum Guru
Forum Guru
Posts: 4051
Joined: Wed May 11, 2011 6:08 pm

Re: Mangling

Wed Jan 20, 2016 5:43 pm

I've seen some "fancy" configurations where a packet was marked in prerouting in order to run it through some queues, etc, and then the packet marks are changed in postrouting in order for other queues and firewall rules.
When given a spoon,
you should not cling to your fork.
The soup will get cold.
 
pe1chl
Forum Guru
Forum Guru
Posts: 6673
Joined: Mon Jun 08, 2015 12:09 pm

Re: Mangling

Wed Jan 20, 2016 11:53 pm

Indeed I use a postrouting mangle rule set to first set the packet priority from the DSCP value, and then the packet mark from the packet priority, to then use it in a queue tree to prioritize the packets when sending them.
In Linux routers configured natively it is possible to directly match the DSCP value in a queue tree, but I have not been able to do that in a MikroTik (no u32 match ip feature in Queues to match IP header fields), hence the workaround via mangle.
 
User avatar
azurtem
Trainer
Trainer
Topic Author
Posts: 216
Joined: Mon May 16, 2011 5:35 pm
Location: Nice, France
Contact:

Re: Mangling

Thu Jan 21, 2016 11:40 am

Thank you for your responses
 
User avatar
ZeroByte
Forum Guru
Forum Guru
Posts: 4051
Joined: Wed May 11, 2011 6:08 pm

Re: Mangling

Thu Jan 21, 2016 7:43 pm

Yeah - a queue that allows DSCP (or 802.1P) as a target would sure simplify things a lot, eh? :)
When given a spoon,
you should not cling to your fork.
The soup will get cold.
 
pe1chl
Forum Guru
Forum Guru
Posts: 6673
Joined: Mon Jun 08, 2015 12:09 pm

Re: Mangling

Thu Jan 21, 2016 8:07 pm

Ok it is not too bad...

/ip firewall mangle
add action=set-priority chain=postrouting comment="From dscp high 3 bits" \
new-priority=from-dscp-high-3-bits
add action=mark-packet chain=postrouting comment="Priority 0" \
new-packet-mark=prio0 priority=0
add action=mark-packet chain=postrouting comment="Priority 1" \
new-packet-mark=prio1 priority=1
add action=mark-packet chain=postrouting comment="Priority 2" \
new-packet-mark=prio2 priority=2
add action=mark-packet chain=postrouting comment="Priority 3" \
new-packet-mark=prio3 priority=3
add action=mark-packet chain=postrouting comment="Priority 4" \
new-packet-mark=prio4 priority=4
add action=mark-packet chain=postrouting comment="Priority 5" \
new-packet-mark=prio5 priority=5
add action=mark-packet chain=postrouting comment="Priority 6" \
new-packet-mark=prio6 priority=6
add action=mark-packet chain=postrouting comment="Priority 7" \
new-packet-mark=prio7 priority=7

and then use it in queue tree like this:
/queue tree
add comment="Link limited at 19,4 Mbps" limit-at=19M max-limit=19M name=\
queue-vlan51 parent=ether1.vlan51 queue=default
add limit-at=4M max-limit=18M name=queue-vlan51-p1 packet-mark=prio7 parent=\
queue-vlan51 priority=1 queue=default
add limit-at=4M max-limit=18M name=queue-vlan51-p2 packet-mark=prio6 parent=\
queue-vlan51 priority=2 queue=default
add limit-at=4M max-limit=18M name=queue-vlan51-p3 packet-mark=prio5 parent=\
queue-vlan51 priority=3 queue=default
add limit-at=4M max-limit=18M name=queue-vlan51-p4 packet-mark=prio4 parent=\
queue-vlan51 priority=4 queue=default
add limit-at=4M max-limit=18M name=queue-vlan51-p5 packet-mark=prio3 parent=\
queue-vlan51 priority=5 queue=default
add limit-at=4M max-limit=18M name=queue-vlan51-p6 packet-mark=prio2 parent=\
queue-vlan51 priority=6 queue=default
add limit-at=4M max-limit=18M name=queue-vlan51-p7 packet-mark=prio0 parent=\
queue-vlan51 priority=7 queue=default
add limit-at=4M max-limit=18M name=queue-vlan51-p8 packet-mark=prio1 parent=\
queue-vlan51 queue=default
add limit-at=4M max-limit=18M name=queue-vlan51-u7 packet-mark=no-mark \
parent=queue-vlan51 priority=7 queue=default

but in native Linux it can be done using:
tc filter add ... protocol ip prio 1 u32 match ip tos 0x20 0xe0 ...

What also doesn't help is that the values for priority sometimes count up, sometimes count down,
and sometimes count 1 0 2 3 4 5 6 7.

It is quite clear that quality-of-service is an afterthought in IP.
 
User avatar
ZeroByte
Forum Guru
Forum Guru
Posts: 4051
Joined: Wed May 11, 2011 6:08 pm

Re: Mangling

Thu Jan 21, 2016 8:21 pm

What also doesn't help is that the values for priority sometimes count up, sometimes count down,
and sometimes count 1 0 2 3 4 5 6 7.
I know and this is all over the place, too - for instance in BGP:
weight: higher value = preferred
local-preference: higher value = preferred
metric: lower value = preferred

vrrp - higher value = higher priority

DSCP = throw darts at a dart board and then put the darts and dart board into a wood chipper

Cisco puts dot1p 5 into the priority queue by default, for instance.

Funny thing is, putting dot1p and dscp values into packets is about the same as stamping "fragile" on a box and sending it to the post office. If a mail carrier reads "fragile" and interprets this to mean "use as elephant trampoline" then - too bad for you, right?
When given a spoon,
you should not cling to your fork.
The soup will get cold.
 
Williambannerman
just joined
Posts: 4
Joined: Fri Jan 22, 2016 12:22 pm

Re: Mangling

Fri Jan 22, 2016 12:29 pm

In compiler construction, name mangling (also called name decoration) is a technique used to solve various problems caused by the need to resolve unique names for programming entities in many modern programming languages. I know this one. But i don t know about your answer. I am no experience in this filed.

Who is online

Users browsing this forum: Google [Bot], mikruser, UpRunTech and 56 guests