Community discussions

 
Zoolander06
just joined
Topic Author
Posts: 9
Joined: Thu Jan 03, 2019 5:26 pm

VoIP traffic shaping doesn't works

Thu Jan 03, 2019 5:44 pm

Hello folks,

I'm a beginner with Mikrotik, and I try to do VoIP traffic shaping, so I read this document : https://mum.mikrotik.com/presentations/ ... 512668.pdf, and I tried to apply that to my configuration.
It kinda works, when I make a call, I have about 80kbps flowing through the max priority upload queue tree, and the voice quality is ok in the outgoing direction.
But, in the max priority download queue tree, I only see 1kbps traffic, and the quality is bad in the incoming direction.

I can't get it to work in both directions, it's like if the incoming packets are not marked.

Do anybody here know how to fix that ?

Thanks,

Joris

PS : excuse my poor english, I'm a native french speaker :)
 
User avatar
pcunite
Forum Veteran
Forum Veteran
Posts: 741
Joined: Sat May 25, 2013 5:13 am
Location: USA

Re: VoIP traffic shaping doesn't works

Thu Jan 10, 2019 9:56 pm

Spend some time reading here.
 
pe1chl
Forum Guru
Forum Guru
Posts: 4913
Joined: Mon Jun 08, 2015 12:09 pm

Re: VoIP traffic shaping doesn't works

Thu Jan 10, 2019 11:21 pm

There is not much that you can do for the incoming side. That is the task for the other side of the line, where it is the outgoing side. The queues have to be at the outgoing side.
That is fine when you are at both sides, but unfortunately for many people the other side is some Internet provider, and they have no power to make them implement VoIP QoS.
 
Zoolander06
just joined
Topic Author
Posts: 9
Joined: Thu Jan 03, 2019 5:26 pm

Re: VoIP traffic shaping doesn't works

Fri Jan 11, 2019 11:40 am

Thank you both for helping me !

@pcunite : I carefully read the post, and it seems that this is basically what I've done on my router, but I will check it :)

@pe1chl : I understand that I can't control what is going on on the isp side, but I still should see an activity when monitoring my voip downstream queue tree. When I make a call, there is about 80kbps going through my voip upstream queue tree, which is coherent with a G711a voip call, but there is only 1kbps going through my voip downstream queue tree, but since I still hear the other side, the incoming packets are going through my router, so I think they're just processed by the common downstream queue tree. So, I think that, for some reason, the packets aren't marked in my mangle rule, and that's what I don't understand, since I tried every way to mark them.
At first, I used the DSCP code 46 to mark outgoing connections, then I marked packets based on connection-mark, but only outgoing packets were marked. And that, I don't understand, since the incoming packets are belonging to the same connection as outgoing ones, right ?
After that, I thought that it was because incoming packets don't have DSCP code 46, so I tried to mark connections by destination address or source address, and by udp port, and still nothing...
 
pe1chl
Forum Guru
Forum Guru
Posts: 4913
Joined: Mon Jun 08, 2015 12:09 pm

Re: VoIP traffic shaping doesn't works

Fri Jan 11, 2019 2:25 pm

You cannot have a downstream queue tree!
Likely you have been confused by the upstream/downstream settings for matching of IP addresses.
So you have created another upstream queue that has an incorrect matching that seldomly matches.

A queue is just the same as a queue before a door where people need to pass through.
There is a queue in front of the door of people that need to wait before they can get through, and you can make multiple queues for "important people" that get through first, but it makes no sense to make another queue for people that already entered through the door and assign different priorities to them. The waiting already has happened on the other side.
 
User avatar
sebastia
Forum Veteran
Forum Veteran
Posts: 914
Joined: Tue Oct 12, 2010 3:23 am
Location: Antwerp, BE

Re: VoIP traffic shaping doesn't works

Fri Jan 11, 2019 2:33 pm

Where is that "downstream queue" attached to? What is it's parent?
 
User avatar
pcunite
Forum Veteran
Forum Veteran
Posts: 741
Joined: Sat May 25, 2013 5:13 am
Location: USA

Re: VoIP traffic shaping doesn't works

Fri Jan 11, 2019 3:02 pm

You cannot have a downstream queue tree!
... it makes no sense to make another queue for people that already entered through the door and assign different priorities to them. The waiting already has happened on the other side.

To help those who maybe reading the above comment for the first time. When we are trying to QoS, it is true that you can not control what the ISP is going to send you. However, you can make requests, ask favors, to an incoming stream of TCP traffic. When you do, it will slow down its incoming rate. This will improve the overall bandwidth contention and is worth doing.
 
User avatar
sebastia
Forum Veteran
Forum Veteran
Posts: 914
Joined: Tue Oct 12, 2010 3:23 am
Location: Antwerp, BE

Re: VoIP traffic shaping doesn't works

Fri Jan 11, 2019 3:10 pm

"..you can make requests, ask favors, to an incoming stream of TCP traffic.." -> we are not being nice about it ;-), we just drop some packets from that stream and the tcp will resend and slow down...
 
Zoolander06
just joined
Topic Author
Posts: 9
Joined: Thu Jan 03, 2019 5:26 pm

Re: VoIP traffic shaping doesn't works

Fri Jan 11, 2019 3:32 pm

Where is that "downstream queue" attached to? What is it's parent?
I have a "download" queue attached to my ethernet bridge (so my LAN), and a "voip_download" queue attached to the "download" queue.
I basically copied what is done in the "QoS best practices" found on the Mikrotik website.
 
User avatar
sebastia
Forum Veteran
Forum Veteran
Posts: 914
Joined: Tue Oct 12, 2010 3:23 am
Location: Antwerp, BE

Re: VoIP traffic shaping doesn't works

Fri Jan 11, 2019 3:56 pm

That should work. It's a bit after the fact, as it already passed the isp pipe, but by controlling the internal "gate" one can also shape the overall throughput.
So you just need to make sure your classification is working.

What I do:
* connection-mark all VOIP related connection (which are not already marked). I do it in Mangle:forward.
* packet-mark all packets with VOIP connection-mark (which are not already marked). I do it in Mangle:PostRouting.

This will handle both upload and download.
Last edited by sebastia on Fri Jan 11, 2019 4:06 pm, edited 1 time in total.
 
Zoolander06
just joined
Topic Author
Posts: 9
Joined: Thu Jan 03, 2019 5:26 pm

Re: VoIP traffic shaping doesn't works

Fri Jan 11, 2019 4:06 pm

Well, it's not, it seems that the mangle rule which mark the connection only see outgoing packets (I only have 80kbps going through it, it should be 160kbps). I think that I must miss something about how RouterOS handle this.
 
Zoolander06
just joined
Topic Author
Posts: 9
Joined: Thu Jan 03, 2019 5:26 pm

Re: VoIP traffic shaping doesn't works

Fri Jan 11, 2019 4:40 pm

That should work. It's a bit after the fact, as it already passed the isp pipe, but by controlling the internal "gate" one can also shape the overall throughput.
So you just need to make sure your classification is working.

What I do:
* connection-mark all VOIP related connection (which are not already marked). I do it in Mangle:forward.
* packet-mark all packets with VOIP connection-mark (which are not already marked). I do it in Mangle:PostRouting.

This will handle both upload and download.
So I tried it, and it didn't change anything...
There is also those 1kbps which are going through my queue, I think that's SIP packets (everything on port 5060), so I don't understand why RTP packets are not.
 
User avatar
sebastia
Forum Veteran
Forum Veteran
Posts: 914
Joined: Tue Oct 12, 2010 3:23 am
Location: Antwerp, BE

Re: VoIP traffic shaping doesn't works

Fri Jan 11, 2019 4:51 pm

What criteria do you use to mark connections?

post your config, will have a look. /export hide-sensitive compact
 
Zoolander06
just joined
Topic Author
Posts: 9
Joined: Thu Jan 03, 2019 5:26 pm

Re: VoIP traffic shaping doesn't works

Fri Jan 11, 2019 5:52 pm

Here is my config, I use protocol and port as criterias to mark connections.
# jan/11/2019 09:15:05 by RouterOS 6.43.8
# software id = 3USJ-9ZE1
#
# model = 2011UiAS
# serial number = 7DD5080FB8A6
/interface bridge
add name=bridge
/interface pppoe-client
add allow=chap disabled=no interface=ether1 keepalive-timeout=disabled name=pppoe-out1 user=fti/49ad3t7
add allow=chap disabled=no interface=ether2 name=pppoe-out2 user=fti/4p93pak
/interface vlan
add interface=bridge name=vlan2 vlan-id=2
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=default-dhcp ranges=192.168.10.120-192.168.10.149
add name=pool_vlan2 ranges=192.168.1.1-192.168.1.99
/ip dhcp-server
add address-pool=default-dhcp disabled=no interface=bridge name=defconf
add address-pool=pool_vlan2 disabled=no interface=vlan2 name=server_vlan2
/queue tree
add max-limit=1600k name=download parent=bridge priority=1
/queue type
add kind=pcq name=VOIP pcq-classifier=src-address pcq-dst-address-mask=0 pcq-dst-address6-mask=64 pcq-limit=1KiB pcq-src-address-mask=0 pcq-src-address6-mask=64
/queue tree
add max-limit=800k name=wan1-upload parent=pppoe-out1 priority=1 queue=default
add max-limit=800k name=wan2-upload parent=pppoe-out2 priority=1 queue=default
add limit-at=200k max-limit=200k name=VOIP-upload-wan1 packet-mark=VOIP-Pkt parent=wan1-upload priority=1 queue=default
add max-limit=800k name=MYTI-upload-wan1 packet-mark=MYTI-Pkt parent=wan1-upload priority=2 queue=default
add limit-at=200k max-limit=200k name=VOIP-download packet-mark=VOIP-Pkt parent=download priority=1 queue=default
add max-limit=1600k name=MYTI-download packet-mark=MYTI-Pkt parent=download priority=2 queue=default
add max-limit=800k name=MYTI-upload-wan2 packet-mark=MYTI-Pkt parent=wan2-upload priority=2 queue=default
add limit-at=200k max-limit=200k name=VOIP-upload-wan2 packet-mark=VOIP-Pkt parent=wan2-upload priority=1 queue=default
add max-limit=1600k name=MAISON-download packet-mark=no-mark parent=download queue=default
add max-limit=800k name=MAISON-upload-wan1 packet-mark=no-mark parent=wan1-upload queue=default
add max-limit=800k name=MAISON-upload-wan2 packet-mark=no-mark parent=wan2-upload queue=default
/system logging action
add disk-file-name=firewall.log name=firewall target=disk
/interface bridge port
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
add bridge=bridge comment=defconf interface=ether6
add bridge=bridge comment=defconf interface=ether7
add bridge=bridge comment=defconf interface=ether8
add bridge=bridge comment=defconf interface=ether9
add bridge=bridge comment=defconf interface=ether10
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface list member
add comment=defconf interface=bridge list=LAN
add interface=pppoe-out1 list=WAN
add interface=pppoe-out2 list=WAN
add interface=vlan2 list=LAN
/ip address
add address=192.168.10.254/24 comment=defconf interface=bridge network=192.168.10.0
add address=192.168.1.254/24 interface=vlan2 network=192.168.1.0
/ip dhcp-server lease
add address=192.168.10.131 allow-dual-stack-queue=no mac-address=00:E0:4C:1D:28:05
/ip dhcp-server network
add address=192.168.1.0/24 dns-server=8.8.8.8,8.8.4.4 gateway=192.168.1.254
add address=192.168.10.0/24 comment=defconf dns-server=8.8.8.8,8.8.4.4 gateway=192.168.10.254
/ip dns
set allow-remote-requests=yes servers=8.8.8.8,8.8.4.4
/ip firewall address-list
add address=192.168.10.0/24 list=MYTI_LAN
add address=192.168.1.0/24 list=MAISON_LAN
/ip firewall filter
add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input dst-port=80 in-interface-list=WAN protocol=tcp
add action=drop chain=input comment="defconf: drop all not coming from LAN" in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related
add action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf:  drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new in-interface-list=WAN
/ip firewall mangle
add action=mark-connection chain=prerouting log=yes log-prefix=mark_con_wan1 new-connection-mark=VOIP-Conn-wan1 passthrough=yes port=5060,10000-20000 protocol=udp
add action=mark-packet chain=postrouting connection-mark=VOIP-Conn-wan1 log=yes log-prefix=mark_pkt_wan1 new-packet-mark=VOIP-Pkt passthrough=yes
add action=mark-connection chain=prerouting connection-mark=no-mark in-interface=pppoe-out1 new-connection-mark=MYTI-conn-wan1 passthrough=yes
add action=mark-connection chain=prerouting connection-mark=no-mark in-interface=pppoe-out2 new-connection-mark=MAISON-conn-wan2 passthrough=yes
add action=mark-connection chain=prerouting connection-mark=no-mark dst-address-type=!local in-interface=bridge new-connection-mark=MYTI-conn-wan1 passthrough=yes
add action=mark-connection chain=prerouting connection-mark=no-mark dst-address-type=!local in-interface=vlan2 new-connection-mark=MAISON-conn-wan2 passthrough=yes
add action=mark-packet chain=prerouting connection-mark=MYTI-conn-wan1 new-packet-mark=MYTI-Pkt passthrough=yes
add action=mark-routing chain=prerouting connection-mark=MYTI-conn-wan1 in-interface=bridge new-routing-mark=to_WAN1 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=VOIP-Conn-wan1 in-interface=bridge new-routing-mark=to_WAN1 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=MAISON-conn-wan2 in-interface=vlan2 new-routing-mark=to_WAN2 passthrough=yes
add action=mark-routing chain=output connection-mark=MYTI-conn-wan1 new-routing-mark=to_WAN1 passthrough=yes
add action=mark-routing chain=output connection-mark=VOIP-Conn-wan1 new-routing-mark=to_WAN1 passthrough=yes
add action=mark-routing chain=output connection-mark=MAISON-conn-wan2 new-routing-mark=to_WAN2 passthrough=yes
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none out-interface-list=WAN
/ip firewall service-port
set sip disabled=yes
/ip route
add check-gateway=ping distance=1 gateway=pppoe-out1 routing-mark=to_WAN1
add distance=10 gateway=pppoe-out2 routing-mark=to_WAN1
add check-gateway=ping distance=1 gateway=pppoe-out2 routing-mark=to_WAN2
add distance=10 gateway=pppoe-out1 routing-mark=to_WAN2
/system clock
set time-zone-name=Europe/Paris
/system logging
add action=firewall disabled=yes topics=firewall
/system ntp client
set enabled=yes server-dns-names=fr.pool.ntp.org
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
/tool sniffer
set file-name=test filter-ip-address=185.48.253.8/32 memory-limit=2048KiB
 
User avatar
sebastia
Forum Veteran
Forum Veteran
Posts: 914
Joined: Tue Oct 12, 2010 3:23 am
Location: Antwerp, BE

Re: VoIP traffic shaping doesn't works

Fri Jan 11, 2019 8:55 pm

Few remarks:
* I assume your pppoe's are asymmetric, with download speed >> upload speed? if so max on download doesn't reflect this.
* define priority (>2) on maison-* queues
* (unrelated to this thread: that's a risk "add action=accept chain=input dst-port=80 in-interface-list=WAN protocol=tcp")
* with "action=fasttrack-connection" !!! all mangling goes out the window. FastTrack bypasses mangling and you'll need to adjust your fasttrack rule to exclude VOIP & MYTI traffic. Adjustment example
add action=fasttrack-connection chain=forward connection-bytes=8000-0 connection-mark=no-mark connection-state=established,related
* "port=5060,10000-20000 protocol=udp" with no direction is quite "wide". I would suggest to narrow it down a bit.

Important note:
* download queue accumulates both uplink channels, if one goes down, the limitation on bridge won't be correct
 
User avatar
pcunite
Forum Veteran
Forum Veteran
Posts: 741
Joined: Sat May 25, 2013 5:13 am
Location: USA

Re: VoIP traffic shaping doesn't works

Fri Jan 11, 2019 9:04 pm

Here is my config, I use protocol and port as criteria to mark connections.

This line is probably the issue. It's the parent for VOIP_download.
add max-limit=1600k name=download parent=bridge priority=1
 
Zoolander06
just joined
Topic Author
Posts: 9
Joined: Thu Jan 03, 2019 5:26 pm

Re: VoIP traffic shaping doesn't works

Mon Jan 14, 2019 11:09 am

Few remarks:
* I assume your pppoe's are asymmetric, with download speed >> upload speed? if so max on download doesn't reflect this.
Actually, yes, it's asymmetric, 800k upload, and 1600k download on each link.
* define priority (>2) on maison-* queues
Ok I will.
* (unrelated to this thread: that's a risk "add action=accept chain=input dst-port=80 in-interface-list=WAN protocol=tcp")
Thanks.
* with "action=fasttrack-connection" !!! all mangling goes out the window. FastTrack bypasses mangling and you'll need to adjust your fasttrack rule to exclude VOIP & MYTI traffic. Adjustment example
add action=fasttrack-connection chain=forward connection-bytes=8000-0 connection-mark=no-mark connection-state=established,related
Ok, I wasn't aware of this particular function !
It solved my problem indeed, thank you sir !
* "port=5060,10000-20000 protocol=udp" with no direction is quite "wide". I would suggest to narrow it down a bit.
Yes I know, I did it like this when trying to solve my problem, I think I will go back with using TOS to identify my VoIP packets.
Important note:
* download queue accumulates both uplink channels, if one goes down, the limitation on bridge won't be correct
You're right, thanks :)
 
User avatar
sebastia
Forum Veteran
Forum Veteran
Posts: 914
Joined: Tue Oct 12, 2010 3:23 am
Location: Antwerp, BE

Re: VoIP traffic shaping doesn't works

Mon Jan 14, 2019 12:02 pm

A single pppoe is: up 800k / down 1600k

You have two of these, so bridge on download could receive for download as much as 3200k. That would be it's max for QoS.
Now if one link goes down, max on brdige will still be 3200k, but the remaining link would already be saturated at 1600. In such situation, QoS will not function properly. Not a lot one can do about that, I guess, just keep in mind.
 
Zoolander06
just joined
Topic Author
Posts: 9
Joined: Thu Jan 03, 2019 5:26 pm

Re: VoIP traffic shaping doesn't works

Mon Jan 14, 2019 6:14 pm

Thanks for showing me my mistake.
I understand the problem in case of one link down, maybe I can resolve that particular issue with a few lines of script somewhere...
But I can't find a simple way to execute script on ppp events...
 
pe1chl
Forum Guru
Forum Guru
Posts: 4913
Joined: Mon Jun 08, 2015 12:09 pm

Re: VoIP traffic shaping doesn't works

Mon Jan 14, 2019 7:08 pm

Why not?
You can make PPP profiles with on-up and on-down scripts and assign them to the PPPoE connections.
 
Zoolander06
just joined
Topic Author
Posts: 9
Joined: Thu Jan 03, 2019 5:26 pm

Re: VoIP traffic shaping doesn't works

Tue Jan 15, 2019 12:16 pm

Yes I figured it out :)

So, I will do that :

on disconnect (of pppoe-out1) :
/queue tree set download max-limit=[/queue tree get MAISON-download max-limit]

on connect (of pppoe-out1) :
/interfaces pppoe-client monitor pppoe-out2 once do={
	if ($status= "connected") do={
		/queue tree set download max-limit=([/queue tree get MAISON-download max-limit]+[/queue tree get MYTI-download max-limit])
	}
}
Does it seem right ?
 
User avatar
sebastia
Forum Veteran
Forum Veteran
Posts: 914
Joined: Tue Oct 12, 2010 3:23 am
Location: Antwerp, BE

Re: VoIP traffic shaping doesn't works

Tue Jan 15, 2019 1:53 pm

Don't forget that you also have max-limits on each of subqueues...You need to remove all limit definitions except on the top queue and rely on priority, which you have defined.
Note: a queue will use all of it's *limit-at*, independent of any limits on parent queues (corrected)

Then you can change with script the top max value. BUT I would work in absolute numbers: you've +-1600k / connection, so add or subtrack that number, with some sanity checks.

Edit: correction
Last edited by sebastia on Tue Jan 15, 2019 2:32 pm, edited 1 time in total.
 
pe1chl
Forum Guru
Forum Guru
Posts: 4913
Joined: Mon Jun 08, 2015 12:09 pm

Re: VoIP traffic shaping doesn't works

Tue Jan 15, 2019 2:22 pm

I have some times considered to request a new feature where queue tree limits can be set to a percentage instead of an absolute value, and those percentages will be taken from the parent queue and the used value will be automatically re-calculated when that number changes.
It is often convenient to have that in case of a queue tree that consist of an item on an interface with then a couple of items below that for different traffic priorities.

Who is online

Users browsing this forum: No registered users and 46 guests