Community discussions

MikroTik App
 
densukke
just joined
Topic Author
Posts: 16
Joined: Sun Jun 05, 2022 4:11 pm

Mangle Rules vs QueueTree - 0 packts on the latter

Sun Jul 03, 2022 6:51 pm

Howdy folks, testing something a bit odd here.

I currently have at home a very similar (one for personal use, the other for a job) QoS configuration, at home running 7.3.1 on a RB952Ui-5ac2nD , works just fine. My problem is when I replicated this on a RB2011UiAS, all QueueTree rules are working as expected but one, the Other (remaining-non-specific traffic , AKA the trailer cart traffic, that didnt fit in the car) None of it seems to be hitting the Queue tree rule.

Checked several times the config, redone it several times to no avail.

is this somethine 7.3.1 is seeing as a problem? so far there is no *issue* , but i would like to understand if this traffic si being re-written by another rule, or i missed something.

Thanks
# jul/03/2022 12:47:11 by RouterOS 7.3.1
# software id = B2RC-819H
#
# model = RB2011UiAS
# serial number = xxxxxxxx
/caps-man channel
add band=2ghz-g/n control-channel-width=20mhz extension-channel=disabled \
    frequency=2412 name=channel1
add band=2ghz-g/n control-channel-width=20mhz extension-channel=disabled \
    frequency=2437 name=channel6
add band=2ghz-g/n control-channel-width=20mhz extension-channel=disabled \
    frequency=2452 name=channel9
add band=2ghz-g/n control-channel-width=20mhz extension-channel=disabled \
    frequency=2467 name=channel12
/interface bridge
add name=bridge1
/interface ethernet
set [ find default-name=ether1 ] comment="WAN1 - IPLAN" loop-protect=on \
    loop-protect-disable-time=1m
set [ find default-name=ether2 ] comment="WAN2 - FIBERCORP" loop-protect=on
set [ find default-name=ether5 ] comment="LAN - switch Trunk to TPLINK" \
    loop-protect=on

/interface lte apn
set [ find default=yes ] ip-type=ipv4 use-network-apn=no
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp_pool1 ranges=192.168.101.2-192.168.101.254
/ip dhcp-server
add address-pool=dhcp_pool1 interface=bridge1 lease-time=1d name=dhcp1
/port
set 0 name=serial0
/queue type
add kind=pcq name=DOWN pcq-classifier=dst-address
add kind=pcq name=UP pcq-classifier=src-address
/queue tree
add name="WAN1 DOWN" parent=global queue=DOWN
add name="WAN1 UP" parent=ether1 queue=UP
add name="WAN1 - WEB - rx" packet-mark=web-wan1 parent="WAN1 DOWN" priority=3 \
    queue=DOWN
add name="WAN1 - WEB- tx" packet-mark=web parent="WAN1 UP" priority=3 queue=\
    UP
add name="WAN1 - DNS - rx" packet-mark=dns-wan1 parent="WAN1 DOWN" priority=2 \
    queue=DOWN
add name="WAN1 - DNS - tx" packet-mark=dns parent="WAN1 UP" priority=2 queue=\
    UP
add name="WAN1 - ICMP -rx" packet-mark=icmp-wan1 parent="WAN1 DOWN" priority=\
    1 queue=DOWN
add name="WAN1 - ICMP - tx" packet-mark=icmp parent="WAN1 UP" priority=1 \
    queue=UP
add name="WAN1 - QUIC - rx" packet-mark=quic-wan1 parent="WAN1 DOWN" \
    priority=5 queue=DOWN
add name="WAN1 - QUIC -tx" packet-mark=quic parent="WAN1 UP" priority=5 \
    queue=UP
add name="WAN2 DOWN" parent=global queue=DOWN
add name="WAN2 UP" parent=ether2 queue=UP
add name="WAN2- DNS - rx" packet-mark=dns-wan2 parent="WAN2 DOWN" priority=2 \
    queue=DOWN
add name="WAN2 - DNS -tx" packet-mark=dns parent="WAN2 UP" priority=2 queue=\
    UP
add name="WAN2 - ICMP - rx" packet-mark=icmp-wan2 parent="WAN2 DOWN" \
    priority=1 queue=DOWN
add name="WAN2 - ICMP -tx" packet-mark=icmp parent="WAN2 UP" priority=1 \
    queue=UP
add name="WAN2 - QUIC - rx" packet-mark=quic-wan2 parent="WAN2 DOWN" \
    priority=5 queue=DOWN
add name="WAN1 - QUIC - tx" packet-mark=quic parent="WAN2 UP" priority=5 \
    queue=UP
add name="WAN2 - RESTO - rx" packet-mark=resto-wan2 parent="WAN2 DOWN" queue=\
    DOWN
add name="WAN2 - RESTO - tx" packet-mark=resto parent="WAN2 UP" queue=UP
add name="WAN2 - WEB - rx" packet-mark=web-wan2 parent="WAN2 DOWN" priority=3 \
    queue=DOWN
add name="WAN2 - WEB - tx" packet-mark=web parent="WAN2 UP" priority=3 queue=\
    UP
add name="WAN1 - Resto -rx" packet-mark=resto-wan1 parent="WAN1 DOWN" queue=\
    DOWN
add name="WAN1 - Resto - tx" packet-mark=resto parent="WAN1 UP" queue=UP
/routing bgp template
set default disabled=no output.network=bgp-networks
/routing table
add disabled=yes fib name=to_ISP1
add disabled=yes fib name=to_ISP2
/caps-man manager
set enabled=yes
/caps-man manager interface
set [ find default=yes ] forbid=yes
add disabled=no interface=bridge1
/caps-man provisioning
add action=create-dynamic-enabled master-configuration=configuracion_barentz
/interface bridge port
add bridge=bridge1 ingress-filtering=no interface=ether3
add bridge=bridge1 ingress-filtering=no interface=ether4
add bridge=bridge1 ingress-filtering=no interface=ether5
add bridge=bridge1 ingress-filtering=no interface=ether6
add bridge=bridge1 ingress-filtering=no interface=ether7
add bridge=bridge1 ingress-filtering=no interface=ether8
add bridge=bridge1 ingress-filtering=no interface=ether9
add bridge=bridge1 ingress-filtering=no interface=ether10
/ip neighbor discovery-settings
set discover-interface-list=all
/ip settings
set max-neighbor-entries=8192
/ipv6 settings
set disable-ipv6=yes max-neighbor-entries=8192
/interface ovpn-server server
set auth=sha1,md5
/ip address
add address=192.168.101.1/24 comment="LAN SUBNET" interface=bridge1 network=\
    192.168.101.0

/ip cloud
set ddns-enabled=yes ddns-update-interval=1m

/ip dhcp-server network
add address=192.168.101.0/24 dns-server=192.168.101.1 gateway=192.168.101.1
/ip dns
set allow-remote-requests=yes max-udp-packet-size=512 query-server-timeout=1s \
    servers=8.8.4.4,8.8.8.8
/ip firewall address-list
add address=192.168.101.0/24 list=LocalLan
add address=xxxxxxxxxxxx/24 list=SubnetWAN1
add address=xxxxxxxxxxxx/24 list=SubnetWAN2
add address=cloud.mikrotik.com list=Cloud
add address=cloud2.mikrotik.com list=Cloud2
/ip firewall filter
add action=accept chain=input dst-port=8291 protocol=tcp
add action=accept chain=input comment="Alow access Router from LAN" \
    src-address-list=LocalLan
add action=drop chain=forward comment="drop invalid" connection-state=invalid
add action=accept chain=forward comment="allow conn from LAN" \
    connection-state=new in-interface=bridge1
add action=accept chain=forward comment="allow established" connection-state=\
    established
add action=accept chain=forward comment="allow related" connection-state=\
    related
add action=drop chain=forward comment="drop all fwd"
add action=accept chain=input comment="allow established to router" \
    connection-state=established
add action=accept chain=input comment="allow related to router" \
    connection-state=related
add action=drop chain=input comment="Dropp all to router"
/ip firewall mangle
add action=mark-connection chain=input comment="Mark Routing  - WAN1" \
    in-interface=ether1 new-connection-mark=WAN1 passthrough=yes
add action=mark-routing chain=output connection-mark=WAN1 new-routing-mark=\
    main passthrough=no
add action=mark-connection chain=input comment="Mark Routing - WAN2" \
    in-interface=ether2 new-connection-mark=WAN2 passthrough=yes
add action=mark-routing chain=output connection-mark=WAN2 new-routing-mark=\
    main passthrough=no
add action=mark-connection chain=prerouting comment="Mark WEB" \
    new-connection-mark=web port=80,443 protocol=tcp
add action=mark-packet chain=prerouting connection-mark=web in-interface=\
    ether1 new-packet-mark=web-wan1 passthrough=no
add action=mark-packet chain=prerouting connection-mark=web in-interface=\
    ether2 new-packet-mark=web-wan2 passthrough=no
add action=mark-packet chain=prerouting connection-mark=web new-packet-mark=\
    web passthrough=no
add action=mark-connection chain=prerouting comment="Mark DNS" \
    new-connection-mark=dns port=53 protocol=udp
add action=mark-connection chain=prerouting new-connection-mark=dns port=53 \
    protocol=tcp
add action=mark-packet chain=prerouting connection-mark=dns in-interface=\
    ether1 new-packet-mark=dns-wan1 passthrough=no
add action=mark-packet chain=prerouting connection-mark=dns in-interface=\
    ether2 new-packet-mark=dns-wan2 passthrough=no
add action=mark-packet chain=prerouting connection-mark=dns new-packet-mark=\
    dns passthrough=no
add action=mark-connection chain=prerouting comment="Mark ICMP" \
    new-connection-mark=icmp protocol=icmp
add action=mark-packet chain=prerouting connection-mark=icmp in-interface=\
    ether1 new-packet-mark=icmp-wan1 passthrough=no protocol=icmp
add action=mark-packet chain=prerouting connection-mark=icmp in-interface=\
    ether2 new-packet-mark=icmp-wan2 passthrough=no protocol=icmp
add action=mark-packet chain=prerouting connection-mark=icmp new-packet-mark=\
    icmp passthrough=no protocol=icmp
add action=mark-connection chain=prerouting comment="Mark QUIC" \
    new-connection-mark=quic port=443 protocol=udp
add action=mark-packet chain=prerouting connection-mark=quic in-interface=\
    ether1 new-packet-mark=quic-wan1 passthrough=no protocol=udp
add action=mark-packet chain=prerouting connection-mark=quic new-packet-mark=\
    quic passthrough=no protocol=udp
add action=mark-packet chain=prerouting connection-mark=quic in-interface=\
    ether2 new-packet-mark=quic-wan2 passthrough=no protocol=udp
add action=mark-connection chain=prerouting comment="Mark RESTO" \
    new-connection-mark=resto
add action=mark-packet chain=prerouting connection-mark=resto in-interface=\
    ether1 new-packet-mark=other-wan1 passthrough=no
add action=mark-packet chain=prerouting connection-mark=resto \
    new-packet-mark=other passthrough=no
add action=mark-packet chain=prerouting connection-mark=resto in-interface=\
    ether2 new-packet-mark=other-wan2 passthrough=no
/ip firewall nat
add action=masquerade chain=srcnat comment="Masquerade - WAN1" out-interface=\
    ether1 src-address-type=""
add action=masquerade chain=srcnat comment="Masquerade - WAN2" out-interface=\
    ether2
 
sindy
Forum Guru
Forum Guru
Posts: 10205
Joined: Mon Dec 04, 2017 9:19 pm

Re: Mangle Rules vs QueueTree - 0 packts on the latter  [SOLVED]

Sun Jul 03, 2022 8:16 pm

Could it be as simple as that the new-packet-mark values assigned by the mangle rules are other, other-wan1, other-wan1 whereas those matched on by the queues are resto, resto-wan1, and resto-wan2?

Other than that, you may save a tiny bit of CPU by only setting the connection-mark when handling the initial packet of each connection (connection-state=new); as another optimisation, you may let one queue per direction match on packet-mark=no-mark, so that you wouldn't need to assign any packet-mark to the traffic with the highest volume.
 
densukke
just joined
Topic Author
Posts: 16
Joined: Sun Jun 05, 2022 4:11 pm

Re: Mangle Rules vs QueueTree - 0 packts on the latter

Sun Jul 03, 2022 8:36 pm

sindy! thanks for the reply, I just realized what my issue is:

--
add action=mark-connection chain=prerouting comment="Mark RESTO" \
new-connection-mark=resto
add action=mark-packet chain=prerouting connection-mark=resto in-interface=\
ether1 new-packet-mark=other-wan1 passthrough=no
add action=mark-packet chain=prerouting connection-mark=resto \
new-packet-mark=other passthrough=no
add action=mark-packet chain=prerouting connection-mark=resto in-interface=\
ether2 new-packet-mark=other-wan2 passthrough=no
--
https://drive.google.com/file/d/1OEUxMM ... sp=sharing
what is going on??
 
densukke
just joined
Topic Author
Posts: 16
Joined: Sun Jun 05, 2022 4:11 pm

Re: Mangle Rules vs QueueTree - 0 packts on the latter

Sun Jul 03, 2022 8:40 pm

disregard Sindy! many thanks for pointing out the error was in between the keyboard and the chair,

have a good weekend!
 
Zacharias
Forum Guru
Forum Guru
Posts: 3459
Joined: Tue Dec 12, 2017 12:58 am
Location: Greece

Re: Mangle Rules vs QueueTree - 0 packts on the latter

Sun Jul 03, 2022 8:55 pm

Not relevant to the initial question but,
as in the simple queues with a parent-child setup, the queue type should be set on the child queues and not on the parent...
Unless i don't remember correctly... :D
 
densukke
just joined
Topic Author
Posts: 16
Joined: Sun Jun 05, 2022 4:11 pm

Re: Mangle Rules vs QueueTree - 0 packts on the latter

Sun Jul 03, 2022 9:31 pm

thanks for the follow up Zacharias, is there any conflict on setting this in the parent queue? i can probably try reverting to *default*, and see if there is any change...
 
Zacharias
Forum Guru
Forum Guru
Posts: 3459
Joined: Tue Dec 12, 2017 12:58 am
Location: Greece

Re: Mangle Rules vs QueueTree - 0 packts on the latter

Sun Jul 03, 2022 9:39 pm

thanks for the follow up Zacharias, is there any conflict on setting this in the parent queue? i can probably try reverting to *default*, and see if there is any change...
No there is no conflict, it simply does nothing... you can test and see how it goes...

Who is online

Users browsing this forum: ekinsl, Google [Bot] and 73 guests