Differences

This shows you the differences between two versions of the page.

--- networking:router:mikrotik_qos [2014/08/20 08:34]
gcooper
+++ networking:router:mikrotik_qos [2019/03/14 07:57] (current)
gcooper
@@ Line 3: / Line 3: @@
 See also **[[https://www.sonoracomm.com/wiki/doku.php?do=search&id=mikrotik|other Mikrotik pages in this wiki]]**
-**Enterprise QoS – A consistent QoS strategy**: http://ethancbanks.com/2013/09/16/enterprise-qos-part-00-series-introduction/
+https://www.mikrotik-routeros.com/2014/05/the-mother-of-all-qos-trees-v6-0/
 **Background**: http://www.rhyshaden.com/qos.htm
+**Background**: http://wiki.mikrotik.com/wiki/NetworkPro_on_Quality_of_Service
+**Marking Connections**: http://forum.mikrotik.com/viewtopic.php?t=49106#p249410
+**Bridged**: http://wiki.mikrotik.com/wiki/TransparentTrafficShaper
 **Snom Wiki**: http://wiki.snom.com/Category:HowTo:QoS
 **Service Provider**: http://wiki.mikrotik.com/wiki/Traffic_Priortization,_RouterOS_QoS_Implemetation
+**Script**: http://wiki.mikrotik.com/wiki/Traffic_Prioritization_Script
+**Enterprise QoS – A consistent QoS strategy**: http://ethancbanks.com/2013/09/16/enterprise-qos-part-00-series-introduction/
 http://gregsowell.com/?p=4665
@@ Line 17: / Line 27: @@
 ===== Generic QoS Comments =====
-There is layer 2 and layer 3 QoS.
+**There is layer 2 and layer 3 QoS.**
-Layer 2 is practically VLAN, where you give the packets in that VLAN a higher priority than packets in the default VLAN. The Ethernet switch is here the device that you need to control. If you do it right, you can have a ISDN-like quality level in your LAN, even if there is very heavy traffic in the LAN. You can set that up manually, but better is to use LLDP which is a kind of DHCP for the VLAN.
+**Layer 2** is in practice VLANs, where you give the packets in that VLAN a higher priority than packets in the default VLAN. The Ethernet switch is here the device that you need to control. If you do it right, you can have an ISDN-like quality level in your LAN, even if there is very heavy traffic in the LAN. You can set that up manually, but better is to use LLDP which is a kind of DHCP for the VLAN.
-Layer 3 is using some bits in the IP header to tell the router with what priority the packet needs to be routed. The point here is that you need to have the router under your control. Those QoS bits are practically never used when you send a packet over the public Internet. But you can use then for example if you have a large corporate network where you control the routers.
+**Layer 3** is using some bits in the IP header to tell the router with what priority the packet needs to be routed. The point here is that you need to have the router under your control. Those QoS bits are practically never used when you send a packet over the public Internet. But you can use them, for example, if you have a large corporate network where you control the routers.
-From the PBX perspective, the PBX stays out of the discussion. You need to make sure that the PBX has a interface that has the VLAN set up right. The PBX tags like the phone the packets with reasonable bits on layer 3, so that the subsequent routers can process the packet accordingly.
+From the **PBX perspective**, the PBX stays out of the discussion. You need to make sure that the PBX has an interface that has the VLAN set up correctly. The PBX tags (like the phones) the packets with reasonable bits on layer 3, so that the subsequent routers can process the packet accordingly.
 ===== DSCP and ToS Conversion =====
@@ Line 31: / Line 41: @@
 ^	^Voice Bearer  ^Control	^Video      ^
 |DSCP	|46 (EF)       |24 (CS3)	|34 (AF41)  |
-|COS	|5	       |3            |4          |
+|COS	|5	       |3               |4          |
 ==== More Complete Chart ====
 {{ :networking:router:dscp_tos.png |DSCP Conversion Chart}}
+===== Throttle Traffic =====
+You can use Simple Queues to throttle all traffic to or from an IP address.
+  * Throttle Printer Traffic
+{{ :networking:router:mikrotik_simple_queues_printers.png?750 |Simple Queues}}
+===== Lite Script =====
+FIXME Untested
+:!: This script may be appropriate in a CPE router with an IP PBX behind it.
+http://forum.mikrotik.com/viewtopic.php?f=13&t=73214#p371300
+  * This is a very simple script with just two levels of priority
+    * It prioritizes VoIP and that's it
+  * Internet service in this example is 5M down and 1M up
+  * Max-limit is the maximum amount that marked traffic may reach
+    * This is necessary for the algorithms to function and must not be 0
+    * Choose a value 80%-90% of your tested speed to prevent the ISP's equipment from [[http://forum.mikrotik.com/viewtopic.php?f=13&t=73214&p=371363#p371361|buffering]]
+  * Replace ''192.168.100.5'' withthe IP of your IP-PBX
+<file>
+# Qos Script Lite v1.0
+# September 7, 2013
+# Compatible with RouterOS 6.3
+# Rename ether-WAN and ether-LAN to match your environment
+# Mark all UDP traffic for an IP-PBX.
+/ip firewall mangle
+add chain=forward action=mark-connection protocol=udp   src-address=192.168.100.5 connection-state=new new-connection-mark="VOIP" comment="IP-PBX"
+add chain=forward action=mark-packet     passthrough=no connection-mark="VOIP"    new-packet-mark="VOIP"
+add chain=forward action=mark-connection protocol=udp   dst-address=192.168.100.5 connection-state=new new-connection-mark="VOIP"
+add chain=forward action=mark-packet     passthrough=no connection-mark="VOIP"    new-packet-mark="VOIP"
+# Mark everything else.
+add chain=forward action=mark-connection connection-mark=no-mark                  new-connection-mark="OTHER" comment="OTHER"
+add chain=forward action=mark-packet     passthrough=no connection-mark="OTHER"   new-packet-mark="OTHER"
+# Create two queue trees set to 90% of ISP Internet service.
+/queue tree
+add name="LEVEL_A_UP"   parent=ether-WAN queue=default max-limit=900k
+add name="LEVEL_A_DOWN" parent=ether-LAN queue=default max-limit=4M
+add name="LEVEL_B_UP"   parent=ether-WAN queue=default max-limit=900k
+add name="LEVEL_B_DOWN" parent=ether-LAN queue=default max-limit=4M
+# Add our marked connections as children of queue so priority works.
+add name="VOIP_U"       parent="LEVEL_A_UP"   packet-mark="VOIP"  queue=default priority=1
+add name="VOIP_D"       parent="LEVEL_A_DOWN" packet-mark="VOIP"  queue=default priority=1
+add name="OTHER_U"      parent="LEVEL_B_UP"   packet-mark="OTHER" queue=default priority=2
+add name="OTHER_D"      parent="LEVEL_B_DOWN" packet-mark="OTHER" queue=default priority=2
+</file>
+===== More Flexible Script =====
+http://forum.mikrotik.com/viewtopic.php?f=13&t=73214#p371301
+FIXME Untested
+<file>
+# Date: November 11, 2013
+# Version: 1.2
+# Tested with RouterOS 6.6
+# Rename ether-WAN and ether-LAN to match your environment
+###############################################################################
+# Mangle
+#
+# Using prerouting/postrouting since we don't have dst or src checks.
+#
+/ip firewall mangle
+###############################################################################
+# DNS requests. Mark in two places because DNS is sent out by the router (itself) too.
+add chain=prerouting  action=mark-connection protocol=udp   port=53 connection-state=new new-connection-mark="DNS"  comment="DNS"
+add chain=prerouting  action=mark-packet     passthrough=no connection-mark="DNS"        new-packet-mark="DNS"
+add chain=postrouting action=mark-connection protocol=udp   port=53 connection-state=new new-connection-mark="DNS"
+add chain=postrouting action=mark-packet     passthrough=no connection-mark="DNS"        new-packet-mark="DNS"
+# Mark all VoIP traffic. We've set all our equiptment to use SIP 5060,5061 and RTP 10000-20000.
+add chain=prerouting  action=mark-connection protocol=udp   port=5060,5061,10000-20000   new-connection-mark="VOIP" comment="VOIP"
+add chain=prerouting  action=mark-packet     passthrough=no connection-mark="VOIP"       new-packet-mark="VOIP"
+# Mark all UDP traffic. Mark different UDP streams if you want more granularity.
+add chain=prerouting  action=mark-connection protocol=udp   connection-state=new         new-connection-mark="UDP" comment="UDP"
+add chain=prerouting  action=mark-packet     passthrough=no connection-mark="UDP"        new-packet-mark="UDP"
+# Ping replies. Mark in two places because ICMP is sent out by the router (itself) too.
+add chain=prerouting  action=mark-connection protocol=icmp  connection-state=new         new-connection-mark="ICMP" comment="ICMP"
+add chain=prerouting  action=mark-packet     passthrough=no connection-mark="ICMP"       new-packet-mark="ICMP"
+add chain=postrouting action=mark-connection protocol=icmp  connection-state=new         new-connection-mark="ICMP"
+add chain=postrouting action=mark-packet     passthrough=no connection-mark="ICMP"       new-packet-mark="ICMP"
+# ACK traffic. Based on viewtopic.php?f=2&t=67965
+add chain=postrouting action=mark-packet passthrough=no protocol=tcp tcp-flags=ack packet-size=0-123 new-packet-mark="ACK" comment="ACK"
+add chain=prerouting  action=mark-packet passthrough=no protocol=tcp tcp-flags=ack packet-size=0-123 new-packet-mark="ACK"
+# Mark all new HTTP(s) connections with "HTTP" if they have not previously been marked as "HTTP_BIG".
+# If the current mark of "HTTP" tranfers more than 5MB and at a rate of 200k+ then mark it as "HTTP_BIG" for the duration of the TCP session.
+add chain=prerouting  action=mark-connection protocol=tcp   connection-mark=!"HTTP_BIG"  new-connection-mark="HTTP"     connection-state=new      port=80,443  comment="HTTP"
+add chain=prerouting  action=mark-connection protocol=tcp   connection-mark="HTTP"       new-connection-mark="HTTP_BIG" connection-bytes=500000-0 connection-rate=200k-100M
+add chain=prerouting  action=mark-packet     passthrough=no connection-mark="HTTP_BIG"   new-packet-mark="HTTP_BIG"
+add chain=prerouting  action=mark-packet     passthrough=no connection-mark="HTTP"       new-packet-mark="HTTP"
+# Mark everything else that has no mark applied.
+add chain=prerouting action=mark-connection  connection-mark=no-mark                     new-connection-mark="OTHER" comment="OTHER"
+add chain=prerouting action=mark-packet      passthrough=no connection-mark="OTHER"      new-packet-mark="OTHER"
+###############################################################################
+# HTB Queue Tree a unidirectional queue
+#
+# Based on 90% of 1Mup/5Mdown Internet service.
+#
+# Notes:
+# priority means 'drop packets' WHEN needed.
+# When limit-at=0   priority starts when max-limit is reached.
+# When limit-at=123 priority starts when limit-at is reached.
+#
+# The priority option applies to children not parents. Parent is for setting
+# overall limits. Therefore use limit-at and max-limit on the children if
+# you want more granularity.
+#
+# max-limit must always be set or priority will not happen.
+#
+# Tips for TCP (not VoIP) SOHO network:
+# limit-at  = Total bandwidth / max hosts
+# max-limit = Total bandwidth / min hosts
+#
+/queue tree
+###############################################################################
+# The secret to ensuring VoIP quality (or any UDP traffic) is to put it into
+# a queue that will never be full and thus never prioritize (drop) packets.
+add name="LEVEL_A_UP"   parent=ether-WAN  queue=default max-limit=900k
+add name="LEVEL_A_DOWN" parent=ether-LAN  queue=default max-limit=4M
+# Next, create a queue for high priority traffic.
+add name="LEVEL_B_UP"   parent=ether-WAN  queue=default max-limit=900k
+add name="LEVEL_B_DOWN" parent=ether-LAN  queue=default max-limit=4M
+# Finally, create a queues for traffic that normally exceeds levels.
+add name="LEVEL_C_UP"   parent=ether-WAN  queue=default max-limit=900k
+add name="LEVEL_C_DOWN" parent=ether-LAN  queue=default max-limit=4M
+# A
+add name="VOIP_U"       parent="LEVEL_A_UP"    packet-mark="VOIP"     queue=default priority=1
+add name="VOIP_D"       parent="LEVEL_A_DOWN"  packet-mark="VOIP"     queue=default priority=1
+# B
+add name="ACK_U"        parent="LEVEL_B_UP"    packet-mark="ACK"      queue=default priority=1
+add name="ACK_D"        parent="LEVEL_B_DOWN"  packet-mark="ACK"      queue=default priority=1
+add name="DNS_U"        parent="LEVEL_B_UP"    packet-mark="DNS"      queue=default priority=2
+add name="DNS_D"        parent="LEVEL_B_DOWN"  packet-mark="DNS"      queue=default priority=2
+add name="UDP_U"        parent="LEVEL_B_UP"    packet-mark="UDP"      queue=default priority=3
+add name="UDP_D"        parent="LEVEL_B_DOWN"  packet-mark="UDP"      queue=default priority=3
+add name="ICMP_U"       parent="LEVEL_B_UP"    packet-mark="ICMP"     queue=default priority=4
+add name="ICMP_D"       parent="LEVEL_B_DOWN"  packet-mark="ICMP"     queue=default priority=4
+# C
+add name="HTTP_U"       parent="LEVEL_C_UP"    packet-mark="HTTP"     queue=default priority=1
+add name="HTTP_D"       parent="LEVEL_C_DOWN"  packet-mark="HTTP"     queue=default priority=1
+add name="HTTP_BIG_U"   parent="LEVEL_C_UP"    packet-mark="HTTP_BIG" queue=default priority=2
+add name="HTTP_BIG_D"   parent="LEVEL_C_DOWN"  packet-mark="HTTP_BIG" queue=default priority=2
+add name="OTHER_U"      parent="LEVEL_C_UP"    packet-mark="OTHER"    queue=default priority=3
+add name="OTHER_D"      parent="LEVEL_C_DOWN"  packet-mark="OTHER"    queue=default priority=3
+</file>

Virtual Architects Support Wiki

User Tools

Site Tools

Differences

Page Tools