Qo s of service with winbox
- 1. © MikroTik 2008 MikroTik RouterOS Workshop QoS Best Practice Prague MUM Czech Republic 2009
- 2. © MikroTik 2008 2 Q: Is it possible to prioritize traffic by type for every single client while having strict per-user limitations on the same router? A: Yes! Q: What will I need to achieve that? A: You will need: 1)Packet Flow Diagram 2)HTB (queue tree), 3)Mangle, 4)PCQ, 5)Address List Questions and Answers
- 3. © MikroTik 2008 3 Mangle The mangle facility allows you to mark IP packets with special marks. These marks are used by other router facilities like routing and bandwidth management to identify the packets. Additionally, the mangle facility is used to modify some fields in the IP header, like TOS (DSCP) and TTL fields.
- 4. © MikroTik 2008 4 Hierarchical Token Bucket All bandwidth management implementation in RouterOS is based on Hierarchical Token Bucket (HTB) HTB allows you to create hierarchical queue structure and determine relations between queues RouterOS supports 3 virtual HTBs (global-in, global-total, global-out) and one more just before every output interface
- 5. © MikroTik 2008 5 QoS Packet Flow This diagram is created from RouterOS Packet Flow diagram. http://wiki.mikrotik.com/wiki/Packet_Flow
- 6. © MikroTik 2008 6 Double QoS It is possible to mark and shape traffic twice in the same router: Mangle chain Prerouting – for first marking Global-in HTB – for first shaping Mangle chain Forward or Postrouting for second marking Global-out or Out-interface HTB for second marking Double QoS is only possible with Queue Tree
- 7. © MikroTik 2008 7 Why not Simple Queues? Simple queues are ordered - similar to firewall rules In order to get to 999th queue packet will have to be checked for match to all 998 previous queues Each simple queue might stand for 3 separate queues: One in Global-in (“direct” part) One in Global-out (“reverse” part) One in Global-total (“total” part)
- 8. © MikroTik 2008 8 Simple Queues and Mangle
- 9. © MikroTik 2008 9 Queue Tree Tree queue is one directional only and can be placed in any of the available HTBs Queue Tree queues don't have any order – all traffic is processed simultaneously All child queues must have packet marks from “/ip firewall mangle” facility assigned to them If placed in the same HTB, Simple queue will take all the traffic away from the Queue Tree queue
- 10. © MikroTik 2008 10 Global-Out or Interface HTB? There are two fundamental differences In case of SRC-NAT (masquerade) Global-Out will be aware of private client addresses, but Interface HTB will not – Interface HTB is after SRC-NAT Each Interface HTB only receives traffic that will be leaving through a particular interface – there is no need for to separate upload and download in mangle
- 11. © MikroTik 2008 11 Conclusions We will use mangle and queue tree: Mark traffic by traffic type in mangle chain Prerouting Prioritize and limit traffic by type in Global-in HTB Re-Mark traffic by clients in mangle chain Forward Limit traffic per client in Interface HTB It is necessary to keep the amount of mangle rules and queues to a minimum to increase the performance of this configuration.
- 12. © MikroTik 2008 12 Client Limitation ~40 Mbps T3/E3 line ● You have more than 400 clients and 3 different connection types: ● Business (4Mbps/1Mbps) connection ● Standard (750kbps/250kbps) connection ● Basic (375kbps/125kbps) connection
- 13. © MikroTik 2008 13 PCQ Per Connection Queue is a queue type capable of dividing traffic into sub-streams based on selected classifiers Each sub-stream will then go through FIFO queue with queue size specified by “pcq-limit” option and maximal rate specified by “pcq-rate” option
- 14. © MikroTik 2008 14
- 15. © MikroTik 2008 15 PCQ Part 2 In order to ensure that each PCQ sub-stream represents one particular client we need to create 2 different PCQ types: PCQ_upload – source address as classifier PCQ_download - destination address as classifier PCQ will distribute available traffic equally between sub-queues until the pcq-rate is reached (if it is specified)
- 16. © MikroTik 2008 16
- 17. © MikroTik 2008 17
- 18. © MikroTik 2008 18 PCQ Types – Winbox View
- 19. © MikroTik 2008 19 Address Lists Address lists was introduced to assign multiple IP addresses/ranges to the same firewall rule, in this way reducing the total number of firewall rules and increasing router performance Address lists can be created: Manually Automatically from PPP profile – just specify address-list option and as soon as the client connects it will be added to the proper address list Automatically from RADIUS – attribute “Mikrotik:19”
- 20. © MikroTik 2008 20 Address Lists
- 21. © MikroTik 2008 21 Where?
- 22. © MikroTik 2008 22 Packet Marking Use “connection-mark” action to classify all connections based on client address list Use “packet-mark” action to classify all traffic based on connection marks Questions to think about: What speed should be available for Business client if downloading from basic client? Do you still have unmarked traffic?
- 23. © MikroTik 2008 23 Connection-mark rule
- 24. © MikroTik 2008 24 Packet-mark rule
- 25. © MikroTik 2008 25 Working Mangle- Winbox view
- 26. © MikroTik 2008 26 Working Mangle- Export view
- 27. © MikroTik 2008 27 Queue Tree – Winbox View
- 28. © MikroTik 2008 28 Queue Tree – Export View
- 29. © MikroTik 2008 29 PCQ Queue Size Total_limit = X can take up to X*(2000 bytes + 200 bytes) of RAM 2000 bytes – buffer for 1 packet 200 bytes – service data for 1 packet total_limit = 2000 =< 4,2MB RAM total_limit = 5000 =< 10,5MB RAM It can take only 40 users to fill the queue (because total_limit/limit = 2000/50 = 40) It is necessary to increase “total_limit” and/or decrease the “limit” value There should be at least 10-20 packet places in queue available per user
- 30. © MikroTik 2008 30 Queue Size
- 31. © MikroTik 2008 31 PCQ Adjustments There are ~340 Basic class clients so: pcq_limit = 40 pcq_total_limit = 7000 ( ~20*340) (~15MB) There are ~40 Standard class clients so: pcq_limit = 30 pcq_total_limit = 1000 ( ~20*40) (~2MB) There are ~20 Business class clients so: pcq_limit = 20 (!!!) pcq_total_limit = 500 ( ~20*20) (~1MB)
- 32. © MikroTik 2008 32 Traffic Prioritization Business Class Clients Standard Class Clients Basic Class Clients ~40 Mbps T3/E3 line You have problems with on-line communications (video, audio, VOIP, games) Task: Prioritize the traffic ~5Mbps abroad
- 33. © MikroTik 2008 33 Prioritization Plan
- 34. © MikroTik 2008 34 Where?
- 35. © MikroTik 2008 35 How?
- 36. © MikroTik 2008 36 Priorities Create packet marks in the mangle chain “Prerouting” for traffic prioritization in the global- in queue Ensign_services (Priority=1) User_requests (Priority=3) Communication_services (Priority=5) Download_services (Priority=7) P2P_services (Priority=8)