Skip to main content

Simple priority queuing for sip

By
This will allow you to prioritise sip traffic over other traffic both upload and download. It works well for me. This was done on a RouterBoard 1100 with RouterOS v4.15.

First for upload, mark the connection on the prerouting chain on the inbound interface (in this case ether1)

add action=mark-connection chain=prerouting comment="" connection-type=sip \
disabled=no in-interface=ether1 new-connection-mark=sip_out passthrough=\
yes

Then mark the packets based on the connection mark. No need to specify interface.

add action=mark-packet chain=prerouting comment="" connection-mark=sip_out \
disabled=no new-packet-mark=sip-out passthrough=no

*note the passthrough=no

Now repeat for download. This time the inbound interface is the pppoe interface.

add action=mark-connection chain=prerouting comment="" connection-type=sip \
disabled=no in-interface=pppoe-out1 new-connection-mark=sip-in \
passthrough=yes


And then mark the packets...


add action=mark-packet chain=prerouting comment="" connection-mark=sip-in \
disabled=no in-interface=pppoe-out1 new-packet-mark=sip-in passthrough=no


Now we need to mark all other traffic. You can mark what ever is needed if you want to prioritise anything else, such as http.

add action=mark-connection chain=prerouting comment="" disabled=no \
new-connection-mark=other passthrough=yes
add action=mark-packet chain=prerouting comment="" connection-mark=other \
disabled=no new-packet-mark=other passthrough=no


Now that all traffic is marked, we can create the queues. Under /queue tree create a parent queue for each physical interface and create child queues for the traffic within these, specifying a priority between 2 and 8. Best practice is to reserve priority 1 for network and system traffic such as routing protocols.


add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=total_down_sw1 parent=ether1 priority=8
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=total_up_pppoeout parent=pppoe-out1 priority=8
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=sip-outgoing packet-mark=sip-out parent=total_up_pppoeout \
priority=2 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=other-outgoing packet-mark=other parent=total_up_pppoeout \
priority=8 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=sip-incoming packet-mark=sip-in parent=total_down_sw1 \
priority=2 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=other-incoming packet-mark=other parent=total_down_sw1 \
priority=8 queue=default

Watch the queues and mangle rules in winbox and make a test call or two, as well as downloading and uploading data. You should see the traffic hitting all the queues.






Labels:

Comments

Post a Comment

Popular posts from this blog

Mikrotik Bridge Horizon

By
To achieve similar functionality to Cisco's private VLANS, where all ports are on the same L2 segment, but cannot exchange packets, you can use Mikrotik's Bridge Horizon feature. Basically, every port in a bridge is assigned a horizon value, and RouterOS will only forward frames to other interfaces in the bridge that have different horizon values. This means that you assign the same horizon value to the interfaces that you don't want to be able to communicate. For example, you want to bridge all your customers and use a single /24 subnet and the same gateway. Typically this is bad and poses a huge security risk, not to mention performance issues. If you assign the same horizon value to the customer interfaces, then the router will not forward traffic between customers. Customer A will not be able to ping Customer B. If you had a server, such as an IP-PBX that all customers needed to access, and you were lazy and added it to the bridge, then you would assign a diff...
Post a Comment
Read more

DHCP option 121

By
http://tools.ietf.org/html/rfc3442 This is used to add a classless  static route to the DHCP clients. To add option 121 to a Mikrotik DHCP server, it's value is specified in HEX. The format is as follows. 0xnnddddddddgggggggg where n=mask, d=destination, g=gateway. To convert ip address to HEX, you convert each octet, so 192=C0, 168=A8, 55=37, 1=01 You can use a tool such as  http://www.miniwebtool.com/ip-address-to-hex-converter/?ip=192.168.55.1 Example: To add a route to the destination network of 192.168.55.0/24 via gateway 172.16.10.1. /ip dhcp-server option add name=classlessroutes code=121 value=0x18C0A837AC100A01 where 18 is 24 in hex. *note: depending on the subnet mask, you may only need to specify 0-4 octets. In fact only the non-zero, or network portion of the subnet. Here is a table from the RFC. subnet mask Number of octets 0 0 1- 8 1 ...
Post a Comment
Read more

Mikrotik mac address filtering

By
Playing with an RB493G and wanted to allow only a certain list of mac addresses to be able to connect. We all know this type of security is in no way fool proof. The 493G has 2 switch chips in it and ports 2-5 are on switch2 and ports 1 and 6-9 are on switch1 Much like /ip firewall filter rules, switch rules are checked chronologically (top down). And like /ip firewall filter rules, you must specify a deny rule. Although there is no 'deny' rule as such, you can just specify a redirect to null (specify no port) which achieves the same result.
Post a Comment
Read more