Before setting up a router (it doesn’t matter - an office hardware router for $ 50 or a server-based software router with two 4-core processors) - it’s important to understand how packets move along chains (study in online documentation
Packet Flow Diagram s).
It is impossible to properly manage and maintain complex configurations without an understanding of what, where, when, and why.
In the case of traffic bridging (Layer 2 (MAC)), the routing is presented in the form of a
black gray
Layer3 “box”,
...
')
in the case of routing traffic (Layer 3 (IP)) - bridging is presented in the form of a gray “box”
bridging ,
Shortcut:
Hereinafter, QoS in MikroTik ROS means shaping.
Shaping - "change shape."
Those. we change the form of interfaces loading graphs - we manage bandwidth by setting limits (limit) either by type of traffic, or by “users” or “services” (by their IP addresses, ports, and other criteria).
In different contexts for different equipment or software such concepts as QoS (quality of service), shaping, policing, prioritization - may have a different “shade of meaning”. There are many concepts, implementations, algorithms.
The entire bandwidth management implementation in RouterOS is based on a hierarchy -
Hierarchical Token Bucket (
HTB ).
HTB allows you to create hierarchical (tree) queue structures and define relationships between them.
RouterOS 5.x supports 3 virtual HTBs (global-in, global-total, global-out) and one more just before each output interface:
It is important to understand that several threads pass through the router.
It does not mean a TCP / UDP session.
For example, in the simplest case, we have one physical interface of the router - Public,
and the second physical interface is Local.
Total - we have two streams of packets passing through the router - let's call it conditionally Download and Upload streams.
For Download traffic, the input interface will be Public, the output interface will be Local.
Conversely, for the traffic upload, the input interface will be Local, the output interface will be Public.
In this case, the packet movement diagram and the flow processing logic will be absolutely the same for both flows.
In other words - for the router, the role of the interface is irrelevant - i.e. division into Public and Local - conditionally.
Download stream
Upload stream
_______________________________________________________________________________
There is a misconception that the shaping + NAT + PCQ type of queue does not work in ROS.
Taki works great.
I guarantee it.
Specify Global-out as the parent of the Queue Tree tree (and not the physical output interfaces) - for both Upload and Download traffic. This is stated in the documentation.
Label packets, for example, in Mangle Forward - separately for Upload and Download traffic, and use the PCQ type of queue on health where speed limits are indicated. This plan for cutting speeds to users - works in any case - regardless of the presence / absence of NAT, pppoe / l2tp / pptp, IpoE, Hotspot.
Simple Queue:
Do not use Simple Queue in ROS versions up to 5th inclusive, if you have a large number of users, the performance drops dramatically.
Simple queues go in order - like firewall rules.
Packets of the 999th queue will be checked for compliance with each of the 998 previous queues.
Each simple queue can stand in 3 separate queues:
One in Global-in (“direct” part)
One in Global-out (“reverse” part)
One in Global-total (“total” part)
Use the
queue tree queue tree .
When packets pass through a router, they go through all 4 HTB trees.
When packets arrive at the router, they pass only global-in and global-total HTB.
When packets leave the router, they go through only global-out, global-total and inerface HTB.
If the queue has at least one descendant, it is the parent queue.
All child queues (it doesn't matter how many parent levels they have) are on the same lower HTB level.
Descendants create real traffic consumption, parents are responsible only for traffic distribution.
Descendants will first receive a limit of traffic limit-at, and the rest of the traffic will be distributed by parents.
HTB has two speed limits:
- CIR (guaranteed data transfer rate) - (limit-at in RouterOS): in the worst case scenario, the stream will receive this amount of traffic, no matter what (if we can actually send so much data).
- MIR (maximum data transfer rate) - (max-limit in RouterOS): under the best scenario, the flow rate can be increased if the parent queue has bandwidth reserve.
First of all, HTB will try to satisfy every child with limit-at speed - and only then will it try to reach max-limit.
The maximum speed of the parent must be equal to or greater than the sum of the guaranteed speeds of the descendants.
MIR (parent) ≥ CIR (descendant_1) + ... + CIR (descendant_N).
The maximum speed of any descendant must be less than or equal to the maximum speed of the parent.
MIR (parent) ≥ MIR (descendant_1)
MIR (parent) ≥ MIR (descendant_2)
MIR (parent) ≥ MIR (descendant_N)
The priority works only for descendants (there is no sense in changing the priority of the parents)
1 is top priority
8 - the lowest priority
The queue with a higher priority gets the opportunity to get the maximum speed (max-limit) before the queues with a lower priority.
The actual traffic prioritization will work only if limits are set. No queued queue will not be “prioritized”.
Burst:
The QoS Burst feature is one of the best ways to improve the quality of web surfing for clients.
Burst allows higher data rates for a shorter period of time.
If the average data transfer rate is less than the burst threshold (burst-threshold), the burst can be used (the actual data transfer rate can reach the burst-limit limit).
The average data transfer rate is calculated from the last burst-time seconds.
The average data transfer rate is calculated as follows:
- burst-time is divided into 16 segments;
- the router calculates the average data transfer rate of each class on these small segments;
Please note that the actual length of time burst is not the same as burst-time. It may be several times smaller than the burst-time, depending on max-limit, burst-limit, burst-threshold and actual data transfer rate history.
Using Burst makes sense either only at home or in a small office. Or a relatively small provider with “small” tariffs - for example, 256k, 512k, 1024k. Since tariffs from 2 megabits and above are already comfortable enough for surfing the web anyway - so the effect of the birst will be subtle.
With a large number of users and modern tariffs, it may be inappropriate to use the burst in terms of software router performance (but you decide).
Queue size:
Queue size has a direct impact on queue performance — it is the choice between packet loss and increase in latency (latency).
In RoutesOS, the queue size is common for one type of queue (i.e. there can be many queues of the same type - but the queue size will be the same - and therefore specified in Queue Types).
Destruction of legends:
Here's how everything actually WORKS:
‣ HTB prioritization does not change the sequence of packets — it does not rearrange one packet before the other;
‣ In HTB, prioritization is a tool that helps decide which packets will pass on and which packets will be dropped.
‣ The decision to drop a package is based on limits — thus, if speed limits are not set, then priorities have no effect.
‣ Priority also does not affect the traffic of packets moving at a speed less than or equal to the guaranteed (CIR). Packets simply pass through the QoS algorithm (even if parents really cannot provide such bandwidth).
‣ QoS cannot control the amount of incoming traffic that you see on any of the interfaces of the router.
‣ In the packet movement diagram, you can see that the HTB global-in is located after the input interface, where the traffic arriving at the router is registered.
‣ At the same time, the effect of reducing traffic is most likely the effect of the behavior of the TCP protocol.
‣ The only way to see QoS in action is to monitor the data transmission (TX) of the opposite interface.
In other words - you can’t affect your actual incoming traffic using your QoS that you have actually arrived at any of the interfaces of the router - after all neither your users, nor the “world” know anything about your QoS.
!!! But this does not mean that QoS does not work.
You can manipulate the traffic of all streams (both Download and Upload) inside the router - deciding how much and how much traffic will leave the router (it will pass through the router further).
‣ QoS can not know what the actual bandwidth is available.
The output interface driver is the first to know what bandwidth you actually have. But in the packet movement diagram, you can see that the output interface is already after all HTBs.
The interface driver knows only the maximum hardware interface limit, but if the actual limit is less, the only way to provide the QoS algorithm with real bandwidth information is to manually specify all limits.
(Moreover, some network administrators recommend specifying 80-90% of the maximum total bandwidth of the channel - to ensure the creation of a queue at home, that is, to create a reserve of bandwidth, otherwise the “extra” traffic will be lost in vain by your superior provider, which also cuts The speed you need is according to the
purchased tickets of the paid band.
Of course - we are talking about a guaranteed channel from a higher provider, or unguaranteed, but stable - in fact - most of the day.
I personally do not practice this, because I fulfill the following rule - “in time to expand the external channel with a small stock of actual utilization in the CHNN”. Fortunately, there are no technical / economic restrictions (but not everyone has the same situation).
There is a lot of controversy about whether double QoS (Double QoS) is possible in Mikrotik Router OS.
The answer is possible.
Double QoS is meant to simultaneously shape by the type of traffic (for example, preload total p2p and give priority to web traffic during the highest load hours (CNN), and cut the speed separately for each user (at the rate).
For example, like this:
1. shaping by type of traffic:
- traffic marking in mangle pre-routing - shaping in global-in
2. cutting bands by user:
- traffic marking in mangle forward - shaping in global out
Identifying traffic by type is a creative work with many solutions, and this is beyond the scope of this article.
Shaping by type of traffic is possible or necessary - when you have problems with the availability of the required band (technical / financial) and when you have relatively few users - (home / office / small network) - when you know which protocols / services / applications are used online and you have feedback with users. because it is easy to kill useful traffic, especially when protocols / services / applications are rapidly changing.
Those. constantly need to keep abreast of and update signatures :)
I do not practice shaping by traffic type - for the following reasons:
- no problem with channel expansion
- I do not have the right to decide for users - which type of traffic is worse or better than another (for example - with what a fright I have the right to cut torrents)
- the number of users, which means there are so many services, protocols and types of traffic - that it is not possible to constantly monitor this.
- precisely because of the large number of users (thousands of them) - identification of traffic by its types - it will take a lot of software router resources. This work should be done by a specialized operator-level hardware (such things, for example, are set by mobile operators - tobish OPPS) - otherwise you will kill a very limited frequency resource with torrents)
I just cut speeds to customers at rates and forget about the existence of servers / routers / switches for a very long time.
An important note - when we talk about shaping by the type of traffic, we are talking about the total traffic of the entire router, and not about the prioritization of the type of traffic within each user's band. Although this is also possible - but it requires tremendous processing power (there will be a lot of Firewall prophiles for each user), and if we are talking about hundreds / thousands of users, you should not do this - this is work for hardware hardware that cost about hundreds of thousands of dollars.
If we are talking about a house or a small office, then it’s quite realistic to do so that your brother, while downloading torrents, does not worsen his web surfing, and doesn’t interfere at all with his sister and mother. To do this, Dad must set up QoS and burn the password from the router. And if the older brother threw off the router in the default settings - to reset / change the password - then he
gets n *** she loses his pocket money and gets a house arrest for a week and must read and retell the novel "War and Peace".
Another important note - some of the things mentioned above - are only for versions MikroTik ROS 4 and 5.
Version 6 has significant differences. For example, the Simple Queue is completely reworked there and the movement pattern of the packages is changed.
About this in the translation of the presentation:
What's new in version 6 of MikroTik RouterOS
In great detail with examples of different tariffs about setting the shaper you can find in my article on xgu.ru:
xgu.ru/wiki/billing_Ideco_ACP_%2B_MikroTik_ROS .
All this information and even more plus pictures can be found in my translations of official presentations there:
wiki.mikrotik.com/wiki/Russian/QoS
and
wiki.mikrotik.com/wiki/Russian/QoS2011
PS Outcome:
!!! QoS is working.
You just need to understand how and for what tasks traffic control mechanisms should be used and be able to “prepare” this.
(have a brain).