Versions Compared

Old Version 24

changes.mady.by.user Rihards Vārna

Saved on

compared with

New Version Current

changes.mady.by.user Guntis G.

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: typos

...

Queue implementation in MikroTik RouterOS is based on Hierarchical Token Bucket (HTB). HTB allows to the creation of a hierarchical queue structure and determines relations between queues. These hierarchical structures can be attached at two different places, the the Packet Flow diagram illustrate illustrates both input and postrouting chains.

...

  • /queue simple menu - designed to ease the configuration of simple, every day queuing tasks (such as single client upload/download limitation, p2p traffic limitation, etc.).
  • /queue tree menu - for implementing advanced queuing tasks (such as global prioritization policy, and user group limitations). Requires marked packet flows from from  /ip firewall mangle facility.

RouterOS provides a possibility to configure queue in 8 levels -  the first level is an interface queue from the "/queue interface" menu and the other 7 are lower-level queues that can be created in Queue Simple and/or Queue Tree.

Rate limitation principles


Rate limiting is used to control the rate of traffic flow sent or received on a network interface. Traffic which with rate that is less than or equal to the specified rate is sent, whereas traffic that exceeds the rate is dropped or delayed.

...

  1. discard all packets that exceed rate limit – rate-limiting (dropper or shaper) (100% rate limiter when queue-size=0)
  2. delay packets that exceed the specific rate limit in the queue and transmit its them when it is possible – rate equalizing (scheduler) (100% rate equalizing when queue-size=unlimited)

Next The next figure explains the difference between rate limiting and rate equalizing:

...

For each queue we can define two rate limits:

  • CIR (Committed Information Rate) – (limit-at in RouterOS) worst-case scenario, the flow will get this amount of traffic rate regardless of other traffic flows. At any given time, the bandwidth should not fall below this committed rate.
  • MIR (Maximum Information Rate) – (max-limit in RouterOS) best-case scenario, the maximum available data rate for flow, if there is free any part of the bandwidth.

...

We have a 15 Mbps connection available from ISP in this case. We want to be sure the server receives enough traffic, so we will configure a simple queue with a limit-at parameter to guarantee a server to receive receives 5Mbps:

Code Block
languageros
/queue simple
add limit-at=5M/5M max-limit=15M/15M name=queue1 target=192.168.88.251/32

...

The queue tree creates only a one-directional queue in one of the HTBs. It is also the only way how to add a queue on a separate interface. This way it is possible to ease mangle configuration - you don't need separate marks for download and upload - only the upload will get to the Public interface and only the download will get to a Private interface. The main difference from Simple Queues is that the Queue tree is not ordered - all traffic passes it together.

Configuration example

In the following example, we will mark all the packets coming from preconfigured in-interface-list=LAN and will limit the traffic with a queue tree based on these packet marks.

...

This sub-menu list by default created queue types and allows to add the addition of new user-specific ones.

By default, RouterOS creates the following pre-defined queue types:

...

All MikroTik products have the default queue type "only-hardware-queue" with "kind=none". "only-hardware-queue" leaves the interface with only hardware transmit descriptor transmit descriptor ring buffer which acts as a queue in itself. Usually, at least 100 packets can be queued for transmit in the transmit descriptor ring buffer. Transmit descriptor ring buffer size and the number of packets that can be queued in it varies for different types of ethernet MACs.  Having Having no software queue is especially beneficial on SMP systems because it removes the requirement to synchronize access to it from different CPUs/cores which is resource-intensive. Having the possibility to set "only-hardware-queue" requires support in an ethernet driver so it is available only for some ethernet interfaces mostly found on RouterBOARDs.

...

Random Early Drop is a queuing mechanism that tries to avoid network congestion by controlling the average queue size. The average queue size is compared to two thresholds: a minimum (minth) and a maximum (maxth) threshold. If the average queue size (avgq) is less than the minimum threshold, no packets are dropped. When the average queue size is greater than the maximum threshold, all incoming packets are dropped. But if the average queue size is between the minimum and maximum thresholds packets are randomly dropped with probability Pd where probability is exact a function of the average queue size: Pd = Pmax(avgq – minth)/ (maxth - minth). If the average queue grows, the probability of dropping incoming packets grows too. Pmax - ratio, which can adjust the packet discarding probability abruptness, (the simplest case Pmax can be equal to one. The 8.2 diagram shows the packet drop probability in the RED algorithm.

...

  • pcq-burst-rate (number): maximal upload/download data rate which can be reached while the burst for substream is allowed
  • pcq-burst-threshold (number): this is the value of burst on/off switch
  • pcq-burst-time (time): a period of time (in seconds) over which the average data rate is calculated. (This is NOT the time of the actual burst)

PCQ also allows using different size IPv4 and IPv6 networks as sub-stream identifiers. Before it was locked to a single IP address. This is done mainly for IPv6 as customers from an ISP point of view will be represented by /64 network, but devices in customers network will be /128. PCQ can be used for both of these scenarios and more. PCQ parameters:

...

PropertyDescription
cake-ack-filter (default: none )
cake-atm (default: )

Compensates for ATM cell framing, which is normally found on ADSL links.

cake-autorate-ingress (yes/no, default: )

Automatic capacity estimation based on traffic arriving at this qdisc. This is most likely to be useful with cellular links, which tend to change quality randomly.  The Bandwidth Limit parameter can be used in conjunction to specify an initial estimate. The shaper will periodically be set to a bandwidth slightly below the estimated rate.  This estimator cannot estimate the bandwidth of links downstream of itself.

cake-bandwidth (default: )Sets the shaper bandwidth.
cake-diffserv (default: diffserv3)

CAKE can divide traffic into "tins" based on the Diffserv field:

  • diffserv4 Provides a general-purpose Diffserv implementation with four tins: Bulk (CS1), 6.25% threshold, generally low priority. Best Effort (general), 100% threshold. Video (AF4x, AF3x, CS3, AF2x, CS2, TOS4, TOS1), 50% threshold. Voice (CS7, CS6, EF, VA, CS5, CS4), 25% threshold.

  • diffserv3 (default) Provides a simple, general-purpose Diffserv implementation with three tins: Bulk (CS1), 6.25% threshold, generally low priority. Best Effort (general), 100% threshold. Voice (CS7, CS6, EF, VA, TOS4), 25% threshold, reduced Codel interval.

cake-flowmode (dsthost/dual-dsthost/dual-srchost/flowblind/flows/hosts/srchost/triple-isolate, default: triple-isolate)
  • flowblind - Disables flow isolation; all traffic passes through a single queue for each tin.
  • srchost - Flows are defined only by source address. 
  • dsthost Flows are defined only by destination address. 
  • hosts - Flows are defined by source-destination host pairs. This is host isolation, rather than flow isolation.
  • flows - Flows are defined by the entire 5-tuple of source address, a destination address, transport protocol, source port, and destination port. This is the type of flow isolation performed by SFQ and fq_codel.
  • dual-srchost Flows are defined by the 5-tuple, and fairness is applied first over source addresses, then over individual flows. Good for use on egress traffic from a LAN to the internet, where it'll prevent anyone any LAN host from monopolizing the uplink, regardless of the number of flows they use.
  • dual-dsthost Flows are defined by the 5-tuple, and fairness is applied first over destination addresses, then over individual flows. Good for use on ingress traffic to a LAN from the internet, where it'll prevent anyone any LAN host from monopolizing the downlink, regardless of the number of flows they use.
  • triple-isolate - Flows are defined by the 5-tuple, and fairness is applied over source *and* destination addresses intelligently (ie. not merely by host-pairs), and also over individual flows.
  • nat Instructs Cake to perform a NAT lookup before applying flow- isolation rules, to determine the true addresses and port numbers of the packet, to improve fairness between hosts "inside" the NAT. This has no practical effect in "flowblind" or "flows" modes, or if NAT is performed on a different host.
  • nonat (default) The cake will not perform a NAT lookup. Flow isolation will be performed using the addresses and port numbers directly visible to the interface Cake is attached to.
cake-memlimit (default: )

Limit the memory consumed by Cake to LIMIT bytes. By default, the limit is calculated based on the bandwidth and RTT settings.

cake-mpu ( -64 ... 256, default: )

Rounds each packet (including overhead) up to a minimum length BYTES. 

cake-nat (default: no)

Instructs Cake to perform a NAT lookup before applying a flow-isolation rule.

cake-overhead ( -64 ... 256, default: )

Adds BYTES to the size of each packet. BYTES may be negative.

cake-overhead-scheme (default: )
cake-rtt (default: 100ms )

Manually specify an RTT. Default 100ms is suitable for most Internet traffic.

cake-rtt-scheme (datacentre/internet/interplanetary/lan/metro/none/oceanic/regional/satellite, default: )
  • datacentre - For extremely high-performance 10GigE+ networks only. Equivalent to RTT 100us.
  • lan - For pure Ethernet (not Wi-Fi) networks, at home or in the office. Don't use this when shaping for an Internet access link. Equivalent to RTT 1ms.
  • metro - For traffic mostly within a single city. Equivalent to RTT 10ms. regional For traffic mostly within a European-sized country. Equivalent to RTT 30ms.
  • internet (default) This is suitable for most Internet traffic. Equivalent to RTT 100ms.
  • oceanic - For Internet traffic with generally above-average latency, such as that suffered by Australasian residents. Equivalent to RTT 300ms.
  • satellite - For traffic via geostationary satellites. Equivalent to RTT 1000ms.
  • interplanetary - So named because Jupiter is about 1 light-hour from Earth. Use this to (almost) completely disable AQM actions. Equivalent to RTT 3600s.
cake-wash (default: no )

Apply the wash option to clear all extra DiffServ (but not ECN bits), after priority queuing has taken place.

...