Overview

This document defines Quality of Service (QoS) usage in RouterOS based on Marvell Prestera DX switch chips (CRS3xx, CRS5xx series switches, and CCR2116, CCR2216 routers).

QoS is a set of features in network switches that allow network administrators to prioritize traffic and allocate network resources to ensure that important data flows smoothly and with low latency.

The primary function of QoS in network switches is to manage network traffic in a way that meets the specific requirements of different types of network applications. For example, voice and video data require low latency and minimal packet loss to ensure high-quality communication, while file transfers and other data applications can tolerate higher levels of latency and packet loss.

QoS works by identifying the type of traffic flowing through the switch and assigning it a priority level based on its requirements. The switch can then use this information to alter packet headers and prioritize the flow of traffic, ensuring that higher-priority traffic is given preferential treatment over lower-priority traffic.

The current implementation is for QoS Phase 1 - QoS Marking (introduced in RouterOS v7.10).

Planned QoS implementation phases:

QoS Marking. QoS profile matching by ingress packet headers, then egress header alternation according to the assigned QoS profiles.
QoS Enforcement. Avoid or resolve congestion based on the assigned QoS profiles and traffic shaping.
QoS Policy. Assign QoS profiles via ACL rules.

QoS Terminology

These terms will be used throughout the article.

QoS - Quality of Service.
ACL - Access Control List, a set of switch rules used to filter network traffic based on specified criteria.
DSCP - Differentiated Services Code Point, a 6-bit field in the IP header used to prioritize network traffic.
PCP - Priority Code Point, a 3-bit field in the VLAN header used to prioritize traffic within a VLAN.

Basic Configuration Example

In this example, we define just one QoS level - VoIP (IP Telephony) on top of the standard "Best Effort" class. Let's imagine that we have a CRS326-24G-2S+ device where:

all ports are bridged and using vlan-filtering;
sfp-sfpplus1 is a VLAN trunk connected to another switch;
ether1-ether9 are dedicated ports for IP phones;
ether10-ether24 are standard ports for host connection;

First, we need to define QoS profiles. Defined dscp and pcp values will be used in forwarded packets on egress:

/interface ethernet switch qos profile
add dscp=46 name=voip pcp=5

Port-based QoS profile assignment on dedicated ports for IP phones applies to ingress traffic. Other Ethernet ports will use the default qos-profile (where dscp=0 and pcp=0):

/interface ethernet switch port
set ether1 qos-profile=voip
set ether2 qos-profile=voip
set ether3 qos-profile=voip
set ether4 qos-profile=voip
set ether5 qos-profile=voip
set ether6 qos-profile=voip
set ether7 qos-profile=voip
set ether8 qos-profile=voip
set ether9 qos-profile=voip

The trunk port receives both types of QoS traffic. We need to create VLAN priority mapping with the QoS profile and enable qos-trust-l2 to differentiate them:

/interface ethernet switch qos map vlan
add pcp=5 qos-profile=voip

/interface ethernet switch port
set sfp-sfpplus1 qos-trust-l2=trust

Finally, enable QoS hardware offloading for the above settings to start working:

/interface ethernet switch
set switch1 qos-hw-offloading=yes

It is possible to verify the port QoS profile and Layer2, and Layer3 trust settings with print qos command:

[admin@MikroTik] /interface/ethernet/switch/port print qos 
Columns: NAME, SWITCH, QOS-PROFILE, QOS-MAP, QOS-TRUST-L2, QOS-TRUST-L3
 # NAME          SWITCH   QOS-PROFILE  QOS-MAP  QOS-TRUST-L2  QOS-TRUST-L3
 0 ether1        switch1  voip         default  ignore        ignore      
 1 ether2        switch1  voip         default  ignore        ignore      
 2 ether3        switch1  voip         default  ignore        ignore      
 3 ether4        switch1  voip         default  ignore        ignore      
 4 ether5        switch1  voip         default  ignore        ignore      
 5 ether6        switch1  voip         default  ignore        ignore      
 6 ether7        switch1  voip         default  ignore        ignore      
 7 ether8        switch1  voip         default  ignore        ignore      
 8 ether9        switch1  voip         default  ignore        ignore      
 9 ether10       switch1  default      default  ignore        ignore      
10 ether11       switch1  default      default  ignore        ignore      
11 ether12       switch1  default      default  ignore        ignore      
12 ether13       switch1  default      default  ignore        ignore      
13 ether14       switch1  default      default  ignore        ignore      
14 ether15       switch1  default      default  ignore        ignore      
15 ether16       switch1  default      default  ignore        ignore      
16 ether17       switch1  default      default  ignore        ignore      
17 ether18       switch1  default      default  ignore        ignore      
18 ether19       switch1  default      default  ignore        ignore      
19 ether20       switch1  default      default  ignore        ignore      
20 ether21       switch1  default      default  ignore        ignore      
21 ether22       switch1  default      default  ignore        ignore      
22 ether23       switch1  default      default  ignore        ignore      
23 ether24       switch1  default      default  ignore        ignore      
24 sfp-sfpplus1  switch1  default      default  trust         ignore      
25 sfp-sfpplus2  switch1  default      default  ignore        ignore      
26 switch1-cpu   switch1

Now incoming packets on ports ether1-ether9 are marked with a Priority Code Point (PCP) value of 5 and a Differentiated Services Code Point (DSCP) value of 46, and incoming packets on ports ether10-ether24 are marked with PCP and DSCP values of 0. When packets are incoming to sfp-sfpplus1 port, any packets with a PCP value of 5 or higher will retain their PCP value of 5 and DSCP value of 46, while all other packets will be marked with PCP and DSCP values of 0.

Understanding Map ranges

To avoid the need to define all possible PCP and DSCP mappings, RouterOS allows setting the minimal PCP and DSCP values for QoS Profile mapping.

In the following example, PCP values 0-2 use the default QoS profile, 3-4 - streaming, 5 - voip, and 6-7 - control.

/interface ethernet switch qos map vlan
add pcp=3 qos-profile=streaming
add pcp=5 qos-profile=voip
add pcp=6 qos-profile=control

Since the pcp parameter identifies the minimum value, all packets with a higher PCP value match too. If such behavior is undesired, add mapping for higher values. The next example sets voip profile for pcp=5 only. Packets with PCP values 6 or 7 are reset back to the default profile.

/interface ethernet switch qos map vlan
add pcp=5 qos-profile=voip
add pcp=6 qos-profile=default

Understanding Port, Profile and Map relation

Each switch port has Layer2 and Layer3 trust settings, that will change how ingress packets are classified into QoS profiles and what PCP and DSCP values will be used. Below are tables that describe all possible options:

qos-trust-l2	qos-trust-l3	Behavior
ignore	ignore	The port is considered untrusted. Both headers are ignored, and the port's qos-profile is forced to all ingress packets. This is the default setting.
ignore	trust	Trust the Layer 3 header. Use the DSCP field from the IP header of ingress packets for QoS profile lookup (see `/in/eth/sw/qos/map/ip`). If the lookup fails (no QoS profiles are mapped to the given DSCP value), the default profile is used (not the switch port's qos-profile). The switch port's qos-profile field is used only for non-IP traffic.
ignore	keep	Trust the Layer 3 header. Use the DSCP field from the IP header of ingress packets for QoS profile lookup (see `/in/eth/sw/qos/map/ip`). If the lookup fails, the default profile is used. The switch port's qos-profile field is used only for non-IP traffic. If the forwarded/routed packet is VLAN-tagged, its PCP value is set from the selected QoS profile. However, the original DSCP value of the packet is kept intact.
trust	ignore	Trust the Layer 2 header but ignore L3. If an ingress packet is VLAN-tagged, use the PCP field from the VLAN header for QoS profile lookup (see `/in/eth/sw/qos/map/vlan`). If the lookup fails (no QoS profiles are mapped to the given PCP value), the default profile is used. The switch port's qos-profile field is used only for untagged traffic.
trust	trust	Trust both headers, but Layer 3 has higher precedence. In the case of an IP packet, use the DSCP field for QoS profile lookup (see `/in/eth/sw/qos/map/ip`). If the DSCP-to-QoS lookup fails, use the default profile. If the packet is not an IP packet but is VLAN-tagged, use the PCP field from the VLAN header for QoS profile lookup (see `/in/eth/sw/qos/map/vlan`). If the VLAN-to-QoS lookup fails, use the default profile. Non-IP untagged packets use the switch port's qos-profile.
trust	keep	The same as trust+trust, but the original DSCP value is preserved in forwarded/routed packets.
keep	ignore	Trust the Layer 2 header but ignore L3. If an ingress packet is VLAN-tagged, use the PCP field from the VLAN header for QoS profile lookup (see `/in/eth/sw/qos/map/vlan`). If the lookup fails (no QoS profiles are mapped to the given PCP value), the default profile is used. The switch port's qos-profile field is used only for untagged traffic. If the packet is VLAN-tagged on both ingress and egress, the original PCP value is kept.
keep	trust	Trust both headers, but Layer 3 has higher precedence. In the case of an IP packet, use the DSCP field for QoS profile lookup (see `/in/eth/sw/qos/map/ip`). If the DSCP-to-QoS lookup fails, use the default profile. If the packet is not an IP packet but is VLAN-tagged, use the PCP field from the VLAN header for QoS profile lookup (see `/in/eth/sw/qos/map/vlan`). If the VLAN-to-QoS lookup fails, use the default profile. Non-IP untagged packets use the switch port's qos-profile. If the packet is VLAN-tagged on both ingress and egress, the original PCP value is kept. The DSCP value in forwarded/routed packets is set from the selected QoS profile.
keep	keep	Trust both headers, but Layer 3 has higher precedence. In the case of an IP packet, use the DSCP field for QoS profile lookup (see `/in/eth/sw/qos/map/ip`). If the DSCP-to-QoS lookup fails, use the default profile. If the packet is not an IP packet but is VLAN-tagged, use the PCP field from the VLAN header for QoS profile lookup (see `/in/eth/sw/qos/map/vlan`). If the VLAN-to-QoS lookup fails, use the default profile. Non-IP untagged packets use the switch port's qos-profile. Keep both the original PCP and/or DSCP values intact in cases of VLAN-tagged and/or IP packets, respectively.

Port settings		The selected QoS profile and the source for PCP / DSCP field values in forwarded/routed packets
qos-trust-l2	qos-trust-l3	VLAN-Tagged IP			Untagged IP			VLAN-Tagged Non-IP			Untagged Non-IP
qos-trust-l2	qos-trust-l3	QoS Profile	PCP	DSCP	QoS Profile	PCP ¹	DSCP	QoS Profile	PCP	DSCP	QoS Profile	PCP ¹	DSCP
ignore	ignore	qos-profile	qos-profile	qos-profile	qos-profile	qos-profile	qos-profile	qos-profile	qos-profile	-	qos-profile	qos-profile	-
ignore	trust	map/ip	map/ip	map/ip	map/ip	map/ip	map/ip	qos-profile	qos-profile	-	qos-profile	qos-profile	-
ignore	keep	map/ip	map/ip	original	map/ip	map/ip	original	qos-profile	qos-profile	-	qos-profile	qos-profile	-
trust	ignore	map/vlan	map/vlan	map/vlan	qos-profile	qos-profile	qos-profile	map/vlan	map/vlan	-	qos-profile	qos-profile	-
trust	trust	map/ip	map/ip	map/ip	map/ip	map/ip	map/ip	map/vlan	map/vlan	-	qos-profile	qos-profile	-
trust	keep	map/ip	map/ip	original	map/ip	map/ip	original	map/vlan	map/vlan	-	qos-profile	qos-profile	-
keep	ignore	map/vlan	original	map/vlan	qos-profile	qos-profile	qos-profile	map/vlan	original	-	qos-profile	qos-profile	-
keep	trust	map/ip	original	map/ip	map/ip	qos-profile	map/ip	map/vlan	original	-	qos-profile	qos-profile	-
keep	keep	map/ip	original	original	map/ip	qos-profile	original	map/vlan	original	-	qos-profile	qos-profile	-

¹ applies only when ingress traffic is untagged, but the egress needs to be VLAN-tagged.

Property Reference

Switch settings

Sub-menu: /interface/ethernet/switch

Switch QoS settings (in addition to the existing ones).

Property	Description
qos-hw-offloading (yes \| no; Default: no)	Allows enabling QoS for the given switch chip (if the latter supports QoS).

Port settings

Sub-menu: /interface/ethernet/switch/port

Switch port settings (in addition to the existing ones). Assigns a QoS profile to ingress packets on the given port. The assigned profile can be changed via match rules if the port is considered trusted.

By default, ports are untrusted and receive the default QoS profile (Best-Effort, PCP=0, DSCP=0), where priority fields are cleared from the egress packets.

Property	Description
qos-map (name; Default: default)	Allows user-defined priority-to-profile mapping in the case of a trusted port or host (see `/in/eth/sw/qos/map`).
qos-profile (name; Default: default)	The name of the QoS profile to assign to the ingress packets by default (see `/in/eth/sw/qos/profile`).
qos-trust-l2 (ignore \| trust \| keep; Default: ignore)	Whenever to trust the Layer 2 headers of the incoming packets (802.1p PCP field): ignore - ignore L2 header; use the port's qos-profile value for all incoming packets; trust - use PCP field of VLAN-tagged packets for QoS profile lookup in qos-map. Untagged packets use the port's qos-profile value. Forwarded VLAN or priority-tagged packets receive the PCP value from the selected QoS profile (overwriting the original value). keep - trust but keep the original PCP value in forwarded packets.
qos-trust-l3 (ignore \| trust \| keep; Default: ignore)	Whenever to trust the Layer 3 headers of the incoming packets (IP DSCP field): ignore - ignore L3 header; use either L2 header or the port's qos-profile (depends on qos-trust-l2). trust - use DSCP field of IP packets for QoS profile lookup in qos-map. Forwarded/routed IP packets receive the DSCP value from the selected QoS profile (overwriting the original value). keep - trust but keep the original DSCP value in forwarded/routed packets.

L3 trust mode has higher precedence than L2 unless qos-trust-l3=ignore or the packet does not have an IP header.

Forwarded/routed packets obtain priority field values (PCP, DSCP) from the selected QoS profile, overwriting the original values, unless the respective trust mode is set to keep.

Commands (in addition to the existing ones).

Command	Description
print qos	Prints all QoS-related information in a human-friendly format.

QoS Settings

Sub-menu: /interface/ethernet/switch/qos

Almost the entire QoS HW configuration is located under /in/eth/sw/qos. Such an approach allows storing all QoS-related configuration items in one place, easy monitoring and exporting (/in/eth/sw/qos/export).

All QoS entries have two major flags:

H - Hardware-offloaded.
I - Inactive.

QoS Profile

Sub-menu: /interface/ethernet/switch/qos/profile

QoS profiles determine priority field values (PCP, DSCP) for the forwarded/routed packets. Congestion avoidance/resolution is based on QoS profiles. Each packet gets a QoS profile assigned based on the ingress switch port QoS settings (see /in/eth/sw/port).

Property	Description
dscp (integer: 0..63; Default: 0)	IPv4/IPv6 DSCP field value for the egress packets assigned to the QoS profile.
name (string; Default: )	The user-defined name of the QoS profile.
pcp (integer: 0..7; Default: 0)	VLAN priority value (IEEE 802.1q PCP - Priority Code Point). Used only if the egress packets assigned to the QoS profile are VLAN-tagged (have the 802.1q header). The value can be further altered via the QoS Egress Map.

QoS Mapping

Sub-menu: /interface/ethernet/switch/qos/map

Priority-to-profile mapping table(-s) for trusted packets. All switch chips have one built-in map - default. In addition, some models allow the user to define custom mapping tables and assign different maps to various switch ports via the qos-map property:

devices based on Marvell Prestera 98DX224S, 98DX226S, or 98DX3236 switch chip models support only one map - default.
devices based on Marvell Prestera 98DX8xxx, 98DX4xxx switch chips, or 98DX325x model devices support up to 12 maps (the default + 11 user-defined).

Property	Description
name (string; Default: )	The user-defined name of the mapping table.

`VLAN Map`

Sub-menu: /interface/ethernet/switch/qos/map/vlan

Matches VLAN priorities (802.1p PCP field) to QoS profiles. By default, all values are matched to the default QoS profile.

Property	Description
qos-map (name; Default: default)	The name of the mapping table.
qos-profile (name; Default: )	The name of the QoS profile to assign to the matched packets.
pcp (integer: 0..7; Default: 0)	Minimum VLAN priority (PCP) value for the lookup.

DSCP Map

Sub-menu: /interface/ethernet/switch/qos/map/ip

Matches DSCP values to QoS profiles.

Property	Description
dscp (integer: 0..63; Default: 0)	Minimum DSCP value for the lookup.
qos-map (name; Default: default)	The name of the mapping table. If not set, the standard (built-in) mapping table gets altered.
qos-profile (name; Default: )	The name of the QoS profile to assign to the matched packets.

Page tree

Quality of Service (QoS)