Mikrotik + UFB

Forums › New Zealand Broadband › Mikrotik + UFB

MadEngineer

2207 posts

Uber Geek

Trusted

#156072 18-Nov-2014 13:25

Nice little article this one: http://www.geekzone.co.nz/sbiddle/8744 -- setting up a Mikrotik for VLAN tagging to connect between any router and your ONT.

I'm interested in the P802.1p aspects of this article.

My set up is with a Mikrotik acting as my main router for my network while also allowing me to connect Orcon's router in its default configuration (but with WiFi turned off as Mikrotik's is better:)) to a dedicated VLAN10 tagged LAN port so I continue to have VoIP.

Something I've added as I've seen it used elsewhere is the addition of setting priority from ingress:

/ip firewall mangle add action=set-priority chain=forward new-priority=from-ingress

When logging is enabled for this I see it is applying to all traffic, including when I make calls.

Another thing, I play a lot of TF2 and in-game pings to the Orcon server are 5ms which would have to be wire-speed (*cough* lightspeed? *cough*) considering I'm in Palmerston North and I'm wondering if it's even true. The in-game pings will be real traffic and not ICMP of course. ICMP pings to Orcon are 7-10ms but of course ICMP isn't prioritised. To think that my in-game responses are acknowledged faster than a pixel on some peoples LCD monitors can change colour is impressive.

It's my thought that in the article by Steve Biddle with his bridge example that one should be adding

/interface bridge filter add action=set-priority chain=forward mac-protocol=ip new-priority=from-ingress

y/n/thoughts/educateme?

MadEngineer

2207 posts

Uber Geek

Trusted

#1182328 24-Nov-2014 19:11

OK, so this might be getting a bit ISP-specific (move by admin welcomed), unless I'm just Doing It Wrong ...

From my Orcon router I see it employs DSCP. My Mikrotik is showing logs that VoIP traffic (picking up the handset and making a call) is coming through on priority 6, when Chorus specify anything other than priority 5 is low.

Resulting log of changing the Genius router traffic with new DSCP (TOS) to from priority - it was 6, now 5 (and rules to change priority to 5):

sbiddle

29282 posts

Uber Geek

Moderator

Trusted

Biddle Corp

Lifetime subscriber

#1182347 24-Nov-2014 19:26

With your setup I wouldn't see why you'd be worried about 802.1p tagging internally. The main use of 802.1p tagging is upstream, but that carries some risks as I've been told (and I've been meaning to add this to my post) that some ISPs are apparently restricting traffic types that can use the CIR, presumably to mitigate any issues that could result from people saturating it

MadEngineer

2207 posts

Uber Geek

Trusted

#1182357 24-Nov-2014 19:54

I don't follow you with the suggesting im tagging internally. I'm trying to ensure that the data tagged for priority continues to have that tag. Certainly not trying to tag LAN-LAN traffic

My Orcon router is 'internal' in that it's not getting a WAN IP and is NAT'd. The only traffic the Orcon router generates is VoIP

sbiddle

29282 posts

Uber Geek

Moderator

Trusted

Biddle Corp

Lifetime subscriber

#1182362 24-Nov-2014 20:04

But 802.1p tags can't exist on your LAN unless you're running the Genius own it's own VLAN - an 802.1p tag can't exist unless it's inside a 802.1Q VLAN.

MadEngineer

2207 posts

Uber Geek

Trusted

#1182363 24-Nov-2014 20:06

as per my my OP the mikrotik is serving that to the genius. I'm also seeing the prioritised traffic from the Genius (on priority 6, as per my logs) on the Mikrotik

michaelmurfy

/dev/null
9635 posts

Uber Geek

Moderator

Trusted

Lifetime subscriber

#1182413 24-Nov-2014 21:26

MadEngineer: as per my my OP the mikrotik is serving that to the genius. I'm also seeing the prioritised traffic from the Genius (on priority 6, as per my logs) on the Mikrotik

How I've done it is with traffic queueing - my rules are messy but they work well especially on more saturated connections (Pastebin to config dump) - the only thing is the Mikrotik is not 100% on Skype traffic and can sometimes put other traffic as Skype but for the most-part it works OK but this also means that torrents for example can't 100% saturate your connection (they're classed as other-in) which for my case is excellent.

To load simply copy + paste the rules into the Terminal (making sure you interface is set correctly, mine is pppoe-out1 so just do a find and replace with your outbound interface name).

Then, to edit your queues go into Queues in Winbox and simply edit the Max Limit to what you like - this is for my 100/50mbit connection:

Anyway, since I am with Spark I don't have SIP or any of that fancy stuff but it'll give you a head start, you should be-able to create a mangle + queue rule for your tagged traffic but the above rules should work pretty well too.

MadEngineer

2207 posts

Uber Geek

Trusted

#1182942 25-Nov-2014 18:41

Ah yes, queues

I'd use that should I switch to an ISP that doesn't employ 802.1Q but I'm in preference to making use of what's provided

sbiddle

29282 posts

Uber Geek

Moderator

Trusted

Biddle Corp

Lifetime subscriber

#1182963 25-Nov-2014 19:23

MadEngineer: Ah yes, queues

I'd use that should I switch to an ISP that doesn't employ 802.1Q but I'm in preference to making use of what's provided

Such a setup will work regardless of VLAN tagging and if you drop the VLAN tagging you have no upstream CIR component.

MadEngineer

2207 posts

Uber Geek

Trusted

#1183044 25-Nov-2014 22:50

Is Chorus dedicating a few Mb/s for CIR? It might explain the difference shown by truenet with the other providers getting over 30mbit

MadEngineer

2207 posts

Uber Geek

Trusted

#1183055 25-Nov-2014 23:49

And would love some documentation on the DSCP tagging

sbiddle

29282 posts

Uber Geek

Moderator

Trusted

Biddle Corp

Lifetime subscriber

#1183089 26-Nov-2014 07:28

MadEngineer: Is Chorus dedicating a few Mb/s for CIR? It might explain the difference shown by truenet with the other providers getting over 30mbit

As you've clear read my post it might pay to fully read it.

UFB headline speeds have *NO* CIR component to them.. None at all. It's an EIR. Your speedtest.net could deliver you 1Mbps and it would be in spec.

CIR is only accessible with the correct 802.1p tagging and truenet do NOT test this.

With the flaws in their methodology and the way over dimensioning occurs on fibre Truenet testing is going to become completely worthless as we move forward - it already has so many flaws any results should only be taken with a grain of salt anyway.

As for the results showing that they show - that's very simply. UFB speeds are at layer 2, not layer 2. Truenet test at layer 3. IP and PPPoE overheads also reduce speeds to those tests show Chorus performing fully within spec. Enable and UFF began overdimensioning their products earlier than Chorus to compensate for this, and most people on Chorus 30/10 plans are likely to still be on older plans.

sbiddle

29282 posts

Uber Geek

Moderator

Trusted

Biddle Corp

Lifetime subscriber

#1183090 26-Nov-2014 07:29

MadEngineer: And would love some documentation on the DSCP tagging

Google it - it's pretty basic stuff.

MadEngineer

2207 posts

Uber Geek

Trusted

#1183255 26-Nov-2014 12:52

I meant the dscp tags - aren't these ISP specific and not published? Orcon and their provided router for example, as per my image above is tagging the VoIP call as 46

sbiddle

29282 posts

Uber Geek

Moderator

Trusted

Biddle Corp

Lifetime subscriber

#1183269 26-Nov-2014 13:16

46 is as close as you get to a standard for VoIP, many brands of hardware use it as the default for RTP traffic.

MadEngineer

2207 posts

Uber Geek

Trusted

#1183363 26-Nov-2014 14:56

Cheers. Googling for dscp decimal 46 tells me what I needed there and makes sense. :)