MUM 2006 USA/DiffServ
From MikroTik Wiki
Striving for performance, reliability, speed, all those things combine in something known as Quality of Service, we introduce RouterOS operation in DiffServ mode. From this we can learn some new tips and tricks how to operate complex networks to ease router configuration and increase client satisfaction with the service provided
[edit] What is DiffServ
What is this Quality of Service (QoS) thing all about? Its goal is to use the available resources effectively, and improve user experience and satisfaction with your service, allowing you to run a prosperous business. QoS is what unites everything related to making routing decisions, providing reliable service with failover capabilities, utilizing most of the available network resources, respecting different application requirements. A big part of router functionality may be considered to contribute to the Quality of Service: routing, failover operation, shaping and queueing, partially even the firewall.
The Internet Protocol has been developed to provide best-effort service in data networks, without acknowledging different requirements of the applications using these networks. It was assumed that each application and each user has the same right on the data channel, and statistically, each network application received the same treatment as any other. Unfortunately, growing demand for low latency (IP telephony) or other special services proved this approach not to deliver the appropriate treatment for each and every application. Moreover, ISPs who tend to provide differently priced services, which leads to the need for packet prioritiation and scheduling on the network infrastructure. To address this, the IETF has developed two approaches for sharing network resources between different applications and making the network more aware of the types of traffic it handles - the Integrated Services QoS (IntServ) and the Differentiated Services QoS (DiffServ, DS).
While IntServ tend to provide very precise resource allocation based on the requirements of each application (communicated with a special protocol, called RSVP (Resource Reservation Protocol)), it requires both support on the application level, and enormous resources on the packet forwarding equipment (as IntServ is stateful, and thus requires all the concurrent connections to be tracked at each router along the path, which id quite problemmatic in highspeed links and internet backbones). On the other hand, the Diffserv stateless approach, according to RFC 2638, should "keep the forwarding path simple, push complexity to the edges of the network to the extent possible". The DiffServ architecture delivers a rather coarse traffic differentiation based on the special marking transferred along with the packets within the DS domain. The byle-long ToS field is employed for this purpose, and is renamed accordingly to the DSCP (Differentiated Services Code Point) byte, of which the standard reserves 2 bits for future use (although actual implementations sometimes do not respect this, allowing 256 possible DSCP values, insead of only 64 as per standard). This distinguishes between Behavior Aggregates (BA) - a set of flows that share the same DSCP mark, and thus receive identical treatment within the DS domain.
The DSCP marks are put on the DS domain edge routers, so the main load is put on them. Interior routers are relieved from the expensive operations, and mostly acting based on the set of Per Hop Behavior (PB) actions, which are defined for each DSCP value. The PHB may define the allocated data rate, priority, sometimes also filter set for a particular BA to apply on a particular router.
Another technique of similar properties - pushing complexity to the edge routers and differentiating hop behavior based on marking transmitted along with packets - is called MPLS (MultiProtocol Label Switching) protocol, which is a new ultrafast packet switching protocol based on arbitrary labels instead of addresses. Thus, MPLS implementations do not examine IP headers and hence avoid expensive lookups in large routing tables; they are just following what labels say them to do. MPLS and DiffServ are even used together in many networks in order to combine label scheduling of DS and label switching of MPLS. In many situations, the worldwide dominant IP protocol is the only thing it is required of the infrastructure to forward, so in many cases there is no need for Multi Protocol part of MPLS term, but Label Switching, although not as rapidly as by MPLS implementations, may as well be performed by DiffServ routers capable of policy routing.
[edit] Implementing DiffServ in RouterOS
The DSCP mark is transmitted inside each IP packet You can work with full DSCP field using firewall mangle facility (it is called "tos" there). Note the reserved bits (two least significant bits) if you want to respect the standards, as this facility works with the whole byte. Once read, a set of firewall rules may be applied. A packet may as well be marked with an internal flow mark (to use in queues) or routing mark (to use in policy routing). You can also change DSCP marks of any packets.
For example,
to put a DSCP mark 48 on all DNS traffic, do:
/ip firewall mangle add protocol=udp src-port=53 action=change-tos new-tos=48 /ip firewall mangle add protocol=udp dst-port=53 action=change-tos new-tos=48 /ip firewall mangle add protocol=tcp src-port=53 action=change-tos new-tos=48 /ip firewall mangle add protocol=tcp dst-port=53 action=change-tos new-tos=48
to put a routing mark "sip" to all packets from the 10.0.0.2 server with DSCP=64, do:
/ip firewall mangle add tos=64 src-address=10.0.0.2 action=mark-routing routing-mark=sip
