Manual:Queue: Difference between revisions

From MikroTik Wiki
Jump to navigation Jump to search
Line 175: Line 175:
Queue tree is not ordered - all traffic pass it together.
Queue tree is not ordered - all traffic pass it together.


[[Manual:HTB | Read more]] about HTB and see configuration examples.


===Flow Identifiers===
===Flow Identifiers===

Revision as of 14:30, 20 October 2011

Applies to RouterOS: 2.9, v3, v4


Sub Categories

List of reference sub-pages

Case studies

List of examples

Queue has no subpages to list.


Summary

Queues are used to limit and prioritize traffic:

  • limit data rate for certain IP addresses, subnets, protocols, ports, and other parameters
  • limit peer-to-peer traffic
  • prioritize some packet flows over others
  • configure traffic bursts for faster web browsing
  • apply different limits based on time
  • share available traffic among users equally, or depending on the load of the channel

Queue implementation in MikroTik RouterOS is based on Hierarchical Token Bucket (HTB). HTB allows to create hierarchical queue structure and determine relations between queues.

In RouterOS, these hierarchical structures can be attached at 4 different places:

  • global-in: represents all the input interfaces in general (INGRESS queue). Queues attached to global-in apply to traffic that is received by the router before the packet filtering
  • global-out: represents all the output interfaces in general (EGRESS queue).
  • global-total: represents all input and output interfaces together (in other words it is aggregation of global-in and global-out). Used in case when customers have single limit for both, upload and download.
  • <interface name>: - represents one particular outgoing interface. Only traffic that is designated to go out via this interface will pass this HTB queue.

There are two different ways how to configure queues in RouterOS:

  • /queue simple menu - designed to ease configuration of simple, everyday queuing tasks (such as single client upload/download limitation, p2p traffic limitation, etc.).
  • /queue tree menu - for implementing advanced queuing tasks (such as global prioritization policy, user group limitations). Requires marked packet flows from /ip firewall mangle facility.


Rate limitation principles

Rate limiting is used to control the rate of traffic flow sent or received on a network interface. Traffic which rate that is less than or equal to the specified rate is sent, whereas traffic that exceeds the rate is dropped or delayed.

Rate limiting can be performed in two ways:

  1. discard all packets that exceed rate limit – rate limiting (dropper or shaper) (100% rate limiter when queue-size=0)
  2. delay packets that exceed specific rate limit in queue and transmit its when it is possible – rate equalizing (scheduler) ''(100% rate equalizing when queue-size=unlimited)

Next figure explains difference between rate limiting and rate equalizing:

File:Image8001.gif

As you can see in first case all traffic exceeds specific rate and is dropped. In other case traffic exceeds specific rate and is delayed in queue and transmitted later when it is possible, but note that packet can be delayed only until queue is not full. If there is not more space in queue buffer, packets are dropped.

For each queue we can define two rate limits:

  • CIR (Committed Information Rate) – (limit-at in RouterOS) worst case scenario, flow will get this amount of traffic rate regardless of other traffic flows. At any given time, the bandwidth should not fall below this committed rate.
  • MIR (Maximum Information Rate) – (max-limit in RouterOS) best case scenario, maximum available data rate for flow, if there is free any part of bandwidth.

Simple Queues

Sub-menu: /queue simple


One configuration item in /queue simle' can create from 0 to 3 separate queues - one queue in global-in, one queue in global-out and one queue in global-total. If all properties of a queue have default values (no set limits, queue type is default), and queue has no children, then it is not actually created. This way, for exanple, creation of global-total queues can be avoided if only upload/download limitation is used.

Simple queues have strict order - each packet must go through every queue until it will meet conditions. (In case of 1000 queues, packet for last queue will need to proceed through 999 queues before it will reach the destination) {{{...}}}

Flow Identifiers

  • target-addresses (multiple choice: IP address/netmask) : list of IP address ranges that will be limited by this queue.
  • interface (Name of the interface, or all) : identifies interface the target is connected to. Useful when it is not possible to specify targets addresses.

Each of these two properties can be used to determine which direction is target upload and which is download.

Be careful to configure both of these options for the same queue - in case they will point to opposite directions queue will not work.

If neither value of target-addresses nor of interface is specified, the queue will not be able to make difference between upload and download, and will limit all traffic twice.

Other properties

  • name (Text) : Unique queue identifier that can be used as parent option value for other queues
  • direction (One of both, upload, download, none; default: both) : allow to enable one-directional limitation for simple queues (disable other direction)
    • both - limit both download and upload traffic
    • upload - limit only traffic to the target
    • download - limit only traffic from the target
  • time (TIME-TIME,sun,mon,tue,wed,thu,fri,sat - TIME is local time, all day names are optional; default: not set) : allow to specify time when particular queue will be active. Router must have correct time settings.
  • dst-address (IP address/netmask) : allows to select only specific stream (from target address to this destination address) for limitation explain what is target and what is dst and what is upload and what not
  • p2p (one of all-p2p, bit-torrent, blubster, direct-connect, edonkey, fasttrack, gnutella, soulseek, winmx; default: not set) : allow to select unencrypted packets of particular p2p for limitation
  • packet-marks (Comma separated list of packet mark names) : allows to use marked packets from /ip firewall mangle. Take look at the RouterOS packet flow diagram. It is necessary to mark packets before the simple queues (before global-in HTB queue) or else target's download limitation will not work. The only mangle chain before global-in is prerouting.

HTB Properties

  • parent (Name of parent simple queue, or none) : assigns this queue as a child queue for selected target {{{...}}}. Target queue can be HTB queue or any other previously created simple queue. In order for traffic to reach child queues, parent queues must capture all necessary traffic.
  • priority (1..8) : Prioritize one child queue over other child queue. Does not work on parent queues (if queue has at least one child). One is the highest, eight is the lowest priority. Child queue with higher priority will have chance to reach its limit-at before child with lower priority and after that child queue with higher priority will have chance to reach its max-limit before child with lower priority. Priority have nothing to do with bursts.
  • queue (SOMETHING/SOMETHING) : Choose the type of the upload/download queue. Queue types can be created in /queue type.
  • limit-at (NUMBER/NUMBER) : normal upload/download data rate that is guaranteed to a target
  • max-limit (NUMBER/NUMBER) : maximal upload/download data rate that is allowed for a target to reach to reach what
  • burst-limit (NUMBER/NUMBER) : maximal upload/download data rate which can be reached while the burst is active
  • burst-time (TIME/TIME) : period of time, in seconds, over which the average upload/download data rate is calculated. (This is NOT the time of actual burst)
  • burst-threshold (NUMBER/NUMBER) : when average data rate is below this value - burst is allowed, as soon as average data rate reach this value - burst is denied. (basically this is burst on/off switch). For optimal burst behavior this value should above limit-at value and below max-limit value

And corresponding options for global-total HTB queue:

  • total-queue (SOMETHING/SOMETHING): corresponds to queue
  • total-limit-at (NUMBER/NUMBER): corresponds to limit-at
  • total-max-limit (NUMBER/NUMBER): corresponds to max-limit
  • total-burst-limit (NUMBER/NUMBER): corresponds to burst-limit
  • total-burst-time (TIME/TIME): corresponds to burst-time
  • total-burst-threshold (NUMBER/NUMBER): corresponds to burst-threshold

Good practice suggests that:

Sum of children's limit-at values must be less or equal to max-limit of the parent.
Every child's max-limit must be less than max-limit of the parent. This way you will leave some traffic for the other child queues, and they will be able to get traffic without fighting for it with other child queues.


Statistics

  • rate (read-only/read-only) : average queue passing data rate in bytes per second
  • packet-rate (read-only/read-only) : average queue passing data rate in packets per second
  • bytes (read-only/read-only) : number of bytes processed by this queue
  • packets (read-only/read-only) : number of packets processed by this queue
  • queued-bytes (read-only/read-only) : number of bytes waiting in the queue
  • queued-packets (read-only/read-only) : number of packets waiting in the queue
  • dropped (read-only/read-only) : number of dropped packets
  • borrows (read-only/read-only) : packets that passed queue over its "limit-at" value (and was unused and taken away from other queues)
  • lends (read-only/read-only) : packets that passed queue below its "limit-at" value OR if queue is a parent - sum of all child borrowed packets
  • pcq-queues (read-only/read-only) : number of PCQ substreams, if queue type is PCQ

And corresponding options for global-total HTB queue:

  • total-rate (read-only): corresponds to rate
  • total-packet-rate (read-only): corresponds to packet-rate
  • total-bytes (read-only): corresponds to bytes
  • total-packets (read-only): corresponds to packets
  • total-queued-bytes (read-only): corresponds to queued-bytes
  • total-queued-packets (read-only): corresponds to queued-packets
  • total-dropped (read-only): corresponds to dropped
  • total-lends (read-only): corresponds to lends
  • total-borrows (read-only): corresponds to borrows
  • total-pcq-queues (read-only): corresponds to pcq-queues

Queue Tree

Sub-menu: /queue tree


Queue tree creates only one directional queue in one of the HTBs. It is also the only way how to add queue on the separate interface. This way it is possible to ease mangle configuration - you don't need separate marks for download and upload - only upload will get to Public interface and only download will get to Private interface.

Also it is possible to have double queuing (example:prioritization of traffic in global-in or global-out, limitation per client on the outgoing interface) If you have simple queues and queue tree in the same HTB - simple queues will get traffic first.

Queue tree is not ordered - all traffic pass it together.

Read more about HTB and see configuration examples.

Flow Identifiers

  • name (Text) : Unique queue identifier that can be used as parent option value for other queues
  • packet-marks (Comma separated list of) : allows to use marked packets from /ip firewall mangle. Take look at this packet flow diagram. You need to make sure that packets are marked before the simple queues (before global-in HTB queue)


HTB Properties

  • parent (Name of , or none) : assigns this queue as a child queue for selected target. Target queue can be HTB queue or any other previously created queue
  • priority (1..8) : Prioritize one child queue over other child queue. Does not work on parent queues (if queue has at least one child). One is the highest, eight is the lowest priority. Child queue with higher priority will have chance to reach its limit-at before child with lower priority and after that child queue with higher priority will have chance to reach its max-limit before child with lower priority. Priority have nothing to do with bursts.
  • queue (SOMETHING) : Choose the type of the queue. Queue types can be created here
  • limit-at (NUMBER) : normal data rate that is guaranteed to a target
  • max-limit (NUMBER) : maximal data rate that is allowed for a target to reach
  • burst-limit (NUMBER) : maximal data rate which can be reached while the burst is active
  • burst-time (TIME) : period of time, in seconds, over which the average data rate is calculated. (This is NOT the time of actual burst)
  • burst-threshold (NUMBER) : when average data rate is below this value - burst is allowed, as soon as average data rate reach this value - burst is denied. (basically this is burst on/off switch). For optimal burst behavior this value should above limit-at value and below max-limit value


Statistics

Command: /queue tree print stats


  • rate (read-only) : average queue passing data rate in bytes per second
  • packet-rate (read-only) : average queue passing data rate in packets per second
  • bytes (read-only) : number of bytes processed by this queue
  • packets (read-only) : number of packets processed by this queue
  • queued-bytes (read-only) : number of bytes waiting in the queue
  • queued-packets (read-only) : number of packets waiting in the queue
  • dropped (read-only) : number of dropped packets
  • borrows (read-only) : packets that passed queue over its "limit-at" value (and was unused and taken away from other queues)
  • lends (read-only) : packets that passed queue below its "limit-at" value OR if queue is a parent - sum of all child borrowed packets
  • pcq-queues (read-only) : number of PCQ substreams, if queue type is PCQ

Queue Types

Sub-menu: /queue type


This sub-menu lists by default created queue types and allows to add new user specific ones.

By default RouterOS creates following pre-defined queue types:

[admin@MikroTik] /queue type> print 
 0 name="default" kind=pfifo pfifo-limit=50 

 1 name="ethernet-default" kind=pfifo pfifo-limit=50 

 2 name="wireless-default" kind=sfq sfq-perturb=5 sfq-allot=1514 

 3 name="synchronous-default" kind=red red-limit=60 red-min-threshold=10 red-max-threshold=50 red-burst=20 
   red-avg-packet=1000 

 4 name="hotspot-default" kind=sfq sfq-perturb=5 sfq-allot=1514 

 5 name="only-hardware-queue" kind=none 

 6 name="multi-queue-ethernet-default" kind=mq-pfifo mq-pfifo-limit=50 

 7 name="default-small" kind=pfifo pfifo-limit=10 

Note: Starting from v5.8 there is new kind none and new default queue only-hardware-queue. All RouterBOARDS will have this new queue type set as default interface queue


Kinds

Queue kinds or Queuing (scheduling) algorithms describe which packet will be transmitted next in line. RouterOS supports several queuing algorithms:

  • BFIFO, PFIFO
  • RED
  • SFQ
  • PCQ


PFIFO and BFIFO

These queuing disciplines are based on the FIFO algorithm (First-In First-Out). The difference between PFIFO and BFIFO is that one is measured in packets and the other one in bytes.

Every packet that cannot be enqueued (if the queue is full), is dropped. Large queue sizes can increase latency, but utilize channel better.

These queues uses pfifo-limit and bfifo-limit parameters.

RED

Random Early Drop is a queuing mechanism which tries to avoid network congestion by controlling the average queue size. The average queue size is compared to two thresholds: a minimum (minth) and maximum (maxth) threshold. If average queue size (avgq) is less than the minimum threshold, no packets are dropped. When average queue size is greater than the maximum threshold, all incoming packets are dropped. But if the average queue size is between the minimum and maximum thresholds packets are randomly dropped with probability Pd where probability is exact a function of the average queue size: Pd = Pmax(avgq – minth)/ (maxth - minth). If average queue grows, the probability for dropping incoming packets grows too. Pmax - ratio, which can adjust the packet discarding probability abruptness, (the simplest case Pmax can be equal to one. The diagram in Figure 8.2. shows the packet drop probability in RED algorithm.

File:Image8002.gif

SFQ

Stochastic Fairness Queuing (SFQ) is ensured by hashing and round-robin algorithms. A traffic flow may be uniquely identified by a 4 options(src-address, dst-address, src-port and dst-port), so these parameters are used by SFQ hashing algorithm to classify packets into one of 1024 possible sub-streams. Then round-robin algorithm will start to distribute available bandwidth to all sub-streams, on each round giving sfq-allot bytes of traffic. The whole SFQ queue can contain 128 packets and there are 1024 sub-streams available.

File:Image8003.gif

SFQ is called "Stochastic" because it does not really allocate a queue for each flow, it has an algorithm which divides traffic over a limited number of queues (1024) using a hashing algorithm.

PCQ

Per Connection Queuing (PCQ) is a similar to SFQ, but it has additional features.

It is possible to choose flow identifiers (from dst-address | dst-port | src-address | src-port). For example if you classify flows by src-address on local interface (interface with your clients), each PCQ sub-stream will be one particular client's upload.
It is possible to assign speed limitation to sub-streams with pcq-rate option. If pcq-rate=0 sub-streams will divide available traffic equally.

More information and examples of PCQ are available here.

Properties

Properties that start with particular queue kind name, is applied only to particular kind. For example all properties starting with pcq applies only to queue kind=pcq.


Property Description
bfifo-limit (integer [1000..4294967295]; Default: 15000) Maximum number of bytes that the BFIFO queue can hold. Applies if kind is bfifo.
kind (bfifo | mq-pfifo | none | pcq | pfifo | red | sfq; Default: ) Kind of particular queue type. Read more >>
mq-pfifo-limit (integer [1..4294967295]; Default: 50) Multi-queue PFIFO limit.
name (string; Default: ) Descriptive name of queue type
pcq-burst-rate (integer [0..4294967295]; Default: 0) Maximal upload/download data rate which can be reached while the burst for substream is allowed
pcq-burst-threshold (integer [0..4294967295]; Default: 0) This is value of burst on/off switch
pcq-burst-time (time; Default: 10s) Period of time, in seconds, over which the average data rate is calculated. (This is NOT the time of actual burst)
pcq-classifier (list of src-address|dst-address|src-port|dst-port; Default: "") Selection of sub-stream identifiers
pcq-dst-address-mask (integer [0..32] | IPNetmask; Default: 32) size of IPv4 network that will be used as dst-address sub-stream identifier
pcq-dst-address6-mask (integer [0..128]; Default: 128) size of IPV6 network that will be used as dst-address sub-stream identifier
pcq-limit (integer [1..4294967295]; Default: 50) Queue size of single sub-stream (in KB)
pcq-rate (integer [ 0..4294967295]; Default: 0) Maximal available data rate of each sub-steam
pcq-src-address-mask (integer [0..32] | IPNetmask; Default: 32) size of IPv4 network that will be used as src-address sub-stream identifier
pcq-src-address6-mask (integer [0..128]; Default: 128) size of IPV6 network that will be used as src-address sub-stream identifier
pcq-total-limit (integer [1..4294967295]; Default: 2000) Queue size of single sub-stream (in KB)
pfifo-limit (integer [ 1..4294967295]; Default: 50) Maximum number of packets that the PFIFO queue can hold. Applies if kind is pfifo.
red-avg-packet (integer [ 1..65535]; Default: 1000) Used by RED for average queue size calculations (for packet to byte translation)
red-burst (integer [0..4294967295 ]; Default: 20) Number of packets allowed for bursts of packets when there are no packets in the queue
red-limit (integer [0..4294967295 ]; Default: 60) RED queue limit in packets
red-max-threshold (integer [0..4294967295 ]; Default: 50) The average queue size at which packet marking probability is the highest.
red-min-threshold (integer [0..4294967295 ]; Default: 10) Average queue size in bytes.
sfq-allot (integer [0..32767]; Default: 1514) Amount of data in bytes that can be sent in one round-robin round
sfq-perturb (integer [0..4294967295 ]; Default: 5) How often hash function must be refreshed

Interface Queue

Sub-menu: /queue interface


Before sending data over an interface, it is processed by the queue. This sub menu list all available interfaces in RouterOS and allows to change queue type for particular interface.

Note: You cannot add new interfaces to this menu. List is generated automatically.


Properties

Property Description
interface (string) Interface name to which queue is applied. Read-only parameter.
queue (string; Default: ) Queue type assigned to particular interface.


[ Top | Back to Content ]