Queue tree nezachytí některý provoz

[jarapa]

Mám problém s Queue tree, někdy některý provoz prostě se nezachytí a nezaznamená nikam. Tudle jsem koukal - provoz frčel na max a Queue nic. Mangle a Queue tree mám udělaný podle Maxíka v podstatě. Verzi MK mám 4.17. je možný že je to verzí, protože tohle mi předtím asi chodilo, ale na tuty to říci nemohu, protože jak říkám nedělá to vždy.

Mám udělaný Queue tree následovně:

/queue tree
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=5M max-limit=8M name="Internet IN" packet-mark="" parent=global-out priority=8
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=512k max-limit=512k name="Internet OUT" packet-mark="" parent=global-out priority=8
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=512k max-limit=512k name="VoIP OUT" packet-mark=VoIP-OUT parent="Internet OUT" priority=2 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=5M max-limit=8M name="VIP IN" parent="Internet IN" priority=5
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=2M max-limit=8M name="Games VIP IN" packet-mark=games-VIP-IN parent="VIP IN" priority=4 queue=synchronous-default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=256k max-limit=8M name="Webshare VIP IN" packet-mark=ws-VIP-IN parent="VIP IN" priority=7 queue=synchronous-default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=256k max-limit=8M name="p2p VIP IN" packet-mark=p2p-VIP-IN parent="VIP IN" priority=8 queue=synchronous-default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=2M max-limit=8M name="www VIP IN" packet-mark=www-VIP-IN parent="VIP IN" priority=3 queue=synchronous-default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=1M max-limit=8M name="Email VIP IN" packet-mark=Email-VIP-IN parent="VIP IN" priority=5 queue=synchronous-default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=512k max-limit=512k name="VoIP IN" packet-mark=VoIP-IN parent="Internet IN" priority=2 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=2M max-limit=8M name="Users IN" parent="Internet IN" priority=6
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=1M max-limit=8M name="Email Users IN" packet-mark=Email-users-IN parent="Users IN" priority=5 queue=synchronous-default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=2M max-limit=8M name="Games Users IN" packet-mark=games-users-IN parent="Users IN" priority=4 queue=synchronous-default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=256k max-limit=3M name="Webshare Users IN" packet-mark=ws-users-IN parent="Users IN" priority=7 queue=synchronous-default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=256k max-limit=3M name="p2p Users IN" packet-mark=p2p-users-IN parent="Users IN" priority=8 queue=synchronous-default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=2M max-limit=8M name="www Users IN" packet-mark=www-users-IN parent="Users IN" priority=3 queue=synchronous-default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=384k max-limit=512k name="VIP OUT" parent="Internet OUT" priority=5
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=128k max-limit=512k name="Users OUT" parent="Internet OUT" priority=6
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=64k max-limit=512k name="Zbytek OUT" packet-mark=zbytek-OUT parent="Users OUT" priority=6 queue=synchronous-default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=256k max-limit=512k name="Email VIP OUT" packet-mark=Email-VIP-OUT parent="VIP OUT" priority=5 queue=synchronous-default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=384k max-limit=512k name="Games Users OUT" packet-mark=games-users-OUT parent="Users OUT" priority=4 queue=synchronous-default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=384k max-limit=512k name="Games VIP OUT" packet-mark=games-VIP-OUT parent="VIP OUT" priority=4 queue=synchronous-default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=128k max-limit=512k name="Webshare VIP OUT" packet-mark=ws-VIP-OUT parent="VIP OUT" priority=7 queue=synchronous-default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=128k max-limit=512k name="Webshare Users OUT" packet-mark=ws-users-OUT parent="Users OUT" priority=7 queue=synchronous-default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=128k max-limit=400k name="p2p VIP OUT" packet-mark=p2p-VIP-OUT parent="VIP OUT" priority=8 queue=synchronous-default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=348k max-limit=512k name="www VIP OUT" packet-mark=www-VIP-OUT parent="VIP OUT" priority=3 queue=synchronous-default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=64k max-limit=400k name="p2p Users OUT" packet-mark=p2p-users-OUT parent="Users OUT" priority=8 queue=synchronous-default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=348k max-limit=512k name="www Users OUT" packet-mark=www-users-OUT parent="Users OUT" priority=3 queue=synchronous-default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=50M max-limit=50M name=LAN packet-mark=LAN parent=global-out priority=8 queue=synchronous-default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=512k max-limit=4M name="Server IN" packet-mark=Server-IN parent="Internet IN" priority=7 queue=synchronous-default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=128k max-limit=384k name="Server OUT" packet-mark=Server-OUT parent="Internet OUT" priority=7 queue=synchronous-default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=512k max-limit=4M name="Zbytek IN" packet-mark=zbytek-IN parent="Users IN" priority=6 queue=synchronous-default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=256k max-limit=512k name="Email Users OUT" packet-mark=Email-users-OUT parent="Users OUT" priority=5 queue=synchronous-default

a mangle řízení provozu:

/ip firewall mangle
add action=mark-routing chain=prerouting comment="" disabled=no dst-address=\
10.0.0.0/16 new-routing-mark=main passthrough=yes src-address=10.0.0.0/16
add action=change-mss chain=forward comment="" disabled=no in-interface=\
"Inet.PPPoE T-mobile" new-mss=1452 protocol=tcp tcp-flags=syn tcp-mss=\
1453-65535
add action=change-mss chain=forward comment="" disabled=no new-mss=1452 \
out-interface="Inet.PPPoE T-mobile" protocol=tcp tcp-flags=syn tcp-mss=\
1453-65535
add action=add-src-to-address-list address-list=VoIP address-list-timeout=1d \
chain=prerouting comment="VoIP - zji\9A\9Dov\E1n\ED a z\E1pis do addressli\
stu - v ppodstat\EC k ni\E8emu" disabled=yes dst-port=5060-5070 protocol=\
udp src-address=10.0.0.0/16
add action=mark-routing chain=prerouting comment=\
"Ozna\E8en\ED pro p\F8esm\ECrov\E1n\ED na Airway" disabled=no \
new-routing-mark=Airway passthrough=no src-address-list=Airwaynet
add action=mark-routing chain=prerouting comment="" disabled=yes \
new-routing-mark=main passthrough=no protocol=tcp src-address=10.0.20.3 \
src-port=8291
add action=jump chain=forward comment="Klass Servers" disabled=no \
jump-target=Server src-address-list=Server
add action=jump chain=forward comment="" disabled=no dst-address-list=Server \
jump-target=Server
add action=jump chain=forward comment="Klass Games" disabled=no jump-target=\
Games protocol=tcp src-port=3724,6881-6999
add action=jump chain=forward comment="" disabled=no dst-port=3724,6881-6999 \
jump-target=Games protocol=tcp
add action=jump chain=forward comment="Klass Email" disabled=no jump-target=\
Email protocol=tcp src-port=\
25,110,143,993,995,119,563,465,691,389,636,379
add action=jump chain=forward comment="" disabled=no dst-port=\
25,110,143,993,995,119,563,465,691,389,636,379 jump-target=Email \
protocol=tcp
add action=jump chain=forward comment="Klass VoIP" disabled=no jump-target=\
VoIP src-address-list=VoIP
add action=jump chain=forward comment="" disabled=no dst-address-list=VoIP \
jump-target=VoIP
add action=jump chain=forward comment="" connection-type=sip disabled=no \
jump-target=VoIP
add action=jump chain=forward comment=Webshare connection-type=ftp disabled=\
no jump-target=Webshare
add action=jump chain=forward comment="" disabled=no jump-target=Webshare \
src-address-list=webshare
add action=jump chain=forward comment="" disabled=no dst-address-list=\
webshare jump-target=Webshare
add action=jump chain=forward comment="Klass p2p" disabled=no jump-target=p2p \
p2p=all-p2p
add action=jump chain=forward comment="Klass Web" disabled=no jump-target=Web \
protocol=tcp src-port=80,443,8080
add action=jump chain=forward comment="" disabled=no dst-port=80,443,8080 \
jump-target=Web protocol=tcp
add action=jump chain=forward comment="Klass Zbytek" disabled=no jump-target=\
Zbytek
add action=change-dscp chain=Email comment="Zm\ECna TOS" disabled=no \
new-dscp=8
add action=change-dscp chain=Games comment="" disabled=no new-dscp=16
add action=change-dscp chain=Web comment="" disabled=no new-dscp=8
add action=change-dscp chain=Webshare comment="" disabled=no new-dscp=2
add action=change-dscp chain=p2p comment="" disabled=no new-dscp=0
add action=change-dscp chain=VoIP comment="" disabled=no new-dscp=16
add action=mark-packet chain=Server comment="Ozna\E8en\ED serverov\E9 komunika\
ce - www, ftp a jin\E9 p\F8\EDstupy na servery" disabled=no \
dst-address-list=Server in-interface="Inet.PPPoE T-mobile" \
new-packet-mark=Server-IN passthrough=no
add action=mark-packet chain=Server comment="" disabled=no new-packet-mark=\
Server-OUT out-interface="Inet.PPPoE T-mobile" passthrough=no \
src-address-list=Server
add action=mark-packet chain=Games comment="Ozna\E8en\ED Gamesn\EDk\F9" \
disabled=no dst-address-list=!VIP in-interface="Inet.PPPoE T-mobile" \
new-packet-mark=games-users-IN passthrough=no
add action=mark-packet chain=Games comment="" disabled=no new-packet-mark=\
games-users-OUT out-interface="Inet.PPPoE T-mobile" passthrough=no \
src-address-list=!VIP
add action=mark-packet chain=Games comment="" disabled=no dst-address-list=\
VIP in-interface="Inet.PPPoE T-mobile" new-packet-mark=games-VIP-IN \
passthrough=no
add action=mark-packet chain=Games comment="" disabled=no new-packet-mark=\
games-VIP-OUT out-interface="Inet.PPPoE T-mobile" passthrough=no \
src-address-list=VIP
add action=mark-packet chain=Email comment="Ozna\E8en\ED emailu" disabled=no \
dst-address-list=!VIP in-interface="Inet.PPPoE T-mobile" new-packet-mark=\
Email-users-IN passthrough=no
add action=mark-packet chain=Email comment="" disabled=no new-packet-mark=\
Email-users-OUT out-interface="Inet.PPPoE T-mobile" passthrough=no \
src-address-list=!VIP
add action=mark-packet chain=Email comment="" disabled=no dst-address-list=\
VIP in-interface="Inet.PPPoE T-mobile" new-packet-mark=Email-VIP-IN \
passthrough=no
add action=mark-packet chain=Email comment="" disabled=no new-packet-mark=\
Email-VIP-OUT out-interface="Inet.PPPoE T-mobile" passthrough=no \
src-address-list=VIP
add action=mark-packet chain=Webshare comment=\
"Ozna\E8en\ED paket\F9 pro webshare" disabled=no dst-address-list=!VIP \
in-interface="Inet.PPPoE T-mobile" new-packet-mark=ws-users-IN \
passthrough=no
add action=mark-packet chain=Webshare comment="" disabled=no new-packet-mark=\
ws-users-OUT out-interface="Inet.PPPoE T-mobile" passthrough=no \
src-address-list=!VIP
add action=mark-packet chain=Webshare comment="" disabled=no \
dst-address-list=VIP in-interface="Inet.PPPoE T-mobile" new-packet-mark=\
ws-VIP-IN passthrough=no
add action=mark-packet chain=Webshare comment="" disabled=no new-packet-mark=\
ws-VIP-OUT out-interface="Inet.PPPoE T-mobile" passthrough=no \
src-address-list=VIP
add action=mark-packet chain=p2p comment="Ozna\E8en\ED p2p" disabled=no \
dst-address-list=!VIP in-interface="Inet.PPPoE T-mobile" new-packet-mark=\
p2p-users-IN passthrough=no
add action=mark-packet chain=p2p comment="" disabled=no new-packet-mark=\
p2p-users-OUT out-interface="Inet.PPPoE T-mobile" passthrough=no \
src-address-list=!VIP
add action=mark-packet chain=p2p comment="" disabled=no dst-address-list=VIP \
in-interface="Inet.PPPoE T-mobile" new-packet-mark=p2p-VIP-IN \
passthrough=no
add action=mark-packet chain=p2p comment="" disabled=no new-packet-mark=\
p2p-VIP-OUT out-interface="Inet.PPPoE T-mobile" passthrough=no \
src-address-list=VIP
add action=mark-packet chain=Web comment="Ozna\E8en\ED www surfov\E1n\ED" \
disabled=no dst-address-list=!VIP in-interface="Inet.PPPoE T-mobile" \
new-packet-mark=www-users-IN passthrough=no
add action=mark-packet chain=Web comment="" disabled=no new-packet-mark=\
www-users-OUT out-interface="Inet.PPPoE T-mobile" passthrough=no \
src-address-list=!VIP
add action=mark-packet chain=Web comment="" disabled=no dst-address-list=VIP \
in-interface="Inet.PPPoE T-mobile" new-packet-mark=www-VIP-IN \
passthrough=no
add action=mark-packet chain=Web comment="" disabled=no new-packet-mark=\
www-VIP-OUT out-interface="Inet.PPPoE T-mobile" passthrough=no \
src-address-list=VIP
add action=mark-packet chain=VoIP comment=\
"Ozna\E8en\ED VoIP telefon\F9 ven do internetu" disabled=no \
dst-address-list=VoIP in-interface="Inet.PPPoE T-mobile" new-packet-mark=\
VoIP-IN passthrough=no
add action=mark-packet chain=VoIP comment="" disabled=no new-packet-mark=\
VoIP-OUT out-interface="Inet.PPPoE T-mobile" passthrough=no \
src-address-list=VoIP
add action=mark-packet chain=Zbytek comment="Ozna\E8en\ED zbytku" disabled=no \
in-interface="Inet.PPPoE T-mobile" new-packet-mark=zbytek-IN passthrough=\
no
add action=mark-packet chain=Zbytek comment="" disabled=no new-packet-mark=\
zbytek-OUT out-interface="Inet.PPPoE T-mobile" passthrough=no
add action=mark-packet chain=Zbytek comment=\
"Ozna\E8en\ED co fr\E8\ED v LAN - prost\EC to co nejde do internetu" \
disabled=no new-packet-mark=LAN passthrough=no
add action=return chain=Server comment="Zp\ECt do Forwardu" disabled=no
add action=return chain=Games comment="" disabled=no
add action=return chain=Email comment="" disabled=no
add action=return chain=VoIP comment="" disabled=no
add action=return chain=Webshare comment="" disabled=no
add action=return chain=p2p comment="" disabled=no
add action=return chain=Web comment="" disabled=no
add action=return chain=Zbytek comment="" disabled=no

[carcharias]

Dobrý den, nechci zakládat nové téma, neb nadpis by byl zřejmě stejný. Jedná se mi o to že na WAN interfejsu přitéká cca 2.5Mb ale v Queue TREE je v top -> global-in pouze avg rate 31kb. kde je ten zbytek ? NEbo to mám špatně nastaveno ?

[hapi]

uka mangle ale steně bych tě nejradši přerazil. Kde náš vyplněný limit at?

[pepulis]

Pres torch se podivje, co ti to tece do netu = provoz z jake ip adresy. Pak se podivej, jestli mas tu ip adresu v mangle a pokud ano, jestli u ni naskakuji data (logicky musi, pokud je v torchu z jeji strany nejaky trafik). Pak zkontroluj jestli uvedene mangle mas v QT.

[carcharias]

Myslím že mám mangle v pořádku. Nastaveno to mám ještě ze školení mikrotiku. Každopádně se tam ten provoz nezobrazuje.

[hapi]

protože na školení mikrotiku tě naučí hov**. Máš manglovat ve forwardu s definování interfaců a shapovat na global-out.

[carcharias]

No to je pěkné. To jsem slyšet nechtěl. Věřil jsem že pokud mě školí někdo kdo má certifikát od mikrotiku tak mě to vysvětlí správně. Nicméně můžeš rozvést tvůj návrh. Stačí jen změnit mangle na forward s interfejsem a ip a quote na global out ?

[reset]

heh, matka ma certa na MS Office a neumi to ani zapnout, natoz v tom cokoliv napsat.
Certa na vas.
kolik jich chces vytisknout? ... na toaletak

[hapi]

no pravda je že jestli můžeš dostat certifikát na cokoliv po 8 hodinách školení, tak je to špatný.

Ono by to fungovalo ale nesmíš natovat.

Předně, základní mangle v global-in neni možný pro download když ten stroj i natuje. Teda je ale s upravenym IMQ v linuxu. Protože to co ti zvenku přijde na router, má veřejnou cílovou ip adresu a ne tu správnou vnitřní. Ta se tam přepíše až co projde preroutingem a mangle je bohužel předtim pokud to mikrotik neupravil. Nicméně pro obecnej postup pokus omyl, si dej na hlavní paretny global-out a mangle na forwarding. To je obecnej začátek a až ho rozjedeš, můžeš pokračovat dál. pak si dát pozor na src a dsr address, tedy kam co vyplňuješ aby jsi to nevotočil. Pokud nezadáš interface v mangle, nemusíš se moc starat a nějak se trefíš. Pro ulehčení můžeš vytvořit dvě pravidla, se stejnym markem ale jedno bude mít ipčko na dst a druhý na src. Obojí forward. Dál defakto nic. No a koukej jestli ti tudy něco teče. Pak si uděláš QT a nastavíš tam ty marky co jsou v mangle. Zase to samí, dvě pravidla. Horší je, že se ti budou zachytávat v jednom QT nejspíš oba směry. Takže místo global-out nastavíš wanovej iface a u druhý pravidla nastavíš lanovej iface a zase na to budeš čumět jestli to ty pakety zachytí.

Taky bych chtěl brát prachy za takový školení