At a suggestion from over on the Mikrotik reddit I'm posting up here my mangle and queue configuration for running CAKE queueing with diffserve. Please feel free to use and modify to your needs.
This was the original queue tree setup I was using. https://gregsowell.com/?p=4665
As you can see it was a monster, but it worked better than anything I'd used at the time except for HFSC in pfSense, that was more of a monster to configure. Now that CAKE has come along I'm achieving the same with less than half the number of mangle rules, and only two queues, one up and one down.
Doing up the new mangles for CAKE I threw out most of what was there, and started with connection marking, I've named the connection marks for the diffserve class I want applied. Then another set of rules with the mark DSCP action grabs the relevant connection mark.
Here is a map of DSCP name to value https://en.wikipedia.org/wiki/Different ... s_Selector
Description of what CAKE tin carries which DSCP names https://help.mikrotik.com/docs/display/ROS/CAKE thats most of the way down the page under the Diffserv RFC2474 and RFC2475 heading.
So a quick practical example is deprioritising large downloads.First mark any HTTP connection. Then remark once the connection bytes have gone over an amount. Then set DSCP value on HTTP_BIG connection packets so CAKE will throw it in a lower priority tin once it's set to Diffserv4. You only have to set DSCP values on packets you want somewhere else then the default tin.
diffserv4 - The "diffserv4" preset provides a general-purpose Diffserv implementation with four tins: Bulk: This tin corresponds to CS1 (Class Selector 1) or LE (Low Extra), and it has a threshold of 6.25%. Traffic in this tin typically has a low priority.
Best Effort: This tin is for general traffic that doesn't fall into any specific Diffserv class. It has a threshold of 100%, meaning it receives all remaining bandwidth.
Video: This tin encompasses AF4x, AF3x, CS3, AF2x, CS2, TOS4, and TOS1. It has a threshold of 50%, providing a moderate priority for video traffic.
Voice: This tin covers CS7, CS6, EF (Expedited Forwarding), VA (Voice Admit), CS5, and CS4. It has a threshold of 25%, giving high priority to voice traffic.
The specific class you use doesn't matter for CAKE, and your ISP most likely ignores it anyway so the specific differences between them all are moot.
So using our tins above, CS1 will be placed into the bulk tin, CS1 is a DSCP value of 8.
You then need to make a set of the connection marking mangles for outbound traffic. You don't need to dupicate the change dscp rules because they work regardless of the interface.
Here is my current mangle and queue config.
This was the original queue tree setup I was using. https://gregsowell.com/?p=4665
As you can see it was a monster, but it worked better than anything I'd used at the time except for HFSC in pfSense, that was more of a monster to configure. Now that CAKE has come along I'm achieving the same with less than half the number of mangle rules, and only two queues, one up and one down.
Doing up the new mangles for CAKE I threw out most of what was there, and started with connection marking, I've named the connection marks for the diffserve class I want applied. Then another set of rules with the mark DSCP action grabs the relevant connection mark.
Here is a map of DSCP name to value https://en.wikipedia.org/wiki/Different ... s_Selector
Description of what CAKE tin carries which DSCP names https://help.mikrotik.com/docs/display/ROS/CAKE thats most of the way down the page under the Diffserv RFC2474 and RFC2475 heading.
So a quick practical example is deprioritising large downloads.First mark any HTTP connection. Then remark once the connection bytes have gone over an amount. Then set DSCP value on HTTP_BIG connection packets so CAKE will throw it in a lower priority tin once it's set to Diffserv4. You only have to set DSCP values on packets you want somewhere else then the default tin.
diffserv4 - The "diffserv4" preset provides a general-purpose Diffserv implementation with four tins: Bulk: This tin corresponds to CS1 (Class Selector 1) or LE (Low Extra), and it has a threshold of 6.25%. Traffic in this tin typically has a low priority.
Best Effort: This tin is for general traffic that doesn't fall into any specific Diffserv class. It has a threshold of 100%, meaning it receives all remaining bandwidth.
Video: This tin encompasses AF4x, AF3x, CS3, AF2x, CS2, TOS4, and TOS1. It has a threshold of 50%, providing a moderate priority for video traffic.
Voice: This tin covers CS7, CS6, EF (Expedited Forwarding), VA (Voice Admit), CS5, and CS4. It has a threshold of 25%, giving high priority to voice traffic.
The specific class you use doesn't matter for CAKE, and your ISP most likely ignores it anyway so the specific differences between them all are moot.
So using our tins above, CS1 will be placed into the bulk tin, CS1 is a DSCP value of 8.
You then need to make a set of the connection marking mangles for outbound traffic. You don't need to dupicate the change dscp rules because they work regardless of the interface.
Here is my current mangle and queue config.
Code:
/ip firewall mangleadd action=change-mss chain=forward disabled=yes new-mss=clamp-to-pmtu out-interface-list=WAN passthrough=yes protocol=tcp tcp-flags=synadd action=mark-packet chain=forward in-interface=ether1 new-packet-mark=wan-in passthrough=yesadd action=mark-connection chain=forward comment=HTTP connection-mark=no-mark connection-state=new new-connection-mark=HTTP passthrough=yes port=80,443 protocol=tcpadd action=mark-connection chain=forward connection-bytes=5000000-0 connection-mark=HTTP new-connection-mark=HTTP_BIG passthrough=yes protocol=tcpadd action=mark-connection chain=forward comment="XBox Live AF21 Low Latency" connection-state=new new-connection-mark=AF21 passthrough=yes port=3074,27015-27030,27036-27037 \protocol=tcpadd action=mark-connection chain=forward comment="XBox Live AF21 Low Latency" connection-state=new new-connection-mark=AF21 passthrough=yes port=\88,500,3074,3544,4380,4500,27000-27031,27036 protocol=udpadd action=mark-connection chain=forward comment="DNS CS6 Min Latency" connection-state=new new-connection-mark=CS6 passthrough=yes port=53 protocol=udpadd action=mark-connection chain=output comment="DNS CS6 Min Latency" connection-state=new new-connection-mark=CS6 passthrough=yes port=53 protocol=udpadd action=mark-connection chain=forward comment="DNS CS6 Min Latency" connection-state=new new-connection-mark=CS6 passthrough=yes port=53 protocol=tcpadd action=mark-connection chain=output comment="DNS CS6 Min Latency" connection-state=new new-connection-mark=CS6 passthrough=yes port=53 protocol=tcpadd action=mark-connection chain=forward comment="SSH CS2 Interactive Shell" connection-state=new new-connection-mark=CS2 passthrough=yes port=22 protocol=tcpadd action=mark-connection chain=forward comment="OSPF CS7 Network Control" connection-state=new new-connection-mark=CS7 passthrough=yes protocol=ospfadd action=change-dscp chain=forward comment="HTTP_BIG Background" connection-mark=HTTP_BIG new-dscp=8 passthrough=noadd action=change-dscp chain=forward comment="HTTP Best Effort" connection-mark=HTTP new-dscp=0 passthrough=noadd action=change-dscp chain=forward comment="XBox Live AF21 Low Latency" connection-mark=AF21 new-dscp=18 passthrough=noadd action=change-dscp chain=forward comment="DNS CS6 Min Latency" connection-mark=CS6 new-dscp=48 passthrough=noadd action=change-dscp chain=forward comment="SSH CS2 Interactive Shell" connection-mark=CS2 new-dscp=16 passthrough=noadd action=change-dscp chain=forward comment="OSPF CS7 Network Control" connection-mark=CS7 new-dscp=56 passthrough=noadd action=set-priority chain=postrouting new-priority=from-dscp passthrough=yes/ipv6 firewall mangleadd action=change-mss chain=forward new-mss=clamp-to-pmtu out-interface-list=WAN passthrough=yes protocol=tcp tcp-flags=synadd action=mark-packet chain=prerouting in-interface=ether1 new-packet-mark=wan-in passthrough=yesadd action=mark-connection chain=prerouting comment=HTTP connection-mark=no-mark connection-state=new new-connection-mark=HTTP passthrough=yes port=80,443 protocol=tcpadd action=mark-connection chain=prerouting connection-bytes=5000000-0 connection-mark=HTTP connection-rate=2M-100M new-connection-mark=HTTP_BIG passthrough=yes protocol=tcpadd action=mark-connection chain=prerouting comment="XBox Live AF21 Low Latency" connection-state=new new-connection-mark=AF21 passthrough=yes port=3074,27015-27030,27036-27037 \protocol=tcpadd action=mark-connection chain=prerouting comment="XBox Live AF21 Low Latency" connection-state=new dst-prefix=::/0 new-connection-mark=AF21 passthrough=yes port=\88,500,3074,3544,4380,4500,27000-27031,27036 protocol=udp src-prefix=::/0add action=mark-connection chain=prerouting comment="RIST AF21 Low Latency" connection-state=new new-connection-mark=AF21 passthrough=yes port=5000 protocol=udpadd action=mark-connection chain=prerouting comment="DNS CS6 Min Latency" connection-state=new new-connection-mark=CS6 passthrough=yes port=53 protocol=udpadd action=mark-connection chain=prerouting comment="SSH CS2 Interactive Shell" connection-state=new new-connection-mark=CS2 passthrough=yes port=22 protocol=tcpadd action=mark-connection chain=prerouting comment="OSPF CS7 Network Control" connection-state=new new-connection-mark=CS7 passthrough=yes protocol=ospfadd action=change-dscp chain=prerouting comment="HTTP_BIG Background" connection-mark=HTTP_BIG dst-prefix=::/0 new-dscp=8 passthrough=no src-prefix=::/0add action=change-dscp chain=prerouting comment="HTTP Best Effort" connection-mark=HTTP dst-prefix=::/0 new-dscp=0 passthrough=no src-prefix=::/0add action=change-dscp chain=prerouting comment="XBox Live AF21 Low Latency" connection-mark=AF21 dst-prefix=::/0 new-dscp=18 passthrough=no src-prefix=::/0add action=change-dscp chain=prerouting comment="DNS CS6 Min Latency" connection-mark=CS6 dst-prefix=::/0 new-dscp=48 passthrough=no src-prefix=::/0add action=change-dscp chain=prerouting comment="SSH CS2 Interactive Shell" connection-mark=CS2 dst-prefix=::/0 new-dscp=16 passthrough=no src-prefix=::/0add action=change-dscp chain=prerouting comment="OSPF CS7 Network Control" connection-mark=CS7 dst-prefix=::/0 new-dscp=56 passthrough=no src-prefix=::/0add action=set-priority chain=postrouting new-priority=from-dscp passthrough=yes/queue typeadd cake-ack-filter=filter cake-atm=ptm cake-bandwidth=17.0Mbps cake-diffserv=diffserv4 cake-nat=yes cake-overhead=22 cake-overhead-scheme=bridged-ptm cake-rtt-scheme=internet kind=cake name=cake-upadd cake-atm=ptm cake-bandwidth=57.0Mbps cake-diffserv=diffserv4 cake-nat=yes cake-overhead=22 cake-overhead-scheme=bridged-ptm cake-rtt-scheme=internet kind=cake name=cake-downadd kind=fq-codel name=fqcodel/queue interfaceset ether1 queue=fqcodelset ether2 queue=fqcodelset ether3 queue=fqcodelset ether4 queue=fqcodelset ether5 queue=fqcodelset wifi1 queue=fqcodelset wifi2 queue=fqcodel/queue tree# CAKE type with bandwidth setting detected, configure traffic limits within queue itselfadd bucket-size=0 name=WAN-Upload packet-mark=no-mark parent=ether1 queue=cake-up# CAKE type with bandwidth setting detected, configure traffic limits within queue itselfadd bucket-size=0 name=WAN-Download packet-mark=wan-in parent=bridge queue=cake-downStatistics: Posted by patc883 — Mon Mar 25, 2024 11:20 am