Another bit of helpful code for Mikrotik. We were getting some crackling on our VOIP phone system when the internet connection was maxed out, the following code let phone traffic run smoothly, based on the UDP ports the VOIP service uses. Adjust to your VOIP providers ports, and adjust your LAN targets as needed.
There are a few concepts to be aware of:
- Connection Marks — an identifying marker applied by the router to a connection passing through it. Markers are used for other rules to affect these connections.
- Packet Marks — an identifying market applied by the router, to the packets inside of a given connection. Markers will be used to escalate the priority of our RTP (Audio) Packets.
- SIP – VOIP Control Signalling Channels — e.g., Source phone > Target Phone + Extension, everything about the phone call.
- RTP – VOIP Audio Data — e.g. Compressed AAC audio content sent from the phone in packets.
- Mikrotik Queues — Basically, Quality of Service (QoS) pools of bandwidth, and reserving speed for a specific type of traffic (VOIP first, web-downloads last).
- Mikrotik Parent Queues — A total “pool” of available bandwidth, to be provided to children.
- Mikrotik Child Queues — A reserved portion of bandwidth assigned to a type of traffic that child is handling.
Note — If you have FastTrack enabled, it tends to bypass Queues, you may need to disable FastTrack to enforce your Queues, which may drastically increase CPU usage under high loads. For our RB3011-RM, running at 100Mbps, we hit 10-15% CPU load with fast-track disabled.
#Mark SIP Connections #These numbers are for our VOIP provider, 8x8, different providers have different numbers. #SIP All - Control:UDP/5060,5196-5199 # #RTP All - Audio:UDP/3478-3480,15044,2222-2269,16384-16404,30000-30040 ##RTP STUN:UDP/3478-3480 ##RTP Polycom Phones:UDP/2222-2269 ##RTP Linksys Phones:UDP/16384-16404 ##RTP AAC Audio:UDP/30000-30040 # # #You can change optionally add a dst-address for the IP or IP Address List of your VOIP Provider's Servers, I prefer to keep it simple and focus on ports. #Mark the SIP Connections with a Connection Mark. /ip firewall mangle add chain=forward protocol=tcp port=5060,5196-5199 action=mark-connection new-connection-mark=VOIP-SIP-Connection comment="Mark VOIP/SIP Connections" #Mark SIP Packets, inside of the marked SIP Connections. /ip firewall mangle add chain=forward connection-mark=VOIP-SIP-Connection action=mark-packet new-packet-mark=VOIP-SIP-Packet comment="Mark VOIP/SIP Packets" #Mark RTP Connections, change to the port number of your VOIP Calls /ip firewall mangle add action=mark-connection chain=forward new-connection-mark=VOIP-RTP-Connection port=3478-3480,15044,2222-2269,16384-16404,30000-30040 protocol=udp comment="Mark RTP Connections" #Mark RTP Packets, inside of the marked RTP Connections. These "rotate" port numbers rapidly, but are generated from the Connections. /ip firewall mangle add action=mark-packet chain=forward connection-mark=VOIP-RTP-Connection new-packet-mark=VOIP-RTP-Packet comment="Mark VOIP/RTP Packets" #Escalate the DSCP Value for the RTP packets to Critical Priority as they pass through the router. This should be respected even beyond our own network, but our ISP and further hops out. /ip firewall mangle add chain=postrouting action=change-dscp new-dscp=46 passthrough=yes packet-mark=VOIP-RTP-Packet comment="Change RTP Packets DSCP Value" # # #There are two types of queues: Parent (Total pool of bandwidth), and Child (Total consumer of bandwidth) #Prority, measured from 1 (Highest Priority/Most Important) to 8 (Lowest Priority/Least Important) # #Create a simple parent queue, with your total pool of bandwidth, for your target bridge or LAN subnet, syntax is Upload/Download. This is for a 20Mbps Upload, and 170Mbps Download internet connection. #Use your real-world numbers -- not what is on the ISP's account package! # #Create the Parent Queue. /queue simple add max-limit=20M/170M name="Office Parent Queue" target=192.168.1.0/24 #Create the Child Queue for RTP Traffic, priority 1/1 (Upload/Download). Each VOIP phone call takes up 256KBps, so 2M/2M is for 8 VOIP calls. /queue simple add limit-at=2M/2M max-limit=2M/2M name="VOIP-RTP Queue" parent="Office Parent Queue" target=192.168.1.0/24 priority=1/1 packet-mark=VOIP-RTP #Create the Child Queue for SIP Traffic, priority 2/2 /queue simple add limit-at=2M/2M max-limit=2M/2M name="VOIP-SIP Queue" parent="Office Parent Queue" target=192.168.1.0/24 priority=2/2 packet-mark=VOIP-SIP #Create the Child Queue for all unmarked traffic (everything else), priority 8/8. /queue simple add max-limit=15M/160M name="All Other Traffic" parent="Office Parent Queue" target=192.168.1.0/24 priority=8/8 packet-mark=no-mark # # #You can monitor if your marks are applying, through IP > Firewall > Connections > Add Column: Connection-Mark > Sort by Connection-Mark, and through watching Queues, and watching the trees colors during a speed test. Run a VOIP call while trying to max out the internet.