Syed Jahanzaib – Personal Blog to Share Knowledge !

December 7, 2011

Mikrotik Howto give PiNG / iCMP high Priority

Filed under: Mikrotik Related — Tags: , , , — Syed Jahanzaib / Pinochio~:) @ 3:20 PM

caution-you-ping-me-i-blow-your-head[1]
Mikrotik Queuing is heuristic , means every packet leaving mikrotik destined to your IP is capped, even ICMP/PING too.

So when client starts browsing or downloading any data , there will be less or no bandwidth available for PING/ ICMP packets and ping result from client to mikrotik OR to internet will be observing frequent timeout and high latency (in case of full usage of allocated bandwidth)

As shown in the image below …

highi_ping

 

NOTE:

It is recommended to limit (BUT DONOT BLOCK ICMP AS IT IS REQUIRED BY MANY  MONITORING / CONNECTIVITY ASPECTS) .

Task: Simply mark icmp packets and and create a queue that allows more bandwidth to icmp marked packets. Make sure to move all these rules on top of other rules.

 

1- EXAMPLE OF PING/ICMP QUEUE USING SIMPLE QUEUE [overall capping]

###########################################
# PING/ICMP Priority Script for Mikrotik to avoid timeout on user standard queue being used full
# Checked on Mikrotik 5 / 6.x versions
# Syed Jahanzaib / aacable @ hotmail . com
# https://aacable.wordpress.com
###########################################

# Connection PACKET marking for ICMP, for 6.x ROS versions
/ip firewall mangle
add action=mark-packet chain=forward new-packet-mark=icmp_pkts passthrough=no protocol=icmp
add action=mark-packet chain=input new-packet-mark=icmp_pkts passthrough=no protocol=icmp
add action=mark-packet chain=prerouting new-packet-mark=icmp_pkts passthrough=no protocol=icmp
add action=mark-packet chain=postrouting new-packet-mark=icmp_pkts passthrough=no protocol=icmp
add action=mark-packet chain=output new-packet-mark=icmp_pkts passthrough=no protocol=icmp

/queue simple
add max-limit=5M/5M name=ICMP_Priority packet-marks=icmp_pkts target=""

Note: Make sure to move all these rules in Mangle & Queue RULE on top of other rules.

Result after implementing above code.

ping ok

2- SECOND EXAMPLE OF PING/ICMP QUEUE USING PCQ TREE | (FOR PER USER DISTRIBUTION)

The following script will mark icmp packets and will allow 32k per user for icmp traffic via PCQ / QUEUE TREE

/ip firewall mangle
add action=mark-packet chain=prerouting comment="Mark ICMP I / zaib" new-packet-mark=ping_pkts_i protocol=icmp
add action=mark-packet chain=postrouting comment="Mark ICMP O / zaib" new-packet-mark=ping_pkts_o protocol=icmp
/queue type
add kind=pcq name="ping_pkts_i_32K" pcq-classifier=dst-address pcq-dst-address6-mask=64 pcq-rate=32k pcq-src-address6-mask=64
add kind=pcq name="ping_pkts_o_32K" pcq-classifier=src-address pcq-dst-address6-mask=64 pcq-rate=32k pcq-src-address6-mask=64
/queue tree
add name=ping_pkts_i packet-mark=ping_pkts_i parent=global-out queue="ping_pkts_i_32K / zaib"
add name=ping_pkts_o packet-mark=ping_pkts_o parent=global-out queue="ping_pkts_o_32K / zaib"

 

TIP: You can also use PRIORITY based queuing to give priority to ICMP packets from user own queue over other protocols.

 

Regard’s
Syed Jahanzaib