Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium


Mikrotik - QoS for VoIP traffic

Posted on 2011-05-05
Medium Priority
Last Modified: 2012-08-13
We have a Mikrotik wireless network  consisting of a few towers and a few offices connecting to them.

We struggle with voip call quality between these offices.  Sometimes it is one-way speech, or the calls just fades away and drops.

I am trying to implement QoS. I scanned the traffic and saw that the traffic going to and from the VoIP servers uses UDP with ports 2000 - 3000.

 I created firewall mangle rules with which I mark the packets as follow:  UDP ports 2000 - 3000 gets marked as "VoIP packets"   and all the other traffic (! 2000 - 3000 UDP) gets marked as "The Rest"
I created a Queue Trees as follow:

VoIP Queue Tree:
Packet-mark=VOIP packets,  Parent = Wireless default, Priority = 2

The Rest Queue Tree:
Packet-mark=The Rest,  Parent = Wireless default, Priority = 8

I read that one should leave Priority 1 for routing.

I created these rules and Queues on all the towers, but with no luck.

Can someone please assist me with this.

Question by:chosen-one
  • 3
  • 2
LVL 37

Expert Comment

ID: 35702840

if it is just the wireless part of the network you are concerned about, then you can often get good results just by turning on WMM support on the AP and cpe devices (look under WLAN 'wireless' properties)

but also you should try to be certain that it is a bandwidth issue and not a general wireless problem that is causing the trouble - are you using a proprietary wireless protocol (nstreme, nv2) on the wireless network?

Cheers,  Mike.

Author Comment

ID: 35726598
Hi meverest,

I am not using proprietary wirless protocol (nstreme,nv2) on my network.  

We had our main mikrotik gateway between the Lan with all the servers and the wireless network installed as a Xen virtual machine. We saw that there was ping time outs between the lan and this virtual machine. So we chnaged it over to a physical server on Friday. This solved the time-out ping problem. It happened apaarently because there is no Xen server tools available for mikrotik.

I enabled the WMM support as you suggested. We however still experience problems on the network - only on the VoIP part - the rest of the applications works 100%.

I then deleted all the queus and mangle rules that we created before.

I found an article on the internet and then added the following rule on our main router (border router):

/ip firewall mangle
add action=change-dscp chain=prerouting comment=“Voip Server"
disabled=no dst-address=  new-dscp=6

( is our VoiP servers)

I added the following on al our towers and ap's on the network, as well as on the routers installed at all the offices:

/ip firewall mangle
add action=set-priority chain=postrouting comment="Translate DSCP
Values into WMM priorities“ new-priority=from-dscp

So as it looks to me it will automatically give the VoIP traffic with the DSCP mark 6 higher priority all over the network as for the rest of the traffic which will be default have a DSCP mark of 0.

We still experience intermittent issues. It will work fine for a few hours, then all of a sudden one-way speech, or the calls will just fade away.
LVL 37

Accepted Solution

meverest earned 2000 total points
ID: 35737591

All good work that you have done, for sure!  There are only a few possible causes of the problem - it will either be related to transmission, or service/server.

If you are not using any proprietary protocol on your wireless network segments, then transmission problems are highly likely!  (also, enable WMM support as well, which will prioritise layer 2 network traffic based on DSCP bits set by your mangle rules!)

Enabling nv2 on your wireless will definitely improve overall performance - it may not solve all of your voice problems, but it will certainly improve performance overall!

It may be helpful for diagnostics to use 'torch' tool to watch voice traffic as it passes through various routers while a call is in progress.  This way you can then observe with some good accuracy just where the problem is occuring.  When the voice stream is working well, you should see bith tx and rx traffic detected on all routers, and they should all be approximately the same rate at all times (for a single call) - watch what happens when the call problems occur: you should notice that suddenly tx or rx drops when 'one way speech' occurs.  You can see which router is the first to show this problem which will give tyou some clues as to which part of the network is having difficulty.

Once you can get some understanding of *where* these problems are occuring, you will be in a much better position to design and implement a permanent solution.



Author Comment

ID: 35745742

Thanks again for the info!

Would you say it is still necessary to add separate Queues on the towers (AP's) to limit access to certain applications? Say for instance limit access to the proxy server port 8080 to say 1MB, access to the e-mail server to 1MB, or would the DSCP & WMM priorities do the job.

Thanks for all your suggestions so far.

LVL 37

Assisted Solution

meverest earned 2000 total points
ID: 35763366

you only need to add queues for other services if you want to make sure that the other prioritised traffic does not consume so much bandwidth that there is none left for the others!

i.e. use multiple queues to define minimum bandwidth reservations for other apps.


Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
Not everyone has adapted to a rapid advancement in technology; there are people who are reluctant or afraid to delve into this brave new world of IT. If you have a friend or a family member who suffers from the so-called technophobia, here is how yo…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…
Suggested Courses

581 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question