Optimizing Video Calls and Latency-Sensitive Traffic with DSCP on MikroTik

-

Optimizing Video Calls and Latency-Sensitive Traffic with DSCP on MikroTik

When running a busy home or office network, not all traffic is equal. Video calls, VoIP, online gaming, and remote access require low latency and minimal jitter to deliver a smooth experience. On the other hand, file transfers, web browsing, and email are more tolerant of delays.

This is where DSCP (Differentiated Services Code Point) comes in. By marking traffic with different DSCP values, we can tell downstream devices and ISPs which packets should be prioritized. Even if your ISP doesn’t fully honor DSCP tags, using them internally helps your own router and switches handle traffic more intelligently.

Why DSCP Instead of Queues?

Many administrators rely on MikroTik queues for traffic prioritization. Queues are powerful, but they can also introduce complexity and CPU overhead. In contrast, DSCP marking is lightweight and works by simply tagging packets. Later, if you want to enforce prioritization, you can build simple queues or trust your managed switches/ISP to use these markings.

In this guide, we’ll focus only on DSCP tagging, not shaping or queues.

The Logic Behind DSCP Values

Different applications benefit from different DSCP values. Here’s the mapping we’ll use:

  • 46 (EF – Expedited Forwarding): Best for VoIP / RTP voice packets

  • 34 (AF41): Suited for video calls (Zoom, Teams, Meet, Messenger, WhatsApp, etc.)

  • 26 (AF31): Good for gaming and other interactive traffic

  • 40 (CS5): Reserved for DNS (faster lookups = faster everything)

  • 18 (AF21): Remote access (SSH, RDP, VNC)

  • 10–14 (AF11–AF12): Web browsing and streaming

  • 8 (CS1): Background traffic like email and file transfers

  • 0 (Best Effort): Everything else

The MikroTik Script

Paste this into your MikroTik terminal:

/ip firewall mangle
add chain=forward protocol=udp packet-size=60-200 action=change-dscp new-dscp=46 comment="Voice RTP / VoIP"
add chain=forward protocol=udp packet-size=200-1500 action=change-dscp new-dscp=34 comment="Video Calls"
add chain=forward protocol=udp packet-size=60-500 action=change-dscp new-dscp=26 comment="Gaming / Interactive"
add chain=forward protocol=udp port=53 action=change-dscp new-dscp=40 comment="DNS UDP"
add chain=forward protocol=tcp port=53 action=change-dscp new-dscp=40 comment="DNS TCP"
add chain=forward protocol=tcp port=22,3389,5900-5901 action=change-dscp new-dscp=18 comment="Remote Access (SSH, RDP, VNC)"
add chain=forward protocol=tcp port=80,443 action=change-dscp new-dscp=10 comment="Web Browsing"
add chain=forward protocol=tcp port=80,443 packet-size=1000-1500 action=change-dscp new-dscp=14 comment="Web Streaming / Large Web"
add chain=forward protocol=tcp port=25,465,587,143,993,110,995 action=change-dscp new-dscp=8 comment="Email Services"
add chain=forward protocol=tcp port=20,21,445,873,6881-6999 action=change-dscp new-dscp=8 comment="File Transfer / P2P"
add chain=forward action=change-dscp new-dscp=0 comment="Default Best Effort"

Step-by-Step Setup in WinBox

1. Open the Mangle Rules Tab

  • In WinBox, go to:
    IP → Firewall → Mangle

You’ll see a blank list (or your existing rules).

2. Import the Script

  • Open New Terminal

  • Paste the script above

  • Press Enter

Now your mangle rules will appear with clear comments like “Video Calls” and “Gaming / Interactive”.

3. Verify in Torch

  • Go to Tools → Torch

  • Select your WAN interface (e.g., ether1 or pppoe-out1)

  • Start a video call (Zoom/Teams/WhatsApp)

  • In Torch, enable the DSCP column

You should now see packets tagged with values like:

  • 34 → video calls

  • 46 → voice

  • 26 → gaming

4. Check Firewall Counters

  • Go back to IP → Firewall → Mangle

  • Look at the Bytes and Packets counters

  • Start a call or game → the numbers increase

That confirms your rules are working.

Optional: DSCP-Aware Queues

DSCP marking is only tagging packets. If you want MikroTik to enforce prioritization:

  • Go to Queues → Queue Tree

  • Match traffic by DSCP values

  • Assign higher priority (1 = highest, 8 = lowest)

This ensures real-time traffic gets preferred treatment without starving downloads.

Sample result:


Wrapping Up

With just a few DSCP rules, you’ve:

  • Boosted quality for video calls and VoIP

  • Improved responsiveness for gaming and remote access

  • Kept background traffic like file transfers out of the way

This approach is simple, efficient, and works great as a foundation. Later, you can extend it with service-based address lists or DSCP-aware queues for even finer control.


Comments

Post a Comment

Popular posts from this blog

Suricata on Mikrotik(IDS+IPS) = Part 4 - Configuration of the IPS Part

-
Image
  Configuration Disclaimer:  this one again is only for  ubuntu 18.04  and login as  root  user to be sure Make sure you have a good understanding of the suricata rules before doing this This might cause some disconnection from the site or services you are visiting and even the internet if not properly configured. In the real environment it is best not to run as root user but for the sake of just testing it I opted to run as root configure the following rules on your mikrotik router: /ip firewall filter add action=drop chain=input comment="Block bad actors" src-address-list=Blocked /ip firewall filter add action=drop chain=forward comment="Drop any traffic going to bad actors" dst-address-list=Blocked create a user group with all policies checked except telnet create a user allowing your local addresses with the group you created earlier Lets Start ... 1.      Install PHP         apt install php -y 2.   Navigate...
Read more

Why upload comes first before download

-
Image
Before we dive into why upload comes first, let’s quickly define upload and download in data communication. Upload refers to sending data from your device to a remote server or another device. This happens when you send an email, upload a file to the cloud, or even just request a webpage. Download is the process of receiving data from a remote source to your device. This includes streaming videos, loading webpages, or saving files from the internet. Think of it like a conversation: when you ask someone a question (upload), they respond with an answer (download). The same applies to internet communication—before you can receive data, you must first send a request. Why Upload Comes First in Data Communication Now that we understand uploads and downloads, let’s put it in simple human terms. Imagine you’re having a conversation with a friend: You ask a question (Upload): Before your friend can give you an answer, you first need to say something—whether it’s a question, a request, or a ...
Read more

Suricata on Mikrotik(IDS+IPS) = Part 3 - Configuration of the IDS Part

-
Image
Configuration Disclaimer:  this one is only for ubuntu 18.04 and login as root user to be sure In the real environment it is best not to run as root user but for the sake of just testing it I opted to run as root configure the following rules on your mikrotik router: /tool sniffer set streaming-enabled=yes streaming-server=<ip_of_the_server> /tool sniffer set filter-ip-address=<an_example_filter_ip> tool sniffer print ; tool sniffer start ; tool snifer stop Lets Start ... 1.     Configure the correct time zone and NTP synchronization         systemctl start systemd-timesync           systemctl status systemd-timesyncd         dpkg-reconfigure tzdat a 2.     Add the suricata in the repository    add-apt-repository ppa:oisf/suricata-stable 3.     Update the package database:         ...
Read more