HOW PCC WORKS (BEGINNER) HOW PCC WORKS This article aims to explain in simple terms how PCC

works. The definition from the official manual wiki page reads: "PCC takes selected fields from IP header, and with the help of a hashing algorithm converts selected fields into !"#it $al%e. This value then is di$ided by a specified &enominator and the remainder then is com'ared to a specified Remainder, if equal then packet will be ca't%red( You can choose from src"address) dst"address) src"'ort) dst"'ort from the header to use in this operation.", with the full number of fields available being: "#oth"addresses*#oth"'orts*dst"address" and"'ort*src"address*src"'ort*#oth"addresses"and"'orts*dst"address*dst"'ort*src"address"and" 'ort+. f you understand that definition, there!ll be nothing interesting in this article for you. "irst, here are the terms necessary to understand the definition. # packets have a header that contains several fields, two of those fields are the # address of the source of the packet and the # address of the destination of the packet. T$# and %&# packets also have headers that contain the source port and the destination port. &enominators and remainders are parts of mod%l%s operations. ' modulus operation produces the integer left over when you divide two numbers and only accept the whole number portion of the result. t is represented by a ( sign. )ere are some examples: , - ., because * divides cleanly by *. / , + ,, because the next smallest number to - that cleanly divides by * is *, and / " - 0( 1 , is ., because the next smallest number to / that divides cleanly by * is *, and 1 " - !( 2 , - .) #eca%se 2 di$ides cleanl3 #3 ( ' hash is a function that is fed input, and produces output. )ashes have many interesting properties, but the only important one for the purpose of this article is that hash functions are deterministic. That means that when you feed a hash function an input that reads !hello! and it produces the output !,!, you can rely on the fact that if you feed it !hello! a second time it will produce the output !,! again. 0hen you feed a hash function the same input, it will always produce the same output. 0hat exact hashing algorithm is used by #$$ is not important, so for this discussion let!s assume that when you feed it # addresses and ports, it 1ust adds up the octets of the # addresses as decimal numbers as well as the ports, and then takes the last digit and produces it as the output. )ere an example: The hash function is fed 0(0(0(0 as the so%rce IP address, 0.... as the source T$# port, !(!(!(! as the destination # address and 4. as the destination 5CP 'ort. The output will be 060606060....6!6!6!6!64. - 0..7!, the last digit of that is !, so the hash output is !. t will produce ! every time it is fed that combination of IP addresses and 'orts( 't this point it!s important to note that even though #$$ is most often used for spreading load across circuits, PCC itself has a#sol%tel3 nothing to do 8ith ro%ting) ro%ting mar9s or s'reading load( PCC is sim'l3 a 8a3 to match 'ac9ets, and not directly related to the action of then marking those matched packets even if that is its main purpose.

Here are three lines often %sed for PCC) 8ith their e:'lanation; <i' fire8all mangle add chain+prerouting action+mark2connection 3 new2connection2mark+0st=conn per2connection2classifier-src"address"and"'ort; <. <i' fire8all mangle add chain+prerouting action+mark2connection 3 new2connection2mark+!nd=conn per2connection2classifier-src"address"and"'ort; <0 <i' fire8all mangle add chain+prerouting action+mark2connection 3 new2connection2mark+ rd=conn per2connection2classifier-src"address"and"'ort; <! The first line means "produce the output of the hash function given the packet!s source # address and port, divide it by * and if the remainder is 4, perform the action of marking the connection as ,st5conn". The second line means "produce the output of the hash function given the packet!s source # address and port, divide it by * and if the remainder is ,, perform the action of marking the connection as .nd5conn". 'nd correspondingly the third line means "produce the output of the hash function given the packet!s source # address and port, divide it by * and if the remainder is ., perform the action of marking the connection as *rd5conn". )ere are what the different field options mean for the purpose of packet matching, these are the fields that will be fed into the hashing algorithm 6and, for the purpose of spreading load across links, decide what link a packet will be put on7. 8emember that a hash function will always produce the same input when it!s fed the same output:

src"address: The source address of a client will always be the same, so all traffic from a particular client will always match the same #$$ matcher, and will always be put on the same link. dst"address: The destination address of a specific server will always be the same, so all traffic to that server 6say, the 9ikrotik 0iki7 will always match the same #$$ matcher, and will always be put on the same link. #oth"addresses: The source and destination # pair between the same client and server will always be the same, so all traffic between one specific client and a specific server 6say, your laptop and the 9ikrotik 0iki7 will always match the same #$$ matcher, and will always be put on the same link. src"'ort: :ource ports of clients are usually randomly chosen when the connection is created, so across many connections different source ports will be fed into the hash function, and different #$$ matchers will match and traffic will go across different links. )owever, some client protocols always choose the same source port, and servers behind your router will mostly likely always use the same service port to send traffic back to their clients. ' web server behind your router would send most traffic from its )TT# 6;47 and )TT#: 6--*7 ports, and that traffic would always match the same #$$ matcher and would be put on the same link. dst"'ort: &estination ports of clients are usually well defined service ports, all )TT# 6;47 traffic between your clients and servers on the nternet would always match the same #$$ matcher,

and would be put on the same link. )owever, the same clients doing )TT#: 6--*7 traffic could match a different #$$ matcher, and would go across a different link. #oth"'orts: :ince the client port is 6usually7 randomly chosen, the combination of the two ports is 6usually7 random and will spread load across links. src"address"and"'ort; :ame caveat as src2port. dst"address"and"'ort; :ame caveat as dst2port. #oth"addresses"and"'orts; This is the most random way to spread traffic across links, since it has the most number of variables.

t!s important to note that even though the hash function discussed in this article is greatly simplified and not what is used in real life, it nicely demonstrates another property of hash functions: two completely different inputs can produce the same output. n our example, * ( * + 4, and < ( * + 4= we get back 4 when we feed it a * as well as when we feed it a <. The same is true for the actual function used for #$$, even though don!t know what it is we do know from the definition that it produces a *. bit value as output. # addresses are *. bit, and ports are ,< bit, so assuming that we!re using both2addresses2and2ports, we!d be feeding it *.>*.>,<>,< + ?< bits of input and would only receive *. bits back, so it must be producing the same output for different inputs. This means that two completely unrelated connections could match the same #$$ matcher, and would be put on the same line. #$$ works better the more connections you put across it so that the hash function has more chances to produce different outputs. am not entirely sure how #oth"addresses"and"'orts would behave when it comes across a packet that doesn!t have the concept of ports, such as GRE or ESP. would think it would classify 1ust based on both2addresses in that case, but don!t know for sure. f someone does know, please edit the article.