In what order are filter rules in advanced queue configurations processed?

Hi,

I've posted this kind of question in one of my advanced queue threads, but I need to go more deep and it needs to be really clear to me: In what order are the filter matches processed in the advanced queue treatment?

Scenario: A branch "WAN upload" classifies 3 subnets:

10.0.0.0/12: Core subnet

10.50.0.0/22: Guest subnet

10.32.0.0/16: Priority & VoIP subnet

For the guest subnet, a HFQ limits the maximum bandwith. It also classifies traffic with priority 7.

For the core and Prio subnet, a FQ_Codel takes care about the traffic. Priority is set to 4 (core) and 1 (Prio subnet).

To route the traffic to the leafs, there are filter rules matching etc. to the source networks 10.0.0.0/12 for the core.

But now I want to give my server's subnet, 10.0.1.x (which is basically 10.0.1.0/24 for a matching rule) a bit more priority. But creating a filter match for this to get that to a new leaf, will cause basically two matches of the filter:

- The servers will match on the filter for 10.0.0.0/12 as it's the core network

- The servers will also match on the filter for 10.0.1.0/24 as it's a server.

So I need to ensure that the servers are detected with the match for 10.0.1.0/24 first, so they get their "special treatment". For this I need to know in what order the matches are processed to make sure the first match is the 10.0.1.0/24 filter.

Second example: In my Prio subnet are CCTV cams, Media applications like my SAT>IP receiver, my TVHeadend server etc. to ensure that the feed from the satellite dish to the TVH server gets not interrupted in case of big file transfers in the core subnet.

Within the Prio subnet is my PBX located which in addition marks the VoIP packets with DSCP 46.

I want to give the PBX the priority 0, so it's priorized over the "rest" of the subnet. We have two matches again:

- The PBX is at 10.32.4.1, so the general "Prio subnet" filter matches (IP source 10.32.0.0/16).

- The packets from the PBX also matches a filter which looks for DSCP 46

So I need to take care that the DSCP 46 filter matches before the general 10.32.0.0/16 filter.

I hope I've described this in a way it can be understood (That's not my main language ;-) ... and I even more hope that someone of the UBNT staff can help me here. As the filter matches can't be sorted like the firewall rules, what's the order? Is it the ID number (ascending direction)?

Thanks for your support!