I have two queues, one for download and one for upload, then I have two magle rules and I'm marking packets download/upload.
It is working fine for internet traffic and I'm getting very nice numbers from bufferbload test. Unfortunately it's also limiting my LAN traffic and I can not wrap my head around it, when I can use only IN interfaces.
If I try to move things over LAN, the upload queue is active and limiting the transfer speed.
Code: Select all
# 2024-03-18 10:44:41 by RouterOS 7.14.1
# model = C53UiG+5HPaxD2HPaxD
/interface bridge
add name=bridge1 vlan-filtering=yes
/interface vlan
add interface=bridge1 name=vlan10 vlan-id=10
add interface=bridge1 name=vlan20 vlan-id=20
add interface=bridge1 name=vlan30 vlan-id=30
add interface=bridge1 name=vlan40 vlan-id=40
add interface=bridge1 name=vlan50 vlan-id=50
/interface pppoe-client
add add-default-route=yes default-route-distance=10 disabled=no interface=\
ether2 name=pppoe-out1
/interface list
add comment="Internet connections" name=WAN
add comment="Local wireless network" name=WLAN
add comment="Local network" include=WLAN name=LAN
/interface lte apn
set [ find default=yes ] default-route-distance=20 ip-type=ipv4 \
use-network-apn=no use-peer-dns=no
/ip pool
add name=pool10 ranges=10.10.0.100-10.10.0.200
add name=pool20 ranges=10.20.0.100-10.20.0.200
add name=pool30 ranges=10.30.0.100-10.30.0.200
add name=pool40 ranges=10.40.0.100-10.40.0.200
add name=pool50 ranges=10.50.0.100-10.50.0.200
/ip dhcp-server
add address-pool=pool10 interface=vlan10 name=server10
add address-pool=pool20 interface=vlan20 name=server20
add address-pool=pool30 interface=vlan30 name=server30
add address-pool=pool40 interface=vlan40 name=server40
add address-pool=pool50 interface=vlan50 name=server50
/queue type
add cake-diffserv=diffserv4 cake-flowmode=dual-dsthost cake-nat=yes \
cake-rtt-scheme=internet kind=cake name=cake-download
add cake-diffserv=diffserv4 cake-flowmode=dual-srchost cake-nat=yes \
cake-rtt-scheme=internet kind=cake name=cake-upload
/queue tree
add max-limit=5M name=queue1 packet-mark=upload parent=global queue=\
cake-upload
add max-limit=24M name=queue2 packet-mark=download parent=global queue=\
cake-download
/interface bridge port
add bridge=bridge1 frame-types=admit-only-vlan-tagged interface=ether1
add bridge=bridge1 frame-types=admit-only-untagged-and-priority-tagged \
interface=ether3 pvid=20
add bridge=bridge1 frame-types=admit-only-untagged-and-priority-tagged \
interface=ether4 pvid=10
add bridge=bridge1 frame-types=admit-only-untagged-and-priority-tagged \
interface=wifi1 pvid=30
add bridge=bridge1 frame-types=admit-only-untagged-and-priority-tagged \
interface=wifi2 pvid=30
add bridge=bridge1 frame-types=admit-only-untagged-and-priority-tagged \
interface=wifi3 pvid=40
add bridge=bridge1 frame-types=admit-only-untagged-and-priority-tagged \
interface=wifi4 pvid=50
/ipv6 settings
set disable-ipv6=yes
/interface bridge vlan
add bridge=bridge1 tagged=bridge1,ether1 untagged=ether4 vlan-ids=10
add bridge=bridge1 tagged=bridge1,ether1 untagged=ether3 vlan-ids=20
add bridge=bridge1 tagged=bridge1,ether1 untagged=wifi1,wifi2 vlan-ids=30
add bridge=bridge1 tagged=bridge1,ether1 untagged=wifi3 vlan-ids=40
add bridge=bridge1 tagged=bridge1,ether1 untagged=wifi4 vlan-ids=50
/interface list member
add interface=vlan10 list=LAN
add interface=vlan20 list=LAN
add interface=vlan30 list=LAN
add interface=vlan40 list=LAN
add interface=vlan50 list=LAN
add interface=pppoe-out1 list=WAN
add interface=lte1 list=WAN
add interface=ether2 list=WAN
add interface=wifi1 list=WLAN
add interface=wifi2 list=WLAN
add interface=wifi3 list=WLAN
add interface=wifi4 list=WLAN
/ip address
add address=10.10.0.1/24 interface=vlan10 network=10.10.0.0
add address=10.20.0.1/24 interface=vlan20 network=10.20.0.0
add address=10.30.0.1/24 interface=vlan30 network=10.30.0.0
add address=10.40.0.1/24 interface=vlan40 network=10.40.0.0
add address=10.50.0.1/24 interface=vlan50 network=10.50.0.0
add address=192.168.1.2/30 interface=ether2 network=192.168.1.0
/ip dhcp-server network
add address=10.10.0.0/24 dns-server=10.20.0.10 gateway=10.10.0.1 ntp-server=\
10.10.0.1
add address=10.20.0.0/24 dns-server=10.20.0.10 gateway=10.20.0.1 ntp-server=\
10.20.0.1
add address=10.30.0.0/24 dns-server=10.20.0.10 gateway=10.30.0.1 ntp-server=\
10.30.0.1
add address=10.40.0.0/24 dns-server=10.20.0.10 gateway=10.40.0.1 ntp-server=\
10.40.0.1
add address=10.50.0.0/24 dns-server=10.20.0.10 gateway=10.50.0.1 ntp-server=\
10.50.0.1
/ip dns
set servers=10.20.0.10
/ip firewall filter
add action=accept chain=input connection-state=established,related,untracked
add action=drop chain=input connection-state=invalid
add action=accept chain=input protocol=icmp
add action=accept chain=input dst-port=123 protocol=udp
add action=accept chain=input dst-address=127.0.0.1
add action=accept chain=input in-interface=vlan10
add action=accept chain=input in-interface=ether5
add action=drop chain=input
add action=accept chain=forward connection-state=\
established,related,untracked
add action=drop chain=forward connection-state=invalid
add action=accept chain=forward dst-address=10.20.0.10 dst-port=53 \
in-interface-list=LAN protocol=tcp
add action=accept chain=forward dst-address=10.20.0.10 dst-port=53 \
in-interface-list=LAN protocol=udp
add action=accept chain=forward in-interface-list=LAN out-interface-list=WAN
add action=accept chain=forward connection-nat-state=dstnat
add action=drop chain=forward disabled=yes
/ip firewall mangle
add action=mark-packet chain=prerouting in-interface-list=WAN \
new-packet-mark=download passthrough=yes
add action=mark-packet chain=prerouting in-interface-list=LAN \
new-packet-mark=upload passthrough=yes
/ip firewall nat
add action=masquerade chain=srcnat out-interface-list=WAN
Before queues: With queues:
