Okay,
I have had my queues working ok, using the Tree's but I would like to move to Simple queues as they allow me to set an overall max speed (rx and tx) for each queue. My setup before was:
OutBound Internet Traffic - CIR 1024, MIR 2048
-- Customer Queue limited to say CIR 131 MIR 256
Inbound Internet Traffic - CIR 1024, MIR 2048
-- Customer Queue limited to say CIR 131 MIR 256
Local Traffic - CIR 5Mbps, MIR 10Mbps
-- Customer Queue limited to say CIR 1Mbps MIR 10Mbps
This was working fine but I need to limit each customer to 256K total and I cant seem to do that with trees. If anyone thinks I can I'd love to know.
So I've just setup simple queues instead with one queue per customer
X.X.X.X CIR 131072/131072 MIR 256/256 Total CIR 131072 Total MIR 256
And have left Tree Queues for the local traffic.
Now my problem is how can I set an overall limit on my External Interface, before with trees the top of the tree limited the overall bandwidth and caused the kick in for CIR's .. So any ideas? I basically need to limit all the simple queues I create as a group to allow a CIR/MIR of 2048. or directly limit the speed of the External Interface (which is an ethernet card)
Thanks,
Bill
Hmm I tried that, but it didnt mark the traffic flow in both directions....
I initally tried controlling the flow with one mangle and one tree rule, but it was only effective on traffic in one direction.
I ended up using the following settings for the tree queues:
add dst-address=202.124.100.2/32 action=passthrough \
mark-flow=202.124.100.2_In comment="" disabled=no
add src-address=202.124.100.2/32 action=passthrough \
mark-flow=202.124.100.2_Out comment="" disabled=no
add name="202.124.100.2_Out" parent="Out Queue" flow=202.124.100.2_Out \
limit-at=131072 queue=default priority=8 max-limit=262144 burst-limit=0 \
burst-threshold=0 burst-time=0 disabled=no
add name="202.124.100.2_In" parent="In Queue" flow=202.124.100.2_In \
limit-at=131072 queue=default priority=8 max-limit=262144 burst-limit=0 \
burst-threshold=0 burst-time=0 disabled=no
I basically had a set of these for each customer. Problem is they can in theory when download and uploading use 512K when they should only be able to use 256.
If I have missed something I'll be glad to be proved wrong ;)
Thanks,
Bill
I initally tried controlling the flow with one mangle and one tree rule, but it was only effective on traffic in one direction.
I ended up using the following settings for the tree queues:
add dst-address=202.124.100.2/32 action=passthrough \
mark-flow=202.124.100.2_In comment="" disabled=no
add src-address=202.124.100.2/32 action=passthrough \
mark-flow=202.124.100.2_Out comment="" disabled=no
add name="202.124.100.2_Out" parent="Out Queue" flow=202.124.100.2_Out \
limit-at=131072 queue=default priority=8 max-limit=262144 burst-limit=0 \
burst-threshold=0 burst-time=0 disabled=no
add name="202.124.100.2_In" parent="In Queue" flow=202.124.100.2_In \
limit-at=131072 queue=default priority=8 max-limit=262144 burst-limit=0 \
burst-threshold=0 burst-time=0 disabled=no
I basically had a set of these for each customer. Problem is they can in theory when download and uploading use 512K when they should only be able to use 256.
If I have missed something I'll be glad to be proved wrong ;)
Thanks,
Bill
Maybe this helps:
1. to limit 256kbps for each client with queue trees, use PCQ (per connection queues).
2. for marking packets, if you are using masquerading you have to mark the connection which is going from your local network, for example, mark HTTP traffic:
/ip firewall mangle add protocol=tcp dst-port=80 src-address=192.168.0.0/24 mark-connection=http-connection
/ip firewall mangle add connection=http-connection mark-flow=HTTP
now you can use this mark in queue trees for both directions and it will work (if i haven't missed something)
1. to limit 256kbps for each client with queue trees, use PCQ (per connection queues).
2. for marking packets, if you are using masquerading you have to mark the connection which is going from your local network, for example, mark HTTP traffic:
/ip firewall mangle add protocol=tcp dst-port=80 src-address=192.168.0.0/24 mark-connection=http-connection
/ip firewall mangle add connection=http-connection mark-flow=HTTP
now you can use this mark in queue trees for both directions and it will work (if i haven't missed something)
Still seem to get the same result, to control traffic in both directions I need to have two rules.
The mangle rule appears to be working all right as all traffic runs through it ( interface=all) when I use this in the Tree queues I set the parent to Bridge1 which is my bridge between the lan and wan. When I do this it only logs traffic in one direction. I've tried every interface but its still not right.
Do I need to create two tree queues? one for global-in, one for global-out then have two queues for each customer? If not then I'm stuck again :(
Thx
Bill
The mangle rule appears to be working all right as all traffic runs through it ( interface=all) when I use this in the Tree queues I set the parent to Bridge1 which is my bridge between the lan and wan. When I do this it only logs traffic in one direction. I've tried every interface but its still not right.
Do I need to create two tree queues? one for global-in, one for global-out then have two queues for each customer? If not then I'm stuck again :(
Thx
Bill
