Hi everybody!
I'm running a small wireless isp of about 200 customers. I would like to set my customers up in different speed packages. something like 150 people at 4mbps/1mbps 20 at 6mbps/2mbps and so on.
I'm using my mikrotik box as a dhcp server so i won't have a problem distinguishing who's who. so far i've looked into simple queues and queue trees and they both seem like they are limiting the whole connection and the setups that i've seen don't show any easy way to limit by mac address or ip address. i've also looked into the hotspot functionality that mikrotik provides but i'm not really sure i want my customers to have to log in every time they want to get online.
i'm running version 4.4 with two physical nics
thanks in advance for the help!
Re: Do I need queues
http://wiki.mikrotik.com/wiki/PCQ
PCQ allows you to easily create substreams (for example by source IP for upstream and by destination IP for downstream) with a rate limit. Read the wiki for details and examples, but here a (very) rough outline:
Add address-lists to easily identify what profile a user should get:
Add 4 PCQ queue types - one for 4 meg down, one for 1 meg up, one for 6 meg down and one for 2 meg up. The pcq-total-limit value comes from the pcq-limit multiplied by the amount of customer you're expecting:
Mark traffic
And QoS the traffic
There's plenty of examples for this all over the wiki and the forums as rate-limiting per customer is an extremely common requirement.
PCQ allows you to easily create substreams (for example by source IP for upstream and by destination IP for downstream) with a rate limit. Read the wiki for details and examples, but here a (very) rough outline:
Add address-lists to easily identify what profile a user should get:
Code: Select all
/ip firewall address-list
add list=profile1 address=10.1.0.10
add list=profile1 address=10.1.0.11
add list=profile2 address=10.1.0.12Code: Select all
/queue type
add name="profile1-up" kind=pcq pcq-rate=1000000 pcq-limit=50 pcq-classifier=src-address pcq-total-limit=7500
add name="profile1-down" kind=pcq pcq-rate=4000000 pcq-limit=50 pcq-classifier=dst-address pcq-total-limit=7500
add name="profile2-up" kind=pcq pcq-rate=2000000 pcq-limit=50 pcq-classifier=src-address pcq-total-limit=1000
add name="profile2-down" kind=pcq pcq-rate=6000000 pcq-limit=50 pcq-classifier=dst-address pcq-total-limit=1000 Code: Select all
/ip firewall mangle
add chain=prerouting action=mark-packet new-packet-mark=profile1-up passthrough=no src-address-list=profile1 in-interface=LAN
add chain=postrouting action=mark-packet new-packet-mark=profile1-up passthrough=no src-address-list=profile1 out-interface=LAN
add chain=prerouting action=mark-packet new-packet-mark=profile2-up passthrough=no src-address-list=profile2 in-interface=LAN
add chain=postrouting action=mark-packet new-packet-mark=profile2-up passthrough=no src-address-list=profile2 out-interface=LANCode: Select all
/queue tree
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=profile1-up packet-mark=profile1-up parent=global-in priority=8 queue=profile1-up
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=profile1-down packet-mark=profile1-down parent=global-out priority=8 queue=profile1-down
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=profile2-up packet-mark=profile2-up parent=global-in priority=8 queue=profile2-up
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=profile2-down packet-mark=profile2-down parent=global-out priority=8 queue=profile2-down
Last edited by fewi on Fri Jan 15, 2010 5:27 pm, edited 1 time in total.
Re: Do I need queues
from the example above and whats on the wiki pages i have tried to set this up. But it still doesn't work.
I have the dhcp server setup to server 172.20.34.x address and nat to a public 64.8.76.181 and i am able to browse
I have the laptop that i'm testing with setup in the 0768/128 address list/queue.
I have setup the queue types:
I have set up the queue trees:
I have added the address of the laptop i'm using to test with to the address list:
I have setup mangle:
I have the dhcp server setup to server 172.20.34.x address and nat to a public 64.8.76.181 and i am able to browse
I have the laptop that i'm testing with setup in the 0768/128 address list/queue.
I have setup the queue types:
Code: Select all
[admin@MikroTik for BEM] /queue type> pr
0 name="default" kind=pfifo pfifo-limit=50
1 name="ethernet-default" kind=pfifo pfifo-limit=50
2 name="wireless-default" kind=sfq sfq-perturb=5 sfq-allot=1514
3 name="synchronous-default" kind=red red-limit=60 red-min-threshold=10 red-max-threshold=50 red-burst=20 red-avg-packet=1000
4 name="hotspot-default" kind=sfq sfq-perturb=5 sfq-allot=1514
5 name="1024/512-up" kind=pcq pcq-rate=64000 pcq-limit=50 pcq-classifier=src-address pcq-total-limit=7500
6 name="1024/512-down" kind=pcq pcq-rate=128000 pcq-limit=50 pcq-classifier=dst-address pcq-total-limit=7500
7 name="2048/512-up" kind=pcq pcq-rate=64000 pcq-limit=50 pcq-classifier=src-address pcq-total-limit=1000
8 name="2048/512-down" kind=pcq pcq-rate=256000 pcq-limit=50 pcq-classifier=dst-address pcq-total-limit=1000
9 name="3078/1024-up" kind=pcq pcq-rate=128000 pcq-limit=50 pcq-classifier=src-address pcq-total-limit=1000
10 name="3078/1024-down" kind=pcq pcq-rate=385000 pcq-limit=50 pcq-classifier=dst-address pcq-total-limit=1000
11 name="4096/1024-up" kind=pcq pcq-rate=128000 pcq-limit=50 pcq-classifier=src-address pcq-total-limit=1000
12 name="4096/1024-down" kind=pcq pcq-rate=512000 pcq-limit=50 pcq-classifier=dst-address pcq-total-limit=1000
13 name="5120/1024-up" kind=pcq pcq-rate=128000 pcq-limit=50 pcq-classifier=src-address pcq-total-limit=1000
14 name="5120/1024-down" kind=pcq pcq-rate=640000 pcq-limit=50 pcq-classifier=dst-address pcq-total-limit=1000
15 name="6144/1024-up" kind=pcq pcq-rate=128000 pcq-limit=50 pcq-classifier=src-address pcq-total-limit=1000
16 name="6144/1024-down" kind=pcq pcq-rate=768000 pcq-limit=50 pcq-classifier=dst-address pcq-total-limit=1000
17 name="7168/1024-up" kind=pcq pcq-rate=128000 pcq-limit=50 pcq-classifier=src-address pcq-total-limit=1000
18 name="7168/1024-down" kind=pcq pcq-rate=896000 pcq-limit=50 pcq-classifier=dst-address pcq-total-limit=1000
19 name="8192/1024-up" kind=pcq pcq-rate=128000 pcq-limit=50 pcq-classifier=src-address pcq-total-limit=1000
20 name="8192/1024-down" kind=pcq pcq-rate=1024000 pcq-limit=50 pcq-classifier=dst-address pcq-total-limit=1000
21 name="0768/128-up" kind=pcq pcq-rate=48000 pcq-limit=50 pcq-classifier=src-address pcq-total-limit=20971520
22 name="0768/128-down" kind=pcq pcq-rate=96000 pcq-limit=50 pcq-classifier=dst-address pcq-total-limit=20971520
23 name="default-small" kind=pfifo pfifo-limit=10 Code: Select all
[admin@MikroTik for BEM] /queue tree> pr
Flags: X - disabled, I - invalid
0 name="0768/128-down" parent=global-in packet-mark=0768/128-down limit-at=0 queue=1024/512-down priority=8 max-limit=0
burst-limit=0 burst-threshold=0 burst-time=0s
1 name="0768/128-up" parent=global-out packet-mark=0768/128-down limit-at=0 queue=0768/128-down priority=8 max-limit=0
burst-limit=0 burst-threshold=0 burst-time=0s
2 name="1024/512-up" parent=global-out packet-mark=1024/512-up limit-at=0 queue=1024/512-up priority=8 max-limit=0 burst-limit=>
burst-threshold=0 burst-time=0s
3 name="1024/512-down" parent=global-in packet-mark=1024/512-down limit-at=0 queue=1024/512-down priority=8 max-limit=0
burst-limit=0 burst-threshold=0 burst-time=0s
4 name="2048/512-up" parent=global-out packet-mark=2048/512-up limit-at=0 queue=2048/512-up priority=8 max-limit=0 burst-limit=>
burst-threshold=0 burst-time=0s
5 name="2048/512-down" parent=global-in packet-mark=2048/512-down limit-at=0 queue=2048/512-down priority=8 max-limit=0
burst-limit=0 burst-threshold=0 burst-time=0s
6 name="3078/1024-up" parent=global-out packet-mark=3078/1024-up limit-at=0 queue=3078/1024-up priority=8 max-limit=0
burst-limit=0 burst-threshold=0 burst-time=0s
7 name="4096/1024-up" parent=global-out packet-mark=4096/1024-up limit-at=0 queue=4096/1024-up priority=8 max-limit=0
burst-limit=0 burst-threshold=0 burst-time=0s
8 name="4096/1024-down" parent=global-in packet-mark=4096/1024-down limit-at=0 queue=4096/1024-down priority=8 max-limit=0
burst-limit=0 burst-threshold=0 burst-time=0s
9 name="5120/1024-up" parent=global-out packet-mark=5120/1024-up limit-at=0 queue=5120/1024-up priority=8 max-limit=0
burst-limit=0 burst-threshold=0 burst-time=0s
10 name="5120/1024-down" parent=global-in packet-mark=5120/1024-down limit-at=0 queue=5120/1024-down priority=8 max-limit=0
burst-limit=0 burst-threshold=0 burst-time=0s
11 name="6144/1024-up" parent=global-out packet-mark=6144/1024-up limit-at=0 queue=6144/1024-up priority=8 max-limit=0
burst-limit=0 burst-threshold=0 burst-time=0s
12 name="6144/1024-down" parent=global-in packet-mark=6144/1024-down limit-at=0 queue=6144/1024-down priority=8 max-limit=0
burst-limit=0 burst-threshold=0 burst-time=0s
13 name="7168/1024-up" parent=global-out packet-mark=7168/1024-up limit-at=0 queue=7168/1024-up priority=8 max-limit=0
burst-limit=0 burst-threshold=0 burst-time=0s
14 name="7168/1024-down" parent=global-in packet-mark=7168/1024-down limit-at=0 queue=7168/1024-down priority=8 max-limit=0
burst-limit=0 burst-threshold=0 burst-time=0s
15 name="8192/1024-up" parent=global-out packet-mark=8192/1024-up limit-at=0 queue=8192/1024-up priority=8 max-limit=0
burst-limit=0 burst-threshold=0 burst-time=0s
16 name="8192/1024-down" parent=global-in packet-mark=8192/1024-down limit-at=0 queue=8192/1024-down priority=8 max-limit=0
burst-limit=0 burst-threshold=0 burst-time=0s Code: Select all
[admin@MikroTik for BEM] /ip firewall address-list> pr
Flags: X - disabled, D - dynamic
# LIST ADDRESS
0 0768/128 172.20.34.254
1 1024/512 0.0.0.0
2 2048/512 0.0.0.0
3 3078/1024 0.0.0.0
4 4096/1024 0.0.0.0
5 5120/1024 0.0.0.0
6 6144/1024 0.0.0.0
7 7168/1024 0.0.0.0
8 8192/1024 0.0.0.0 Code: Select all
[admin@MikroTik for BEM] /ip firewall mangle> pr
Flags: X - disabled, I - invalid, D - dynamic
0 chain=prerouting action=mark-packet new-packet-mark=0768/128-up passthrough=no src-address-list=0768/128 in-interface=LAN
1 chain=postrouting action=mark-packet new-packet-mark=0768/128-down passthrough=no src-address-list=0768/128 out-interface=WAN
2 chain=prerouting action=mark-packet new-packet-mark=1024/512-up passthrough=no src-address-list=1024/512 in-interface=LAN
3 chain=postrouting action=mark-packet new-packet-mark=1024/512-up passthrough=no src-address-list=1024/512 out-interface=WAN
4 chain=prerouting action=mark-packet new-packet-mark=2048/512-up passthrough=no src-address-list=2048/512 in-interface=LAN
5 chain=postrouting action=mark-packet new-packet-mark=2048/512-up passthrough=no src-address-list=2048/512 out-interface=WAN
6 chain=prerouting action=mark-packet new-packet-mark=3078/1024-up passthrough=no src-address-list=3078/1024 in-interface=LAN
7 chain=postrouting action=mark-packet new-packet-mark=3078/1024-up passthrough=no src-address-list=3078/1024 out-interface=WAN
8 chain=prerouting action=mark-packet new-packet-mark=4096/1024-up passthrough=no src-address-list=4096/1024 in-interface=LAN
9 chain=postrouting action=mark-packet new-packet-mark=4096/1024-up passthrough=no src-address-list=4096/1024 out-interface=WAN
10 chain=prerouting action=mark-packet new-packet-mark=5120/1024-up passthrough=no src-address-list=5120/10242 in-interface=LAN
11 chain=postrouting action=mark-packet new-packet-mark=5120/1024-up passthrough=no src-address-list=5120/1024 out-interface=WAN
12 chain=prerouting action=mark-packet new-packet-mark=6144/1024-up passthrough=no src-address-list=6144/1024 in-interface=LAN
13 chain=postrouting action=mark-packet new-packet-mark=6144/1024-up passthrough=no src-address-list=6144/1024 out-interface=WAN
14 chain=prerouting action=mark-packet new-packet-mark=7168/1024-up passthrough=no src-address-list=7168/1024 in-interface=LAN
15 chain=postrouting action=mark-packet new-packet-mark=7168/1024-up passthrough=no src-address-list=7168/1024 out-interface=WAN
16 chain=prerouting action=mark-packet new-packet-mark=8192/1024-up passthrough=no src-address-list=8192/1024 in-interface=LAN
17 chain=postrouting action=mark-packet new-packet-mark=8192/1024-up passthrough=no src-address-list=8192/1024 out-interface=WAN Re: Do I need queues
Sorry, my original post was inaccurate.
should be
You caught the mistake in the packet mark name but still need to match the destination address rather than the source address, or downstream packets won't match that rule, won't be marked and won't be rate limited.
Does that fix the issue?
Code: Select all
/ip firewall mangle
add chain=prerouting action=mark-packet new-packet-mark=profile1-up passthrough=no src-address-list=profile1 in-interface=LAN
add chain=postrouting action=mark-packet new-packet-mark=profile1-up passthrough=no src-address-list=profile1 out-interface=LANCode: Select all
/ip firewall mangle
add chain=prerouting action=mark-packet new-packet-mark=profile1-up passthrough=no src-address-list=profile1 in-interface=LAN
add chain=postrouting action=mark-packet new-packet-mark=profile1-down passthrough=no dst-address-list=profile1 out-interface=LANDoes that fix the issue?
Re: Do I need queues
I use a 450 g for dhcp and I just set up a simple queue for every ip it gives out
That allows me to see in real time what each ip is doing, the total use and everything else in the pull down menu
That allows me to see in real time what each ip is doing, the total use and everything else in the pull down menu
Re: Do I need queues
Can you explain a little how you did this?I use a 450 g for dhcp and I just set up a simple queue for every ip it gives out
That allows me to see in real time what each ip is doing, the total use and everything else in the pull down menu
Re: Do I need queues
Keep in mind that simple queues are evaluated top to bottom and will not scale very well. If you have hundreds of clients simple queues are a bad idea.
Who is online
Users browsing this forum: No registered users and 21 guests