Hi ,,

we have wireless network providing point to point internet service , our main controller is RB1000 with v4 OS .

for the point to point links i'm using RB433 as transparent bridge in both sides

how i can limit the BW for my customers , i.e. one of my customers need 1 Mbps downlink / 256 Uplink , another one need 1 Mbps downlink / 512 uplink and so on ..

please advice how i can provide this .

Thanks

use the mikrotik`s wiki page
http://wiki.mikrotik.com/ mutch good info and configs.
http://wiki.mikrotik.com/wiki/Bandwidth ... and_Queues
esay why can be just to use simple queues

Mail me . i can help

Hi ,,

we have wireless network
providing point to point internet service , our main controller is RB1000 with v4 OS .

for the point to point links i'm using RB433 as transparent bridge in both sides

how i can limit the BW for my customers , i.e. one of my customers need 1 Mbps downlink / 256 Uplink , another one need 1 Mbps downlink / 512 uplink and so on ..

please advice how i can provide this .

Thanks

We ended up using pppoe and a radius server for our WISP, took a long time to get it sweet but its total sweetness now.

Mail me . i can help

Why do you want everyone to mail you? If you can help, then help. The purpose of the forum is to keep everything in the public domain so if someone has a similar problem they can get answers from here.

Can any one please post the config here so it will help me and help others have same issue ..

i need to know how physically it will be .. shall i need to assign IP address from the rb433 or how ?


any post is welcom

Shame on me . I use lan management system to achieve goals like this . It's a web based billing solution with bandwidth management capabilities .
It's fitting very well with transparent bridges mikrotik solutions .

LMs - http://lms.org.pl

Mail me . i can help

Why do you want everyone to mail you? If you can help, then help. The purpose of the forum is to keep everything in the public domain so if someone has a similar problem they can get answers from here.

The best why to learn is to read, and explore the many facilities of RouterOS.

But to get you on track, make "lab" testing area. take you router innside make small network. Ex:

Add simple queue
Open terminal put this in
/ queue simple
add name="Local" target-addresses=192.168.0.0/24 dst-address=0.0.0.0/0 priority=8 queue=default/default max-limit=2M/2M

This shoud no be a limit on all computers in 192.168.0.0/24 to 2 mbits / 2 mbits, then you can start and read about all the settings we use, and tray to understand do not take to mutch over you head. take littel by littel. i can understand that wiki exp is not so esay to understand. try things out while reading. good luck.

Thanks .. i have read many examples and guides and now i'm doing well with QOS and its really improved my internet service ..


Many thanks for Mikrotik

The best why to learn is to read, and explore the many facilities of RouterOS.

But to get you on track, make "lab" testing area. take you router innside make small network. Ex:

Add simple queue
Open terminal put this in
/ queue simple
add name="Local" target-addresses=192.168.0.0/24 dst-address=0.0.0.0/0 priority=8 queue=default/default max-limit=2M/2M

This shoud no be a limit on all computers in 192.168.0.0/24 to 2 mbits / 2 mbits, then you can start and read about all the settings we use, and tray to understand do not take to mutch over you head. take littel by littel. i can understand that wiki exp is not so esay to understand. try things out while reading. good luck.

We've best experience using the bandwidth settings in wireless
access-lists. This saves air-time as it limits on each side of
the wireless link.

For a internet provider you need limits only on gateway and/or on client device .
I use LMS open source billing solution on gateway and the traffic limits are generated on the same gateway (fedora linux) . It's working perfectly .
i'm curious how others manage the bandwidth, billing, invoices .

We've best experience using the bandwidth settings in wireless
access-lists. This saves air-time as it limits on each side of
the wireless link.

For a internet provider you need limits only on gateway and/or on client device .
I use LMS open source billing solution on gateway and the traffic limits are generated on the same gateway (fedora linux) . It's working perfectly .
i'm curious how others manage the bandwidth, billing, invoices .

We've best experience using the bandwidth settings in wireless
access-lists. This saves air-time as it limits on each side of
the wireless link.

Using Wlan we need a limit for cpe's decreasing efficiency of your APs in the first
place. So limiting at the Internetgateway does not help as it's not our bottleneck.
Our bottleneck is the distribution AP-CPE. With wireless access-lists i can limit the
traffic the ap sends and the cpe sends. So I limit traffic at the right place.

May be you've a limited backbone connection than this is your bottleneck. So you've
to do Queing/Shaping at your central RB1000s.

i think its will be very hard to do like this with large network as its will be not easy to monitor and checking , centralizing is the solution as you can be sure that your network protected and the BW shaping is in safe place ..

also it will be easy to monitor and BW modifications


Thanks

For a internet provider you need limits only on gateway and/or on client device .
I use LMS open source billing solution on gateway and the traffic limits are generated on the same gateway (fedora linux) . It's working perfectly .
i'm curious how others manage the bandwidth, billing, invoices .

We've best experience using the bandwidth settings in wireless
access-lists. This saves air-time as it limits on each side of
the wireless link.

Using Wlan we need a limit for cpe's decreasing efficiency of your APs in the first
place. So limiting at the Internetgateway does not help as it's not our bottleneck.
Our bottleneck is the distribution AP-CPE. With wireless access-lists i can limit the
traffic the ap sends and the cpe sends. So I limit traffic at the right place.

May be you've a limited backbone connection than this is your bottleneck. So you've
to do Queing/Shaping at your central RB1000s.

I have sectors with 60 CPEs. I cant go without limiting the CPEs sending to much
traffic into this sectors. It does not help to have a comfortable centralised solution
allowing file-sharers to jam a sector.
So a centralised managment solution has to take care of this. So it has to limit
the traffic at the cpe. If it does this I would love to use it. If not, it does not help
at least in our case.

I dont understand . If you limit client1 traffic on gateway to max 1Mb or if you limit him on cpe to 1Mb is not the same ?
The queue will be on the gateway, so client1 cant overload the sector . Only 1Mb traffic will pass .
It will be a problem if client1 copy from client2 something but you can drop netbios traffic . Only the broadcast remain but this is not related to traffic shaping .
To be honest i will try to limit cpe if i use only mikrotik solution, but i have mixed cpe clients.

In LMS you can define user side scripts to upload/run specific configurations on your cpe .
You have a section related to network devices . You can define mikrotik client devices, mikrotik ap's, and at specific hours you can run scripts who can run querys and make configurations .
I dont use it in this way because i have mixed cpe devices, but is not hard with perl/bash scripting . You have examples in lms/contrib .

I dont understand . If you limit client1 traffic on gateway to max 1Mb or if you limit him on cpe to 1Mb is not the same ?

When the client does file sharing and sends packets per UDP it is relevant where you
drop the packets for shaping. When you do it at the cpe packets does not reach the air.
If you do it at the internet gateway packets travel your whole network to get dropped
at the gateway.

So when you shape at the gateway one client can shoot a whole sector.

For a internet provider you need limits only on gateway and/or on client device .
I use LMS open source billing solution on gateway and the traffic limits are generated on the same gateway (fedora linux) . It's working perfectly .
i'm curious how others manage the bandwidth, billing, invoices .

We've best experience using the bandwidth settings in wireless
access-lists. This saves air-time as it limits on each side of
the wireless link.

Using Wlan we need a limit for cpe's decreasing efficiency of your APs in the first
place. So limiting at the Internetgateway does not help as it's not our bottleneck.
Our bottleneck is the distribution AP-CPE. With wireless access-lists i can limit the
traffic the ap sends and the cpe sends. So I limit traffic at the right place.

May be you've a limited backbone connection than this is your bottleneck. So you've
to do Queing/Shaping at your central RB1000s.

I think in 99% of cases your connection to the internet is the bottle neck. Unless you sell your full bandwidth connection to only one customer. Therefore you have to limit and prioritize at the main gateway anyway.

Up to know I have been limiting client CPE speeds in the AP's by access list. Some of my towers have 40 clients. (I do QoS at the main gateway.) But I am coming back from this. First of all, MT can only control the upload speed from units that are MT. Other makes cannot be controlled and take therefore all speed the wireless link physically can handle.

How can you AP-CPE link be the bottleneck? You mean your airrates are so much lower then you have as backbone capacity? And your client's assigned (contracted) speed is more then the AP-CPE link can handle? Sounds a bit strange situation to me.
Airtime in the AP-CPE domain is shared and should be controlled by RTS/CTS setting (or polling in full nstreme network).
It has its limits but in real life the limit is a combination of allowed individual (contracted) rates combined with the total amount of associated CPE's. If your AP can't handle the traffic you need to set up more AP's.

If you make your AP do al the limiting you make it work harder and reach the cpu max limit earlier. So make the AP do as little as possible and limit somewhere else.

One side effect I also found in limiting AP-CPE links is that when you want to do upgrades of the CPE's, or, I am at a client and need quick access to my network, the speed limit jumps in here too.

Also, if internal network speeds are only limited in the main gateway towards the internet all managing protocols will travel in the network only limited by physical boundaries of the link's airspeeds.
Without the need of lifting temporarily the limits in the access list, I can run a bandwith test and ping from my main gateway to the clients CPE (or further) to see how my network performs. If client still complains about speeds while I can maintain even higher speed to his CPE, I know for sure I have no network issue.

Centralized limiting is also preferred in bigger network for ease of managing.

When some parts of the network have bottle necks compared to traffic amount that theoretically can be presented to it by AP's further down the line, it is in my opinion also needed to do QoS (maybe not that extensive as in main router) to guarantee that in ´rush´ ours at least most important traffic has higher change of passing then lower priority traffic.
Example;
I have a backhaul link that can only carry 18Mb real traffic in download direction.
But in download direction I have two AP's with each 20 clients that each can have 1Mb download. 2 x 20 x 1 makes 40Mb theoretical demand.
If this would be allowed uncontrolled we will see lots of collisions (package losses) before traffic enters the bottleneck. It will interrupt lots of services and probably only aggressive P2P connections will prevail. Not a situation you really like.

We go out of a housing center where we have Gigabit connection
(2 links to 2 RB1000s with BGP).
We go into 2 directions with licensed gear and carry 366Mbit to the towers.
From there we use 5,8Ghz (non Wlan Equipment) which carries 100MBit per
link to the next towers.

A typical Wlan Segment carries no more than 20-25Mbit HDX (5,5 20MHz Channel RTS/CTS).
If there are weak clients on the segment even less. So we have to optimize segments
to carry as much bandwidth as possible. This is done best with access-lists and MT Clients
as they respect access-list traffic limitation. The outgoing traffic is shaped at the client
so the AP has to do shaping only for traffic to the clients. Shaping 60MBit (3 Segments)
is not the problem for a RB600.

Without limiting the CPE at the CPE one user can kill a segment by sending UDP Traffic storms.
Your central QOS server comes to late. He stops the traffic before sending it to the internet
but the segment with the offending CPE is full of UDP-Traffic.

In your case you maybe need both access-list and QOS as you may get bottlenecks
on the segment and on the internet link.

We go out of a housing center where we have Gigabit connection
(2 links to 2 RB1000s with BGP).
We go into 2 directions with licensed gear and carry 366Mbit to the towers.
From there we use 5,8Ghz (non Wlan Equipment) which carries 100MBit per
link to the next towers.

A typical Wlan Segment carries no more than 20-25Mbit HDX (5,5 20MHz Channel RTS/CTS).
If there are weak clients on the segment even less. So we have to optimize segments
to carry as much bandwidth as possible. This is done best with access-lists and MT Clients
as they respect access-list traffic limitation. The outgoing traffic is shaped at the client
so the AP has to do shaping only for traffic to the clients. Shaping 60MBit (3 Segments)
is not the problem for a RB600.

Without limiting the CPE at the CPE one user can kill a segment by sending UDP Traffic storms.
Your central QOS server comes to late. He stops the traffic before sending it to the internet
but the segment with the offending CPE is full of UDP-Traffic.

In your case you maybe need both access-list and QOS as you may get bottlenecks
on the segment and on the internet link.

Very interesting!
This give us a look into a real high bandwidth suppliers setup. Very nice. Your remarks make me re-think my decision to abandon client end shaping....

Some questions though:

- What is "HDX"? I presume I can google for it but you might give me a quicker answer!
- Your "outgoing" traffic (=upload?) is shaped at the client. How? Just simple queue in the client? Or you mend the AP still limits the clients "Tx" limit like option of winbox access rule shows me?
- Then your "traffic to the clients" (=download) is then shaped by the AP_Tx_Limit in the access rule?

Last, but most important: "UDP Traffic storms". What can cause these? Can it happen by wrong configs? Trojans or virusses? Or has to be initiated by abuser?

I use mainly MT CPE's and Ubiquity CPE stuff. (The latter will fade out since their failure rates are way to high.)
MT units can be shaped in the AP while the UBNT have an option in the unit itself.
I am only left with notebooks etc. that are allowed to log in. I cannot control their upload, and these are probably also machines prone to risk change of network abuse. How to deal with these? Setup simple queues in AP?


I have a feeling I can learn a lot from you!
And your capacity makes me feel very little.....

We go out of a housing center where we have Gigabit connection
(2 links to 2 RB1000s with BGP).
We go into 2 directions with licensed gear and carry 366Mbit to the towers.
From there we use 5,8Ghz (non Wlan Equipment) which carries 100MBit per
link to the next towers.

A typical Wlan Segment carries no more than 20-25Mbit HDX (5,5 20MHz Channel RTS/CTS).
If there are weak clients on the segment even less. So we have to optimize segments
to carry as much bandwidth as possible. This is done best with access-lists and MT Clients
as they respect access-list traffic limitation. The outgoing traffic is shaped at the client
so the AP has to do shaping only for traffic to the clients. Shaping 60MBit (3 Segments)
is not the problem for a RB600.

Without limiting the CPE at the CPE one user can kill a segment by sending UDP Traffic storms.
Your central QOS server comes to late. He stops the traffic before sending it to the internet
but the segment with the offending CPE is full of UDP-Traffic.

In your case you maybe need both access-list and QOS as you may get bottlenecks
on the segment and on the internet link.

Very interesting!
This give us a look into a real high bandwidth suppliers setup. Very nice. Your remarks make me re-think my decision to abandon client end shaping....

Some questions though:

- What is "HDX"? I presume I can google for it but you might give me a quicker answer!

Halfduplex. Licensed gear is always Fullduplex.

- Your "outgoing" traffic (=upload?) is shaped at the client. How? Just simple queue in the client? Or you mend the AP still limits the clients "Tx" limit like option of winbox access rule shows me?

The client learns this from the AP access-list. If you look in registration of the client he shows
you the rates the AP gives him.

- Then your "traffic to the clients" (=download) is then shaped by the AP_Tx_Limit in the access rule?

Yes.

Last, but most important: "UDP Traffic storms". What can cause these? Can it happen by wrong configs? Trojans or virusses? Or has to be initiated by abuser?

This depends on the application. If there is a torrent client which sends out 10000 UDP Packets without waiting
for an acknowledge ... Or may be btest ), bad implemented speed test ...

I use mainly MT CPE's and Ubiquity CPE stuff. (The latter will fade out since their failure rates are way to high.)
MT units can be shaped in the AP while the UBNT have an option in the unit itself.
I am only left with notebooks etc. that are allowed to log in. I cannot control their upload, and these are probably also machines prone to risk change of network abuse. How to deal with these? Setup simple queues in AP?

Oh. You've foreign controlled devices (Laptops) connected to your AP.
There you loose control. We do not allow this. We even manage all
CPEs. No customer gets the passwd of his CPE. If he needs e.g. a NAT setting
we do it at no cost. Thats cheaper than let the customers do it.

I have a feeling I can learn a lot from you!
And your capacity makes me feel very little.....

No. Getting traffic from a housing center is much more affordable
than leasing lines. Licensed Gear is no longer unaffordable.
It's more expensive than MT Stuff. But at the center of the
backbone it is worth it's money. Combined with MT-Stuff you
get a great network.

This is a ping from RB450G to RB450G with licensed gear carrying traffic
between.

[admin@GW21] > ping 192.168.50.189
192.168.50.189 64 byte ping: ttl=64 time<1 ms
192.168.50.189 64 byte ping: ttl=64 time<1 ms
192.168.50.189 64 byte ping: ttl=64 time<1 ms
192.168.50.189 64 byte ping: ttl=64 time<1 ms
192.168.50.189 64 byte ping: ttl=64 time<1 ms
192.168.50.189 64 byte ping: ttl=64 time<1 ms
192.168.50.189 64 byte ping: ttl=64 time=1 ms
192.168.50.189 64 byte ping: ttl=64 time<1 ms
192.168.50.189 64 byte ping: ttl=64 time<1 ms
192.168.50.189 64 byte ping: ttl=64 time<1 ms
192.168.50.189 64 byte ping: ttl=64 time<1 ms
192.168.50.189 64 byte ping: ttl=64 time<1 ms
192.168.50.189 64 byte ping: ttl=64 time<1 ms
192.168.50.189 64 byte ping: ttl=64 time<1 ms
192.168.50.189 64 byte ping: ttl=64 time<1 ms
192.168.50.189 64 byte ping: ttl=64 time<1 ms
192.168.50.189 64 byte ping: ttl=64 time<1 ms
192.168.50.189 64 byte ping: ttl=64 time<1 ms
18 packets transmitted, 18 packets received, 0% packet loss
round-trip min/avg/max = 0/0.0/1 ms

Last, but most important: "UDP Traffic storms". What can cause these? Can it happen by wrong configs? Trojans or virusses? Or has to be initiated by abuser?

This depends on the application. If there is a torrent client which sends out 10000 UDP Packets without waiting
for an acknowledge ... Or may be btest ), bad implemented speed test ...

Oh, well I have several P2P torrent users, so it might be a risk then.... hmmmm

I use mainly MT CPE's and Ubiquity CPE stuff. (The latter will fade out since their failure rates are way to high.)
MT units can be shaped in the AP while the UBNT have an option in the unit itself.
I am only left with notebooks etc. that are allowed to log in. I cannot control their upload, and these are probably also machines prone to risk change of network abuse. How to deal with these? Setup simple queues in AP?

Oh. You've foreign controlled devices (Laptops) connected to your AP.
There you loose control. We do not allow this. We even manage all
CPEs. No customer gets the passwd of his CPE. If he needs e.g. a NAT setting
we do it at no cost. Thats cheaper than let the customers do it.

Well, I have full control of all my CPE's, not the client. But some client wont pay for an fixed installation (holiday makers) that only want their laptop on-line for limited time. These I just grant access to my AP's. I know, need to setup Hotspot for these.