After many months of struggling with Mikrotik and asking lots of questions and reading lots of documentation, I would like to share my configuration with the world. I want to do this for two reasons. One, to give back a little to the community, and maybe help someone else down the road.
Two, because I bet there is a mistake or two in my config, and I bet there are some experts out there who could audit it and make it better with suggestions and more examples.
For those of you out there reading this because of reason one, but became worried because of reason two, continue reading; although I'm a little unsure about my config, it does seem to work! (On version 2.9.23 anyway.)
My Mikrotik lives in a 10.x.x.x network behind a Cisco PIX 525 firewall, so it does not need to provide any firewalling or routing services. Queue Tree seems to be easier when used with routing. When simply bridging, like my example, Queue Tree is a little more difficult. Once I learned that you had to mark the connection first, then the packet, it all came together. I'm sure there is room for improvement, and I hope somebody who is smarter than I can suggest some corrections.
My MT box is at 10.0.0.32, and I have 40 class C's behind it. I have chosen to only apply Queue Trees to three of those classes so far. I am attempting to limit the entire input (download) into the network to 8 megabits, and the output to 2 megabits (upload). The three Class C's that are limited are children to ether1 (up) and ether2 (down).
P2P is marked and very heavily queued at 64k/64k.
Code: Select all
[admin@MikroTik] ip firewall mangle> print
Flags: X - disabled, I - invalid, D - dynamic
0 ;;; Mark 20.x Traffic for Queueing
chain=forward src-address=10.0.20.0/24 action=mark-connection
new-connection-mark=MarsHill-conn passthrough=yes
1 chain=forward connection-mark=MarsHill-conn action=mark-packet
new-packet-mark=MarsHill-flow passthrough=yes
2 ;;; Mark 20.x P2P Traffic for Queueing
chain=forward src-address=10.0.20.0/24 p2p=all-p2p
action=mark-connection new-connection-mark=MarsHill-p2p-conn
passthrough=yes
3 chain=forward connection-mark=MarsHill-p2p-conn action=mark-packet
new-packet-mark=MarsHill-p2p-flow passthrough=yes
4 ;;; Mark Winbox Traffic for Prioritization
chain=prerouting dst-address=10.0.0.32 dst-port=8291
action=mark-connection new-connection-mark=Winbox-conn passthrough=yes
5 chain=prerouting connection-mark=Winbox-conn action=mark-packet
new-packet-mark=Winbox-flow passthrough=yes
6 ;;; Mark 0.x Traffic for Queueing
chain=forward src-address=10.0.0.0/24 action=mark-connection
new-connection-mark=PresqueIsle-conn passthrough=yes
7 chain=forward connection-mark=PresqueIsle-conn action=mark-packet
new-packet-mark=PresqueIsle-flow passthrough=yes
8 ;;; Mark 0.x P2P Traffic for Queueing
chain=forward src-address=10.0.0.0/24 p2p=all-p2p action=mark-connection
new-connection-mark=PresqueIsle-p2p-conn passthrough=yes
9 chain=forward connection-mark=PresqueIsle-p2p-conn action=mark-packet
new-packet-mark=PresqueIsle-p2p-flow passthrough=yes
10 ;;; Mark 23.x Traffic for Queueing
chain=prerouting src-address=10.0.23.0/24 action=mark-connection
new-connection-mark=McGillan-conn passthrough=yes
11 chain=prerouting connection-mark=McGillan-conn action=mark-packet
new-packet-mark=McGillan-flow passthrough=yes
12 ;;; Mark 23.x P2P Traffic for Queueing
chain=prerouting src-address=10.0.23.0/24 p2p=all-p2p
action=mark-connection new-connection-mark=McGillan-p2p-conn
passthrough=yes
13 chain=prerouting connection-mark=McGillan-p2p-conn action=mark-packet
new-packet-mark=McGillan-p2p-flow passthrough=yes
[admin@MikroTik] /queue tree print
Flags: X - disabled, I - invalid
0 name="Wireless-Downlink" parent=ether2 packet-mark="" limit-at=0
queue=pcq-down priority=1 max-limit=8388608 burst-limit=0
burst-threshold=0 burst-time=0s
1 name="Wireless-Uplink" parent=ether1 packet-mark="" limit-at=0
queue=pcq-up priority=1 max-limit=2097152 burst-limit=0
burst-threshold=0 burst-time=0s
2 name="MarsHill-Downlink" parent=Wireless-Downlink
packet-mark=MarsHill-flow limit-at=1048576 queue=pcq-down priority=4
max-limit=2621440 burst-limit=0 burst-threshold=0 burst-time=0s
3 name="MarsHill-Uplink" parent=Wireless-Uplink packet-mark=MarsHill-flow
limit-at=524288 queue=pcq-up priority=8 max-limit=1048576 burst-limit=0
burst-threshold=0 burst-time=0s
4 name="MarsHill-Uplink-p2p" parent=MarsHill-Uplink
packet-mark=MarsHill-p2p-flow limit-at=0 queue=pcq-up priority=8
max-limit=64000 burst-limit=0 burst-threshold=0 burst-time=0s
5 name="MarsHill-Downlink-p2p" parent=MarsHill-Downlink
packet-mark=MarsHill-p2p-flow limit-at=0 queue=pcq-down priority=8
max-limit=64000 burst-limit=0 burst-threshold=0 burst-time=0s
6 name="PresqueIsle-Downlink" parent=Wireless-Downlink
packet-mark=PresqueIsle-flow limit-at=1048576 queue=pcq-down priority=1
max-limit=2621440 burst-limit=0 burst-threshold=0 burst-time=0s
7 name="PresqueIsle-Downlink-p2p" parent=PresqueIsle-Downlink
packet-mark=PresqueIsle-p2p-flow limit-at=1000 queue=pcq-down priority=8
max-limit=64000 burst-limit=0 burst-threshold=0 burst-time=0s
8 name="PresqueIsle-Uplink" parent=Wireless-Uplink
packet-mark=PresqueIsle-flow limit-at=524288 queue=pcq-up priority=1
max-limit=1048576 burst-limit=0 burst-threshold=0 burst-time=0s
9 name="PresqueIsle-Uplink-p2p" parent=PresqueIsle-Uplink
packet-mark=PresqueIsle-p2p-flow limit-at=1000 queue=pcq-up priority=8
max-limit=64000 burst-limit=0 burst-threshold=0 burst-time=0s
10 name="McGillan-Downlink" parent=Wireless-Downlink
packet-mark=McGillan-flow limit-at=1048576 queue=pcq-down priority=1
max-limit=2621440 burst-limit=0 burst-threshold=0 burst-time=0s
11 name="McGillan-Downlink-p2p" parent=McGillan-Downlink
packet-mark=McGillan-p2p-flow limit-at=0 queue=pcq-down priority=8
max-limit=64000 burst-limit=0 burst-threshold=0 burst-time=0s
12 name="McGillan-Uplink" parent=Wireless-Uplink packet-mark=McGillan-flow
limit-at=52488 queue=pcq-up priority=1 max-limit=1048576 burst-limit=0
burst-threshold=0 burst-time=0s
13 name="McGillan-Uplink-p2p" parent=McGillan-Uplink
packet-mark=McGillan-p2p-flow limit-at=0 queue=pcq-up priority=8
max-limit=64000 burst-limit=0 burst-threshold=0 burst-time=0s
[Admin@MikroTik] /queue type print
0 name="default" kind=pfifo pfifo-limit=50
1 name="ethernet-default" kind=pfifo pfifo-limit=50
2 name="wireless-default" kind=sfq sfq-perturb=5 sfq-allot=1514
3 name="synchronous-default" kind=red red-limit=60 red-min-threshold=10
red-max-threshold=50 red-burst=20 red-avg-packet=1000
4 name="hotspot-default" kind=sfq sfq-perturb=5 sfq-allot=1514
5 name="pcq-down" kind=pcq pcq-rate=0 pcq-limit=50 pcq-classifier=dst-address
pcq-total-limit=2000
6 name="pcq-up" kind=pcq pcq-rate=0 pcq-limit=50 pcq-classifier=src-address
pcq-total-limit=2000
7 name="red" kind=red red-limit=60 red-min-threshold=10 red-max-threshold=50
red-burst=20 red-avg-packet=1000
8 name="pfifo" kind=pfifo pfifo-limit=10
9 name="default-small" kind=pfifo pfifo-limit=10
Thanks,
Eric
I'm still looking to do traffic shaping on a transparent bridge "the right way" so this should be useful.