It is possible to reserve minimum bandwith to a specific tcp/udp destination port ?
If it is, how to do it ?
Best regards
Re: Bandwith reservation - tcp/udp ports
Yes, you can build a queue tree with the minimum guaranteed bandwidth option and mark the flows on the basis of the port.
Mind, you will have to disable fasttrack so on weaker hardware you may run into CPU performance bottleneck.
But please provide some more details.
What hardware model you use?
Are you really looking for a setup like "from any IP in my LAN to any IP in the WAN at destination port xxx" or more narrow?
Mind, you will have to disable fasttrack so on weaker hardware you may run into CPU performance bottleneck.
But please provide some more details.
What hardware model you use?
Are you really looking for a setup like "from any IP in my LAN to any IP in the WAN at destination port xxx" or more narrow?
Re: Bandwith reservation - tcp/udp ports
Are you really looking for a setup like "from any IP in my LAN to any IP in the WAN at destination port xxx" or more narrow?
yes correct. Exactly that. I want to have a minimum guaranted bandwith for that specific destination traffic/port in case of link congestion.
I´m using a 2011UiAS
When you say: « minimum guaranteed bandwidth option » you mean the Limit at (bit/s) option at Queue Tree option ?
Thanks in advance
yes correct. Exactly that. I want to have a minimum guaranted bandwith for that specific destination traffic/port in case of link congestion.
I´m using a 2011UiAS
When you say: « minimum guaranteed bandwidth option » you mean the Limit at (bit/s) option at Queue Tree option ?
Thanks in advance
Re: Bandwith reservation - tcp/udp ports
Yes, the limit-at option.
A very basic setup on a "blank" config with no existing queues or mangle rules might look something like this (do not use this blindly, just as example):
Once again, be warned that disabling fasttrack will increase CPU load.
If you'll run into problems, start with reenabling the fasttrack rule in firewall. This will break the queues but will also very quickly bring CPU load back to where it was.
Also maybe consider adding the limit-at= + max-limit= to the two "other traffic" queues, to make sure there's a bit of bandwidth left for it when the "critical traffic" suddenly tries to pump 500Mbit for one or another reason.
A very basic setup on a "blank" config with no existing queues or mangle rules might look something like this (do not use this blindly, just as example):
Code: Select all
/ip firewall filter
print where action="fasttrack-connection"
;;; note the rules printed, and if more than one exist, what are their enabled and disabled status!
disable where action="fasttrack-connection"
print where action="fasttrack-connection"
;;; note all fasttrack rules should show as disabled now.
/ip firewall mangle
add chain=forward action=mark-packet protocol=tcp dst-port=IMPORTANT_PORT_1 in-interface=LAN_INTERFACE_HERE new-packet-mark=m-critical-traffic-out passthrough=no
add chain=forward action=mark-packet protocol=tcp dst-port=IMPORTANT_PORT_2 in-interface=LAN_INTERFACE_HERE new-packet-mark=m-critical-traffic-out passthrough=no
add chain=forward action=mark-packet protocol=tcp src-port=IMPORTANT_PORT_1 in-interface=WAN_INTERFACE_HERE new-packet-mark=m-critical-traffic-in passthrough=no
add chain=forward action=mark-packet protocol=tcp src-port=IMPORTANT_PORT_2 in-interface=WAN_INTERFACE_HERE new-packet-mark=m-critical-traffic-in passthrough=no
/queue tree
add max-limit=YOUR_UPLOAD_SPEED name=q-lan-to-wan parent=WAN_INTERFACE_HERE
add max-limit=YOUR_DOWNLOAD_SPEED name=q-wan-to-lan parent=LAN_INTERFACE_HERE
add limit-at=GUARANTEED_SPEED_RESERVE max-limit=YOUR_UPLOAD_SPEED name=q-critical-traffic-out packet-mark=m-critical-traffic-out parent=q-lan-to-wan queue=pcq-upload-default
add limit-at=GUARANTEED_SPEED_RESERVE max-limit=YOUR_DOWNLOAD_SPEED name=q-critical-traffic-in packet-mark=m-critical-traffic-in parent=q-wan-to-lan queue=pcq-download-default
add name=q-other-traffic-out packet-mark=no-mark parent=q-lan-to-wan queue=pcq-upload-default
add name=q-other-traffic-in packet-mark=no-mark parent=q-wan-to-lan queue=pcq-download-default
If you'll run into problems, start with reenabling the fasttrack rule in firewall. This will break the queues but will also very quickly bring CPU load back to where it was.
Also maybe consider adding the limit-at= + max-limit= to the two "other traffic" queues, to make sure there's a bit of bandwidth left for it when the "critical traffic" suddenly tries to pump 500Mbit for one or another reason.