Something really weird is happening. Fasttrack is disabled. The simple queue works fine for all traffic except when there's a steam download.
Whenever I do speed tests (even by multiple clients at once) or I download large files, the queue barely go over its max limit. But when I start a steam game download, the queue overshoots almost always and sometimes up to 18 mbps (I have a 100mbit connection, so it's almost up to 20%). When I go to the connections tab of the firewall, I see that steam opens up multiple TCP connections. They're not fasttracked.
What's odd and indicates a bug, sometimes when I play the queue settings, it stop overshooting. But when I reboot the router (RB4011), it starts happening again.
My wan is pppoe over a VLAN on a fiber ONT (bridged) with the Mikrotik router.
In the screenshot below, you can see I lowered the max-limit of the queue to 80M but still my pppoe traffic overshoots to 96M.
Here's my full config:
Code: Select all
/interface bridge
add admin-mac=XX:XX:XX:XX:XX:XX auto-mac=no frame-types=admit-only-vlan-tagged name=bridge1 vlan-filtering=yes
/interface vlan
add comment=lan interface=bridge1 name=vlan10 vlan-id=10
add comment=guest interface=bridge1 name=vlan20 vlan-id=20
add comment=voip interface=bridge1 name=vlan30 vlan-id=30
add comment=cams interface=bridge1 name=vlan40 vlan-id=40
add comment=iam-wan interface=bridge1 name=vlan881 vlan-id=881
/interface pppoe-client
add add-default-route=yes disabled=no interface=vlan881 max-mru=1492 max-mtu=1492 name=pppoe-iam user=*****
/interface list
add name=WAN
add name=LAN
add name=GUEST
add name=VOIP
add name=CAMS
/ip pool
add name=vlan10 ranges=*********
add name=vlan20 ranges=*********
add name=vlan30 ranges=*********
add name=vlan40 ranges=*********
/ip dhcp-server
add address-pool=vlan10 interface=vlan10 lease-time=1d name=vlan10
add address-pool=vlan20 interface=vlan20 lease-time=1d name=vlan20
add address-pool=vlan30 interface=vlan30 lease-time=1d name=vlan30
add address-pool=vlan40 interface=vlan40 lease-time=1d name=vlan40
/queue type
add cake-flowmode=dual-srchost cake-nat=yes cake-overhead=36 kind=cake name=cake-out
add cake-diffserv=besteffort cake-flowmode=dual-dsthost cake-nat=yes cake-overhead=36 cake-wash=yes kind=cake name=cake-in
/queue simple
add bucket-size=0.002/0.002 max-limit=80M/47500k name=wan queue=cake-in/cake-out target=pppoe-iam
/interface bridge port
add bridge=bridge1 frame-types=admit-only-vlan-tagged interface=ether1
add bridge=bridge1 frame-types=admit-only-vlan-tagged interface=ether2
add bridge=bridge1 frame-types=admit-only-vlan-tagged interface=ether3
add bridge=bridge1 frame-types=admit-only-vlan-tagged interface=ether4
add bridge=bridge1 frame-types=admit-only-vlan-tagged interface=ether5
add bridge=bridge1 frame-types=admit-only-vlan-tagged interface=ether6
add bridge=bridge1 frame-types=admit-only-vlan-tagged interface=ether7
add bridge=bridge1 frame-types=admit-only-vlan-tagged interface=ether8
add bridge=bridge1 frame-types=admit-only-vlan-tagged interface=ether9
add bridge=bridge1 frame-types=admit-only-vlan-tagged interface=ether10
add bridge=bridge1 frame-types=admit-only-vlan-tagged interface=sfp-sfpplus1
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface bridge vlan
add bridge=bridge1 tagged=bridge1,ether1,ether2,ether3,ether4,ether5,ether6,ether7,ether8,ether9,ether10,sfp-sfpplus1 vlan-ids=10
add bridge=bridge1 tagged=bridge1,ether1,ether2,ether3,ether4,ether5,ether6,ether7,ether8,ether9,ether10,sfp-sfpplus1 vlan-ids=20
add bridge=bridge1 tagged=bridge1,ether1,ether2,ether3,ether4,ether5,ether6,ether7,ether8,ether9,ether10,sfp-sfpplus1 vlan-ids=30
add bridge=bridge1 tagged=bridge1,ether1,ether2,ether3,ether4,ether5,ether6,ether7,ether8,ether9,ether10,sfp-sfpplus1 vlan-ids=40
add bridge=bridge1 tagged=bridge1,ether1,ether2,ether3,ether4,ether5,ether6,ether7,ether8,ether9,ether10,sfp-sfpplus1 vlan-ids=881
/interface list member
add interface=pppoe-iam list=WAN
add interface=vlan10 list=LAN
add interface=vlan20 list=GUEST
add interface=vlan30 list=VOIP
add interface=vlan40 list=CAMS
/ip address
add address=******* interface=vlan10 network=******
add address=******* interface=vlan20 network=******
add address=******* interface=vlan30 network=******
add address=******* interface=vlan40 network=******
/ip cloud
set ddns-enabled=yes
/ip dhcp-server network
add address=***** dns-server=******** gateway=******** ntp-server=*******
add address=***** dns-server=******** gateway=******** ntp-server=*******
add address=***** dns-server=******** gateway=******** ntp-server=*******
add address=***** dns-server=******** gateway=******** ntp-server=*******
/ip dns
set allow-remote-requests=yes cache-max-ttl=0s servers=********
/ip firewall address-list
add address=******* comment=asterisk list=VOIP-WHITELIST
add address=******** comment=traefik list=DSTNAT-WHITELIST
add address=******* comment=scale list=DSTNAT-WHITELIST
/ip firewall filter
add action=accept chain=input connection-state=established,related,untracked
add action=drop chain=input connection-state=invalid
add action=accept chain=input protocol=icmp
add action=accept chain=input dst-port=13231 protocol=udp
add action=accept chain=input dst-address=127.0.0.1
add action=accept chain=input dst-port=123 in-interface-list=!WAN protocol=udp
add action=jump chain=input dst-port=53 jump-target=dns protocol=tcp
add action=jump chain=input dst-port=53 jump-target=dns protocol=udp
add action=drop chain=input in-interface-list=!LAN
add action=accept chain=forward connection-state=established,related
add action=accept chain=forward in-interface-list=LAN
add action=accept chain=forward in-interface-list=GUEST out-interface-list=WAN
add action=accept chain=forward in-interface-list=VOIP out-interface-list=WAN src-address-list=VOIP-WHITELIST
add action=accept chain=forward connection-nat-state=dstnat dst-address-list=DSTNAT-WHITELIST in-interface-list=WAN
add action=drop chain=forward
add action=drop chain=dns in-interface-list=WAN
add action=drop chain=dns in-interface-list=CAMS
add action=drop chain=dns in-interface-list=VOIP src-address-list=!VOIP-WHITELIST
add action=accept chain=dns
/ip firewall nat
add action=masquerade chain=srcnat comment=wan ipsec-policy=out,none out-interface-list=WAN
add action=dst-nat chain=dstnat comment=******* dst-port=**in-interface-list=WAN protocol=tcp to-addresses=***** to-ports=**
add action=dst-nat chain=dstnat comment=******* dst-port=** in-interface-list=WAN protocol=tcp to-addresses=***** to-ports=**
add action=dst-nat chain=dstnat comment=******* dst-port=** in-interface-list=WAN protocol=tcp to-addresses=***** to-ports=**
add action=dst-nat chain=dstnat comment=******* dst-port=** in-interface-list=WAN protocol=udp to-addresses=***** to-ports=**
/system clock
set time-zone-autodetect=no time-zone-name=********
/system identity
set name=rb4011
/system ntp client
set enabled=yes
/system ntp server
set enabled=yes manycast=yes
/system ntp client servers
add address=*******
add address=*******
add address=*******
add address=*******
/system package update
set channel=testing
/tool bandwidth-server
set enabled=no
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN