MikroTik

Hello,
I have tried to set up bandwith shaping, using address lists as source of IPs and mangle with queue trees.
I have read the manual, looked at examples, read the wiki and searched all over the forums before asking for help .

It seems that I have created a mistake somewhere, yet I cannot find it. It looks to me that system correctly identifies download traffic, and shapes it accordingly, but mangle rules for upload do not cach any traffic.

First, the network layout:

6 Mikrotik access points, all have PPPoE access concentrators on them. Every pppoe server is managed via it's own secrets (no centralized radius yet, but in the plans). Every user gets a static IP address at their PPPoE access concentrator.

All these are routed via static routes to our gateway which is runing Mikrotik.

On the gateway, I have created mangle rules, separately for upload and download for each package type. After that I have created dynamic queue tree with separate queues for each package.

Here is config output I used:

MANGLE:

Flags: X - disabled, I - invalid, D - dynamic
0 chain=prerouting src-address-list=pk1 action=mark-connection
new-connection-mark=pk1_d_con passthrough=no

1 chain=prerouting connection-mark=pk1_d_con action=mark-packet
new-packet-mark=pk1_d_pak passthrough=yes

2 chain=prerouting dst-address-list=pk1 action=mark-connection
new-connection-mark=pk1_up_con passthrough=no

3 chain=prerouting connection-mark=pk1_up_con action=mark-packet
new-packet-mark=pk1_up_pak passthrough=no

4 chain=prerouting src-address-list=pk2 action=mark-connection
new-connection-mark=pk2_d_con passthrough=no

5 chain=prerouting connection-mark=pk2_d_con action=mark-packet
new-packet-mark=pk2_d_pak passthrough=yes

6 chain=prerouting dst-address-list=pk2 action=mark-connection
new-connection-mark=pk2_up_con passthrough=no

7 chain=prerouting connection-mark=pk2_up_con action=mark-packet
new-packet-mark=pk2_up_pak passthrough=no

8 chain=prerouting src-address-list=pk_S action=mark-connection
new-connection-mark=pk_S_d_con passthrough=no

9 chain=prerouting connection-mark=pk_S_d_con action=mark-packet
new-packet-mark=pk_S_d_pak passthrough=no

10 chain=prerouting dst-address-list=pk_S action=mark-connection
new-connection-mark=pk_S_up_con passthrough=no

11 chain=prerouting connection-mark=pk_S_up_con action=mark-packet
new-packet-mark=pk_S_up_pak passthrough=no


QUEUE:

Flags: X - disabled, I - invalid

name="pk_1_down" parent=Download packet-mark=pk1_d_pak limit-at=0
queue=pk_1_down priority=7 max-limit=0 burst-limit=0 burst-threshold=0
burst-time=0s

name="pk_1_up" parent=Upload packet-mark=pk1_up_pak limit-at=0
queue=pk_1_up priority=7 max-limit=0 burst-limit=0 burst-threshold=0
burst-time=0s

name="pk_2_down" parent=Download packet-mark=pk2_d_pak limit-at=0
queue=pk_2_down priority=7 max-limit=0 burst-limit=0 burst-threshold=0
burst-time=0s

name="pk_2_up" parent=Upload packet-mark=pk2_up_pak limit-at=0
queue=pk_2_up priority=7 max-limit=0 burst-limit=0 burst-threshold=0
burst-time=0s

name="pk_S_down" parent=Download packet-mark=pk_S_d_pak limit-at=0
queue=pk_S_down priority=8 max-limit=0 burst-limit=0 burst-threshold=0
burst-time=0s

name="pk_S_up" parent=Upload packet-mark=pk_S_up_pak limit-at=0
queue=pk_S_up priority=8 max-limit=0 burst-limit=0 burst-threshold=0
burst-time=0s

name="Download" parent=LAN packet-mark="" limit-at=0 queue=default
priority=8 max-limit=15000000 burst-limit=0 burst-threshold=0
burst-time=0s

name="Upload" parent=WAN packet-mark="" limit-at=0 queue=default
priority=8 max-limit=30000000 burst-limit=0 burst-threshold=0
burst-time=0s


Can anybody point me at what I am doing wrong ?

Flags: X - disabled, I - invalid, D - dynamic
0 chain=prerouting src-address-list=pk1 action=mark-connection
new-connection-mark=pk1_d_con passthrough=no

I am interested in this also, can anybody tell if this is the right way to do it ?

Smops,

there's a problem with your mangle rules. All your mangle rules with action=mark-connection should have passthrough=yes

--Tom

Smops,

there's a problem with your mangle rules. All your mangle rules with action=mark-connection should have passthrough=yes

--Tom

I changed that, but I do not see any difference. Mu upload is still not shaping. Can anybody confirm that I am doing this the right way?

here is my example that works

I mark packet for dst and src address, src-address is im my case /32 IP but you can put address list instead off /32 IP

then queue ignore burst tuning . ..

Could you explain futher what these rules are doing. I have been trying to do something simular but dont follow 100%.

Thanks,

are you sure its working ? what about the ( X ) ??

Heh, X'es . . .

these rules are disabled, I was testing something.

Well these rules are marking packets from internet to IP address

then simple queue uses that packet mark to throttle bqndwith . .

thats all.

But I still have trouble to shape p2p , so Im using Squid Proxy without these rules for now.

Hello Smops, I'm trying to do something similar, I still have some troubles but...
1) be sure all the passtrough are set in the correct way: according to my knowledge and tests, you have to set it to yes when you want to continue in the mangle matches search: for example, after a connection mark, you want to continue to put the packet mark for the marked connection, so passthrough=yes. After you put the correct mark for a given ingress packet, you do not have to continue
2) be sure you are managing dst-address-list and src-address-list in the correct way: if they are lists of clients IP addresses (as I think), for download you should use dst-address-list, otherwise (upload), you should use src-address-list.

Hope this can help you in some way.
--gio

do you have web-proxy on the ROS?

for queue tree, if you use proxy, for uplink you have to use parent global-in