Hello,
I have a mikrotik with very limited Internet access of 10 symmetrical kbps, so I have to manage the available bandwidth very precisely. This equipment is used as a "probe" so all the traffic is generated by the mikrotik itself.
I need to make "heavy" TCP/UDP connections that consume 10 kbps, so every time a connection terminates, I remove it from the firewall/connection with a script trying to stop originated traffic and in this way I can free up the used bandwidth.
However, after the connection has been removed, the receive traffic continues to appear on the interface for approximately 20 more seconds, which causes my internet connection to remain saturated for those 20 seconds, preventing new connections from being established.
I have tried lowering the firewall connection tracking timeouts, but the behavior is the same.
I have identified this traffic in the firewall (once the connection has been eliminated) as "invalid" traffic, with which I can mark those packets and later in a firewall rule do drop.
That rule in the firewall registers packets that have been dropped, however in the interface (with torch) that incoming traffic continues to appear and Internet access continues to be saturated during those 20 seconds.
I have also tried creating a queue with a limit of 1k for packets marked as invalid, but the interface still shows input stream during those 20 seconds and no new connections can be established.
Is it normal behaviour? How could you identify and limit that packet flow so that internet access is clear again immediately after removing the connection?