The next RouterOS version will include a new exciting feature - matching connections by their speed. This will help you assign different rules for http downloads, in contrast to just surfing, find P2P downloads even if they mask themselves as HTTP, give priority to VOIP etc. See more here:

http://wiki.mikrotik.com/wiki/Connection_Rate

This setting is NOT YET AVAILABLE, it will become available with the next RouterOS release.

nice feature... maybe =)

btw, looks a bit strange... maybe you should allow 'connection-bytes' syntax for 'maximum' value? so that it be

Yes, this will be changed in the version after the next one

if it will work it gonna be ultimate wepon against rapidshare:)

if it won't work - it gonna be funny

question?


you say the next release it will be avalable

but next release is 3.29
and on the link you say it will be available from 3.30

so will there first be a beta or did you make a trying error
when can we expect the next release?

no, next release will be v.3.30

so what happend to 3.29



as i cant download is from the webpage?

or is mikrotik skipping a version again?

v3.29 was released only to add support for RB750. v3.30 is on the web now

cool thats why we like mikrotik

Sounds like a great new feature.
I normally receive an email for each new FW update.
Didn't see anything for 3.30?

like this:


500000-4294967295


add action=add-src-to-address-list address-list=high-udp-src address-list-timeout=50s chain=prerouting comment="" connection-rate=500000-4294967295 disabled=no in-interface=LAN protocol=udp

Better try 500k-1000M. will look much better

This sounds like a great feature, it will be good to try it and get my head around the logic

This exciting feature was in patch-o-matic-ng repo since 2004, what took you so long ?

where? RouterOS is built by MikroTik from ground up, we use the vanilla kernel and that's almost it.

so far everything from toturial works fine:) hehe beware rapidshare:)

can this be specifide to only port 80?

hehe i will check it in a sec:)

edit:

true it can work like it:)

im dont get what this does can somebody maybe explan this to me?

its so easy my friend for example someone is downloading large file from web (~100MB) and u dont want that he will use all the bandwith you have so if you set up this config from toturial on wiki you get something like this:
when he start download first 500KB goes with speed of non havy-conn but when this particular conn gets more then 500kb it is change to havy-conn so his speed will drop down. but when he open web page he won't see the diffrence because this conn is lower then 500KB. Easy?


and there is also conn-rate(the topic). so when he even download large file but the source server have lower upload speed then the conn-rate parameter then this connection wont be change to havy-conn even if its 1GB

and also in QT when conn is mark as havy its get lower priority then non-havy

Am I right?
correct me if I'm wrong...

Example in that topic is quite simple, I'm thinking about 2 or 3 step limitation. First 500kB of conenction with one speed, then next 10MB with other speed, and then reset with even lower . Really need to think about best implementation.

At this point - this is ideal solution for port 80 traffic, finally we can ensure that this port is used by HTTP mainly

can someone maybe post an example of a port 80

maybe first 500k then 10mb then 50mb

that would help me alot

Take an example from wiki. add some rules with different connection-rate, connection-bytes values and mark that traffic with separate marks.

If you do not understand basic Wiki example, there is no point getting into more complicated one.

some question is bugying me today... is it possible to use this as full QoS without mangling per protocol?

becouse if we have put all downloaders in havy-conn after 0.5MB they just get low priority. as i see in my network the most traffic is exactly havy-conn so all people who open pages, play games etc. get high priority. the problem maby the first 0.5M when someone befor going into havy-conn use high priority... but its just a few seconds.

what do You think mikrotik community??

Wouldn't most games run on one connection (identified by "source IP, source port, destination port, destination IP" as most real time game protocols I'm aware of use UDP), which would probably exceed your example of 500KB over the duration of a longer game - and would therefore be pushed into a slow queue?

yes its true that games use one connection but which game use so much bandwith to get into havy-conn ?

you can download 2GB with speed lower than connection rate and you still be non havy.

the problem is how big/small parameters shall we use:)

this is not connection-bytes, connection-rate is speed of connection, so set limitations smart and game connection wont get into "heavy" side

Great job with this new feature Mikrotik.

But one thing to complain or may be I am not that fully clear
about how queues work.
Now, in the tree queue of your wiki example we have a download
queue attached to the local interface and a donwload heavy traffic
queue, the last one with parent the first. If I limit the heavy traffic
queue to say 1M and the download queue is limited to 2M, shouldn't
the heavy traffic queue borrow from the first one in case it is possible?

In my configuration is not working like this

Thank you, Toni

In queue tree parent queue ignores mark and priority. SO in this case both childs are borrowing from 1 parent, but download queue is borrowing first - based on priority option.

I've been monitoring this for a while,
and actually I don't see that the child is borrowing
from the parent queue.
I have configured almost exatly as the example with difference
that the heavy_download queue is limited at 512kbps, and parent
queue at 1Mbps, so if there is room for borrowing it should
but it is not actually happening.

Just monitor the statistics tab of the parent. As soon as child uses all "limit-at" parents will lend him traffic to give a chance to reach "max-limit"

I see, I have understood it differently, when the max-limit of the child
queue had reached its peak, and if there is bandwidth available at the
parent queue, then the child queue could borrow from the parent so
to exed it's own max-limit but to reach the max-limit of the parent.

For example
Parent queue: max-limit=1Mbps
child queue: limit-at=256kbps max-limit=512kbps

When child hits 512 kbps it would have borrowed from remaining
512kbps of the parent. You say this is wrong?

yes. queue cannot pass more than 'max-limit'. but before reaching 'limit-at' it will pass all packets

that was great feature like other things in Mikrotik BUT there is a problem with users downloading by download manager softwares like IDM which use more that 1 connection to download a file.
I think it should be a way that we can count that connections as 1 or maybe we should limit just 1 connection to the same destination which it is not good. I will think about it, it is 4AM
what is you ideas?

that was great feature like other things in Mikrotik BUT there is a problem with users downloading by download manager softwares like IDM which use more that 1 connection to download a file.
I think it should be a way that we can count that connections as 1 or maybe we should limit just 1 connection to the same destination which it is not good. I will think about it, it is 4AM
what is you ideas?

I use PCQ for that

it doesnt work my friend, did you check it yourslef?

Yes Antix, I checked that
Actually, like you, i had a suspicion it would not work per user,
and we had a discussion about that some days ago, check it:

http://forum.mikrotik.com/viewtopic.php ... &hilit=pcq

If you go and see the statistics of the queue, you will see how many
PCQ queues are being used, how many subqueues actually.

Hi, i'm using connection rate with queue tree and works perfectly, but my intention is use connection rate bypassing cache hit from webproxy on the same machine to other queue. I tryed it adding outgoing mangles, but connection rate limit the cache out.

can any help me with a connection rate for port 80 as i have tryed to slow down p2p

and add in a line just for banking sights but wiht time all p2p connects throught port 80 and kinlls my banking line


can anyone help me with this please just to add a que for heavy 80 and normal 80

heavy is p2p normal is websurfing

redirect port 80 to web-proxy. it should stop p2p

redirect port 80 to web-proxy. it should stop p2p

dpnt have web proxy have to many problems with it

Hi,

its really works? i try butt

my configuration,

/ip firewall filter
add action=accept chain=forward connection-rate=0-100k protocol=tcp
add action=accept chain=forward connection-rate=0-100k protocol=udp

/ip firewall mangle
add chain=forward action=mark-connection connection-mark=!heavy_traffic_conn \
new-connection-mark=all_conn
add chain=forward action=mark-connection connection-bytes=500000-0 \
connection-mark=all_conn connection-rate=200k-100M \
new-connection-mark=heavy_traffic_conn protocol=tcp
add chain=forward action=mark-connection connection-bytes=500000-0 \
connection-mark=all_conn connection-rate=200k-100M \
new-connection-mark=heavy_traffic_conn protocol=udp
add chain=forward action=mark-packet connection-mark=heavy_traffic_conn \
new-packet-mark=heavy_traffic passthrough=no
add chain=forward action=mark-packet connection-mark=all_conn \
new-packet-mark=other_traffic passthrough=no

/queue tree
add name=upload parent=public max-limit=6M
add name=other_upload parent=upload limit-at=4M max-limit=6M \
packet-mark=other_traffic priority=1
add name=heavy_upload parent=upload limit-at=2M max-limit=6M \
packet-mark=heavy_traffic priority=8
add name=download parent=local max-limit=6M
add name=other_download parent=download limit-at=4M max-limit=6M \
packet-mark=other_traffic priority=1
add name=heavy_download parent=download limit-at=2M max-limit=6M \
packet-mark=heavy_traffic priority=8

any idea?

hmmm
no news meens not a good news

no one have any idia my connection rate y not working?

what exactly does not work?..

what exactly does not work?..

thanks for reply
in my first post i past my configuration alredy
after using that configuration if i download on my clint end 2MB file or 40MB file all data going thurow other_traffic not thrurow heavy_traffic

that is

I guess it's the last rule of mangle:

add chain=forward action=mark-packet connection-mark=all_conn \
new-packet-mark=other_traffic passthrough=no

it should be:

add chain=forward action=mark-packet connection-mark=!heavy_traffic \
new-packet-mark=other_traffic passthrough=no

The next RouterOS version will include a new exciting feature - matching connections by their speed. This will help you assign different rules for http downloads, in contrast to just surfing, find P2P downloads even if they mask themselves as HTTP, give priority to VOIP etc. See more here:

http://wiki.mikrotik.com/wiki/Connection_Rate

This setting is NOT YET AVAILABLE, it will become available with the next RouterOS release.

i understand connection rate and connection byte good,

i have another question, if i limit connection byte on for example 50 MBytes when user uses software that manage download such as flashget, download manager,... you know these software open more than 7 connection to destination.

my question is when user have 7 connection for download to a destination every connection can work till 50 Mbytes or total of 7 connection that arrive to 50 Mbytes and after that router do the policy on that?

i hope could explain good my question for you

thanks

it's about single connection, so every of 7 connections will have 50 Mbytes (350 Mbytes in total)

it's about single connection, so every of 7 connections will have 50 Mbytes (350 Mbytes in total)

so, with some software user can take up number of its connection, when wants to download huge files take it to 30 connections.

so this policy cant monitor download!!!!

does it posiible that when mikrotik calculate the connection byte get totals of all connection from a source ip to a destination?

it's about single connection, so every of 7 connections will have 50 Mbytes (350 Mbytes in total)

i tested for example flashget.

when you use this software every 1 minute start a new connection to server with new port.

so mikrotik start counter for new connection from zero and my download speed didnt limited.

do you have another config to limit download with connection rate?

thanks

it's about single connection, so every of 7 connections will have 50 Mbytes (350 Mbytes in total)

i think if mikrotik can take a total from all connections from a source ip to a destination IP and use in connection byte, it is a good way for limit download, but when it calculate from connection one by one it is possible to bypass that.

thanks

your billing system should count total traffic, this feature is just to detect 'long' connections and apply QoS rules to them

i think if mikrotik can take a total from all connections from a source ip to a destination IP and use in connection byte, it is a good way for limit download

torrent protocol downloads from hundreds IPs - it won't limit anything

your billing system should count total traffic, this feature is just to detect 'long' connections and apply QoS rules to them

it put much load on billing.

but if i said ok, i count that by billing, how can billing say to router to change the QOS, only way is disconnect user and give him another ip that is on that QOS, do you have any other idea?

if you can configure mikrotik to count connection it is easier, because now mikrotik count them but only dont give a total from that.

thanks

i think if mikrotik can take a total from all connections from a source ip to a destination IP and use in connection byte, it is a good way for limit download

torrent protocol downloads from hundreds IPs - it won't limit anything

i didnt torrent, i download an .iso file by flashget from www.ubuntu.com

i didnt torrent, i download an .iso file by flashget from http://www.ubuntu.com

and if you will download your ubuntu via torrent, even grouping connection-bytes by src and dst addresses won't help you - that's what I'm saying

your billing system should count total traffic, this feature is just to detect 'long' connections and apply QoS rules to them

it put much load on billing.

but if i said ok, i count that by billing, how can billing say to router to change the QOS, only way is disconnect user and give him another ip that is on that QOS, do you have any other idea?

if you can configure mikrotik to count connection it is easier, because now mikrotik count them but only dont give a total from that.

thanks

do you have any idea for this post?

i didnt torrent, i download an .iso file by flashget from http://www.ubuntu.com

and if you will download your ubuntu via torrent, even grouping connection-bytes by src and dst addresses won't help you - that's what I'm saying

you didnt reply me another post, i sent you again

it put much load on billing.

"welcome to the real world, Neo"

how can billing say to router to change the QOS, only way is disconnect user and give him another ip that is on that QOS, do you have any other idea?

I know absolutely nothing about your billing system and its possibilities, so I can't answer that question
for example, we give users IPoE access, and our billing can configure router dynamically

maybe, try to look at bursting in queues - I don't know what you need, you're asking about means, not goals...

it put much load on billing.

"welcome to the real world, Neo"

how can billing say to router to change the QOS, only way is disconnect user and give him another ip that is on that QOS, do you have any other idea?

I know absolutely nothing about your billing system and its possibilities, so I can't answer that question
for example, we give users IPoE access, and our billing can configure router dynamically

maybe, try to look at bursting in queues - I don't know what you need, you're asking about means, not goals...

my billing is IBS. do you know that? i say another thing, when mikrotik start this option on the router wanted to help his customers and say i have much of options, but when this option has some problems and cant work compeletly and because of strong team that all pople know that mikrotik company has, i wanted from you to make this option work completed.

i want to know can i have this request? and customer care of mikrotik will make his support team to coverage all options on this good way.

may be some of your customers do that and saw it doesnt work completely but they didnt find what is the reason, i thinked about the reason and asked you about that.

please think mikrotik can calculated every connection throuput, so easily can calculate totals of that.

am i right?

also myself i have some customers that have no billing system, they connected to router directly, so what should i do for them?

please help me about that

thanks

please think mikrotik can calculated every connection throuput, so easily can calculate totals of that.

am i right?

unfortunately, you're not. router's connection tracking facility gives firewall the information about the connection currently being processed, but it will be very CPU-expensive to calculate totals for each src-dst-ip pair

also, you didn't answer anything about torrents: your 'improvement' won't change anything about them. for torrents, you will need grouping not by src-dst pairs, but just by src-ip. that's what firewall rules or simple queues can do =) like http://wiki.mikrotik.com/wiki/Automated ... sermanager

please think mikrotik can calculated every connection throuput, so easily can calculate totals of that.

am i right?

unfortunately, you're not. router's connection tracking facility gives firewall the information about the connection currently being processed, but it will be very CPU-expensive to calculate totals for each src-dst-ip pair

also, you didn't answer anything about torrents: your 'improvement' won't change anything about them. for torrents, you will need grouping not by src-dst pairs, but just by src-ip. that's what firewall rules or simple queues can do =) like http://wiki.mikrotik.com/wiki/Automated ... sermanager

so, does it posiible to design this option for router and make 2 option , one of them calculate total of connection and of them is such as now per connection. i use connection byte in total traffic mode and if my cpu load go higher i have 2 way :

1- upgrade my hardware or add another router
2- change my status to per connection mode till i upgrade my router or add another router

i should explain my problem is download files not p2p files such as torrent, because of i limited them at layer 7:

add comment="" name=bittorrent regexp="^(\13bittorrent protocol|azver\01\$|get\
/scrape\\\?info_hash=)|d1:ad2:id20:|\08'7P\\)[RP]"

so can you please make this option ( total traffic ) on connection byte?

thanks alot

please think mikrotik can calculated every connection throuput, so easily can calculate totals of that.

am i right?

unfortunately, you're not. router's connection tracking facility gives firewall the information about the connection currently being processed, but it will be very CPU-expensive to calculate totals for each src-dst-ip pair

also, you didn't answer anything about torrents: your 'improvement' won't change anything about them. for torrents, you will need grouping not by src-dst pairs, but just by src-ip. that's what firewall rules or simple queues can do =) like http://wiki.mikrotik.com/wiki/Automated ... sermanager

hi chupaka

did you see my last post, i really need to your help.

i am waiting for you

thanks

please think mikrotik can calculated every connection throuput, so easily can calculate totals of that.

am i right?

unfortunately, you're not. router's connection tracking facility gives firewall the information about the connection currently being processed, but it will be very CPU-expensive to calculate totals for each src-dst-ip pair

also, you didn't answer anything about torrents: your 'improvement' won't change anything about them. for torrents, you will need grouping not by src-dst pairs, but just by src-ip. that's what firewall rules or simple queues can do =) like http://wiki.mikrotik.com/wiki/Automated ... sermanager

hi

i saw your link,

i wanted to chek the traffic of any src ip every minute and if higher than the things that i set take him to quee.

does it possible with script? and if it is possible can you please help me about configuration

also i found ip accounting in mikrotik. can it help me?

thanks

Hi. any news on that metter? I'd like to mark the whole traffic to a certain user (not the separate connections) is there a way to do that?