MikroTik

Okay,

I have had my queues working ok, using the Tree's but I would like to move to Simple queues as they allow me to set an overall max speed (rx and tx) for each queue. My setup before was:

OutBound Internet Traffic - CIR 1024, MIR 2048
-- Customer Queue limited to say CIR 131 MIR 256

Inbound Internet Traffic - CIR 1024, MIR 2048
-- Customer Queue limited to say CIR 131 MIR 256

Local Traffic - CIR 5Mbps, MIR 10Mbps
-- Customer Queue limited to say CIR 1Mbps MIR 10Mbps

This was working fine but I need to limit each customer to 256K total and I cant seem to do that with trees. If anyone thinks I can I'd love to know.

So I've just setup simple queues instead with one queue per customer

X.X.X.X CIR 131072/131072 MIR 256/256 Total CIR 131072 Total MIR 256

And have left Tree Queues for the local traffic.

Now my problem is how can I set an overall limit on my External Interface, before with trees the top of the tree limited the overall bandwidth and caused the kick in for CIR's .. So any ideas? I basically need to limit all the simple queues I create as a group to allow a CIR/MIR of 2048. or directly limit the speed of the External Interface (which is an ethernet card)

Thanks,

Bill

What is the problem with limiting a single user to a given speed?
1) add mangle rule to mark traffic for the particular client
2) create a queue tree rule with the apropriate parent id and flow property equal to the value of mark-flow property of the mangle rule.

Hmm I tried that, but it didnt mark the traffic flow in both directions....

I initally tried controlling the flow with one mangle and one tree rule, but it was only effective on traffic in one direction.

I ended up using the following settings for the tree queues:

add dst-address=202.124.100.2/32 action=passthrough \
mark-flow=202.124.100.2_In comment="" disabled=no
add src-address=202.124.100.2/32 action=passthrough \
mark-flow=202.124.100.2_Out comment="" disabled=no

add name="202.124.100.2_Out" parent="Out Queue" flow=202.124.100.2_Out \
limit-at=131072 queue=default priority=8 max-limit=262144 burst-limit=0 \
burst-threshold=0 burst-time=0 disabled=no
add name="202.124.100.2_In" parent="In Queue" flow=202.124.100.2_In \
limit-at=131072 queue=default priority=8 max-limit=262144 burst-limit=0 \
burst-threshold=0 burst-time=0 disabled=no


I basically had a set of these for each customer. Problem is they can in theory when download and uploading use 512K when they should only be able to use 256.

If I have missed something I'll be glad to be proved wrong ;)

Thanks,

Bill

Maybe this helps:

1. to limit 256kbps for each client with queue trees, use PCQ (per connection queues).

2. for marking packets, if you are using masquerading you have to mark the connection which is going from your local network, for example, mark HTTP traffic:

/ip firewall mangle add protocol=tcp dst-port=80 src-address=192.168.0.0/24 mark-connection=http-connection
/ip firewall mangle add connection=http-connection mark-flow=HTTP

now you can use this mark in queue trees for both directions and it will work (if i haven't missed something)

Cool thanks, I'll give that a go tonight...

Still seem to get the same result, to control traffic in both directions I need to have two rules.

The mangle rule appears to be working all right as all traffic runs through it ( interface=all) when I use this in the Tree queues I set the parent to Bridge1 which is my bridge between the lan and wan. When I do this it only logs traffic in one direction. I've tried every interface but its still not right.

Do I need to create two tree queues? one for global-in, one for global-out then have two queues for each customer? If not then I'm stuck again :(

Thx

Bill

yes, you have to add 2 rules, but you can use the same flow for them:
(download)
/queue tree add parent=Local flow=HTTP ...
(upload)
/queue tree add parent=Public flow=HTTP ...

Hmm, okay but with that scenario you can't limit Overall bandwidth ie if the queues are setup with the following:

Upload CIR - 128 MIR - 256

Download CIR - 128 MIR - 256

That makes their max total bandwidth at CIR 256 MIR 256

Sound right ?

oops sorry 512 MIR... which needs to be 256...

Since posting this I have switched back to tree queues as I cant do other things I need to do with simple rules.

I think I'm going to have to put another Mikrotik box in to solve this problem.

wow after implement what dave says....
my router box works great....

I use combined queue tree and simple queues
to control bandwidth...
e.g. 256kbps using queue simple for pipe bandwitdh
and 128kbps using mangle/queue tree for international traffic :D

an interesting setup:)

You could also use hierarchical approach in /queue tree.

Ok, I've migrated all queues from simple to tree :D

and hell yeah it take a long time for me to find out the hierarchi queue tree :D
cos mangle-ing is so complicated, I'm working full nat system :(