*** #### **Step 1: Disable FastTrack** FastTrack allows packets to bypass the firewall, mangle, and queue processing for established and related connections, which can improve performance. However, for queueing and mangle rules to work correctly, FastTrack needs to be disabled for the traffic you want to manage. ``` /ip firewall filter set [find comment="defconf: fasttrack"] disabled=yes ``` Or, you can find the rule in WinBox under `IP > Firewall > Filter Rules`, select it, and click the "Disable" button (which might look like an 'X' or have a tooltip indicating disable). #### **Step 2: Create Mangle Packet Marks** Mangle rules are used to mark specific packets so that they can be identified and processed by other router features, such as queues. In this configuration, we mark upload and download traffic. The following commands create the necessary packet marks:   - **To mark client upload traffic:** This rule marks packets originating from your local network (bridge interface) as `client-upload`. ``` /ip firewall mangle add action=mark-packet chain=prerouting comment=client-upload in-interface=bridge new-packet-mark=client-upload passthrough=yes ``` _Note: The provided configuration has `passthrough=yes` implied by default. It's good practice to explicitly state it if needed, though for simple marking like this, its default behavior is usually fine._ - **To mark client download traffic:** This rule marks packets coming from the internet (ether1 interface) as `client-download`. ``` /ip firewall mangle add action=mark-packet chain=prerouting comment=client-download in-interface=ether1 new-packet-mark=client-download passthrough=yes ``` _Make sure `ether1` is indeed your WAN interface on the new router. If not, replace `ether1` with the correct WAN interface name._ _Again, `passthrough=yes` is implied by default._ You can add these rules via the MikroTik terminal or in WinBox under `IP > Firewall > Mangle`. #### **Step 3: Create Queue Tree** The Queue Tree is used to implement more complex queueing scenarios using the packet marks created in the previous step. This configuration uses PCQ (Per Connection Queueing) to fairly distribute bandwidth among active users. The following commands create the queue tree structure:   - **Download Queue:** This rule creates a queue for download traffic, limiting it to ==90M== with a burst to ==140M==. It uses the `client-download` packet mark. ```bash /queue tree add burst-limit=140M burst-time=10s max-limit=90M name="Trafico Download" \ packet-mark=client-download parent=global priority=1 queue=pcq-download-default ``` - **Upload Queue:** This rule creates a queue for upload traffic, limiting it to ==19M== with a burst to ==25M==. It uses the `client-upload` packet mark. ``` /queue tree add burst-limit=25M burst-time=10s max-limit=19M name="Trafico Upload" \ packet-mark=client-upload parent=global priority=1 queue=pcq-upload-default ``` You can add these queue tree rules via the MikroTik terminal or in WinBox under `Queues > Queue Tree`. **Important Considerations:** - **Interface Names:** Double-check your interface names on the new router. The configuration uses `bridge` for the LAN interface and `ether1` for the WAN interface. If your new router has different names (e.g., `bridge-local` or `ether2-wan`), you must update the commands accordingly.   - **PCQ Defaults:** The queues use `pcq-download-default` and `pcq-upload-default`. These are default PCQ queue types. If you need to customize PCQ parameters (like classifier or rate), you would first define your own PCQ queue types under `/queue type` and then reference them in the queue tree. For this setup, the defaults are being used. - **Global Parent:** Both queues are attached to the `global` parent, which represents all traffic passing through the router. - **Order of Rules:** In `/ip firewall mangle` and `/ip firewall filter`, the order of rules can be important. Ensure these rules are placed appropriately, usually before any general "drop" or "accept" rules if there's a chance of traffic not being marked correctly. *** ### It is better the Mangle - Queue Tree system: 1. Disable the fasttrack to allow the Mangle to function ![[Pasted image 20240302153458.png]] 2. Set two mark packet ![[Pasted image 20240302153602.png]] ![[Pasted image 20240302154348.png]] ![[Pasted image 20240302154400.png]] ```pascal /ip firewall mangle add action=mark-packet chain=prerouting comment=client-upload in-interface=\ bridge new-packet-mark=client-upload passthrough=yes add action=mark-packet chain=prerouting comment=client-download in-interface=\ ether1 new-packet-mark=client-download passthrough=yes /queue tree add burst-limit=100M burst-time=10s max-limit=70M name="Trafico Download" \ packet-mark=client-download parent=global priority=1 queue=\ pcq-download-default add burst-limit=20M burst-time=10s max-limit=15M name="Trafico Upload" \ packet-mark=client-upload parent=global priority=1 queue=pcq-upload-default ``` https://wiki.mikrotik.com/wiki/Manual:Queues_-_PCQ_Examples # Manual:Queues - PCQ Examples [Jump to navigation](https://wiki.mikrotik.com/wiki/Manual:Queues_-_PCQ_Examples#mw-head)[Jump to search](https://wiki.mikrotik.com/wiki/Manual:Queues_-_PCQ_Examples#searchInput) Per Connection Queue (PCQ) is a queuing discipline that can be used to dynamically equalize or shape traffic for multiple users, using little administration. It is possible to divide PCQ scenarios into three major groups: equal bandwidth for a number of users, certain bandwidth equal distribution between users, unknown bandwidth equal distribution between users. ### Equal Bandwidth for a Number of Users Use PCQ type queue when you need to equalize the bandwidth [and set max limit] for a number of users. We will set the 64kbps download and 32kbps upload limits. [![PCQ.png](https://wiki.mikrotik.com/images/8/81/PCQ.png)](https://wiki.mikrotik.com/wiki/File:PCQ.png) There are two ways how to make this: using mangle and queue trees, or, using simple queues. 1. Mark all packets with packet-marks upload/download: (lets constider that ether1-WAN is public interface to the Internet and ether2-LAN is local interface where clients are connected /ip firewall mangle add chain=prerouting action=mark-packet \ in-interface=ether2-LAN new-packet-mark=client_upload /ip firewall mangle add chain=prerouting action=mark-packet \ in-interface=ether1-WAN new-packet-mark=client_download 2. Setup two PCQ queue types - one for download and one for upload. _dst-address_ is classifier for user's download traffic, _src-address_ for upload traffic: /queue type add name="PCQ_download" kind=pcq pcq-rate=64000 pcq-classifier=dst-address /queue type add name="PCQ_upload" kind=pcq pcq-rate=32000 pcq-classifier=src-address 3. Finally, two queue rules are required, one for download and one for upload: /queue tree add parent=global queue=PCQ_download packet-mark=client_download /queue tree add parent=global queue=PCQ_upload packet-mark=client_upload If you don't like using mangle and queue trees, you can skip step 1, do step 2, and step 3 would be to create one simple queue as shown here: /queue simple add target=192.168.0.0/24 queue=PCQ_upload/PCQ_download