Miguel
/
Obsidean_VM
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Obsidean_VM/01-Documentation/Routers/Mikrotik - Network Redes/Bandwith control - Queues.md

7.3 KiB
Raw Blame History

Step 1: Disable FastTrack

FastTrack allows packets to bypass the firewall, mangle, and queue processing for established and related connections, which can improve performance. However, for queueing and mangle rules to work correctly, FastTrack needs to be disabled for the traffic you want to manage.

/ip firewall filter set [find comment="defconf: fasttrack"] disabled=yes

Or, you can find the rule in WinBox under IP > Firewall > Filter Rules, select it, and click the "Disable" button (which might look like an 'X' or have a tooltip indicating disable).

Step 2: Create Mangle Packet Marks

Mangle rules are used to mark specific packets so that they can be identified and processed by other router features, such as queues. In this configuration, we mark upload and download traffic.

The following commands create the necessary packet marks:  

  • To mark client upload traffic: This rule marks packets originating from your local network (bridge interface) as client-upload.

    /ip firewall mangle
add action=mark-packet chain=prerouting comment=client-upload in-interface=bridge new-packet-mark=client-upload passthrough=yes

    Note: The provided configuration has passthrough=yes implied by default. It's good practice to explicitly state it if needed, though for simple marking like this, its default behavior is usually fine.

  • To mark client download traffic: This rule marks packets coming from the internet (ether1 interface) as client-download.

    /ip firewall mangle
add action=mark-packet chain=prerouting comment=client-download in-interface=ether1 new-packet-mark=client-download passthrough=yes

    Make sure ether1 is indeed your WAN interface on the new router. If not, replace ether1 with the correct WAN interface name. Again, passthrough=yes is implied by default.

You can add these rules via the MikroTik terminal or in WinBox under IP > Firewall > Mangle.

Step 3: Create Queue Tree

The Queue Tree is used to implement more complex queueing scenarios using the packet marks created in the previous step. This configuration uses PCQ (Per Connection Queueing) to fairly distribute bandwidth among active users.

The following commands create the queue tree structure:  

  • Download Queue: This rule creates a queue for download traffic, limiting it to ==90M== with a burst to ==140M==. It uses the client-download packet mark.

     /queue tree
 add burst-limit=140M burst-time=10s max-limit=90M name="Trafico Download" \
     packet-mark=client-download parent=global priority=1 queue=pcq-download-default

  • Upload Queue: This rule creates a queue for upload traffic, limiting it to ==19M== with a burst to ==25M==. It uses the client-upload packet mark.

    /queue tree
add burst-limit=25M burst-time=10s max-limit=19M name="Trafico Upload" \
    packet-mark=client-upload parent=global priority=1 queue=pcq-upload-default

You can add these queue tree rules via the MikroTik terminal or in WinBox under Queues > Queue Tree.

Important Considerations:

  • Interface Names: Double-check your interface names on the new router. The configuration uses bridge for the LAN interface and ether1 for the WAN interface. If your new router has different names (e.g., bridge-local or ether2-wan), you must update the commands accordingly.  

  • PCQ Defaults: The queues use pcq-download-default and pcq-upload-default. These are default PCQ queue types. If you need to customize PCQ parameters (like classifier or rate), you would first define your own PCQ queue types under /queue type and then reference them in the queue tree. For this setup, the defaults are being used.

  • Global Parent: Both queues are attached to the global parent, which represents all traffic passing through the router.

  • Order of Rules: In /ip firewall mangle and /ip firewall filter, the order of rules can be important. Ensure these rules are placed appropriately, usually before any general "drop" or "accept" rules if there's a chance of traffic not being marked correctly.

It is better the Mangle - Queue Tree system:

  1. Disable the fasttrack to allow the Mangle to function

!Pasted image 20240302153458.png

  1. Set two mark packet

!Pasted image 20240302153602.png

!Pasted image 20240302154348.png

!Pasted image 20240302154400.png

/ip firewall mangle
add action=mark-packet chain=prerouting comment=client-upload in-interface=\
    bridge new-packet-mark=client-upload passthrough=yes
add action=mark-packet chain=prerouting comment=client-download in-interface=\
    ether1 new-packet-mark=client-download passthrough=yes

/queue tree
add burst-limit=100M burst-time=10s max-limit=70M name="Trafico Download" \
    packet-mark=client-download parent=global priority=1 queue=\
    pcq-download-default
add burst-limit=20M burst-time=10s max-limit=15M name="Trafico Upload" \
    packet-mark=client-upload parent=global priority=1 queue=pcq-upload-default

https://wiki.mikrotik.com/wiki/Manual:Queues_-_PCQ_Examples

Manual:Queues - PCQ Examples

Jump to navigationJump to search

Per Connection Queue (PCQ) is a queuing discipline that can be used to dynamically equalize or shape traffic for multiple users, using little administration. It is possible to divide PCQ scenarios into three major groups: equal bandwidth for a number of users, certain bandwidth equal distribution between users, unknown bandwidth equal distribution between users.

Equal Bandwidth for a Number of Users

Use PCQ type queue when you need to equalize the bandwidth [and set max limit] for a number of users. We will set the 64kbps download and 32kbps upload limits.

PCQ.png

There are two ways how to make this: using mangle and queue trees, or, using simple queues.

  1. Mark all packets with packet-marks upload/download: (lets constider that ether1-WAN is public interface to the Internet and ether2-LAN is local interface where clients are connected

/ip firewall mangle add chain=prerouting action=mark-packet
in-interface=ether2-LAN new-packet-mark=client_upload /ip firewall mangle add chain=prerouting action=mark-packet
in-interface=ether1-WAN new-packet-mark=client_download

  1. Setup two PCQ queue types - one for download and one for upload. dst-address is classifier for user's download traffic, src-address for upload traffic:

/queue type add name="PCQ_download" kind=pcq pcq-rate=64000 pcq-classifier=dst-address /queue type add name="PCQ_upload" kind=pcq pcq-rate=32000 pcq-classifier=src-address

  1. Finally, two queue rules are required, one for download and one for upload:

/queue tree add parent=global queue=PCQ_download packet-mark=client_download /queue tree add parent=global queue=PCQ_upload packet-mark=client_upload

If you don't like using mangle and queue trees, you can skip step 1, do step 2, and step 3 would be to create one simple queue as shown here:

/queue simple add target=192.168.0.0/24 queue=PCQ_upload/PCQ_download