4

I'm using a Mikrtotik RB201UiAS to manage my network. To avoid creating simple queues for every IP i have created queues for ranges of IPs.

Screenshot of simple queues

  • Target: 172.16.2.0/25
  • Dst: ether1
  • Target Upload: 5M
  • Target Download: 5M

The question is: Using this configuration

  • each IP (From 1 to 127) will have a limit of 5M Tx/Rx

or

  • all IPs (From 1 to 127) will have a limit of 5M Tx/Rx

Current configuration:

# oct/21/2015 15:25:55 by RouterOS 6.23
# software id = U3SW-9LU3
#
/queue simple
    add dst=ether1 max-limit=5M/10M name=Klasat target=172.16.2.0/25
    add dst=ether1 max-limit=5M/10M name=Administrata target=172.16.2.128/26
    add dst=ether1 max-limit=1M/1M name=DVR target=172.16.2.192/27
    add dst=ether1 name=Sallat target=172.16.2.224/28 add dst=ether1 name=Unlimited target=172.16.2.240/28
halfpastfour.am
  • 109
  • 1
  • 6
Denis Omeri
  • 163
  • 1
  • 1
  • 6
  • Please post your configuration. `/queue export` – Cha0s Oct 21 '15 at 14:17
  • `# oct/21/2015 15:25:55 by RouterOS 6.23` `# software id = U3SW-9LU3` `#` `/queue simple` `add dst=ether1 max-limit=5M/10M name=Klasat target=172.16.2.0/25` `add dst=ether1 max-limit=5M/10M name=Administrata` `target=172.16.2.128/26` `add dst=ether1 max-limit=1M/1M name=DVR target=172.16.2.192/27` `add dst=ether1 name=Sallat target=172.16.2.224/28` `add dst=ether1 name=Unlimited target=172.16.2.240/28` – Denis Omeri Oct 21 '15 at 14:28
  • It seems that you probably use the `default-small` Queue Type which means that the limit is applied to all IPs. You need to use PCQ type to apply the limits on per-IP basis. Check my answer for more details. – Cha0s Oct 21 '15 at 14:31
  • Make sure you disable the fasttrack firewall entry, this got me, It comes set default on new routers. – Jaimie Jul 26 '16 at 19:33

2 Answers2

4

Unless you are using PCQ queue type, then the limits are applied to all IPs in the defined range.

With PCQ (Per Connection Queue) you can apply the desired limits on each IP based on the criteria you define on the PCQ (dst/src address, dst/src port, or any combination of those).

From MikroTik official documentation:

PCQ was introduced to optimize massive QoS systems, where most of the queues are exactly the same for different sub-streams. For example a sub-stream can be download or upload for one particular client (IP) or connection to server.

PCQ algorithm is very simple - at first it uses selected classifiers to distinguish one sub-stream from another, then applies individual FIFO queue size and limitation on every sub-stream, then groups all sub-streams together and applies global queue size and limitation.

PCQ parameters:

pcq-classifier (dst-address | dst-port | src-address | src-port; default: "")  : selection of sub-stream identifiers
pcq-rate (number) : maximal available data rate of each sub-steam
pcq-limit (number) : queue size of single sub-stream (in KB)
pcq-total-limit (number) : maximum amount of queued data in all sub-streams (in KB)

So instead of having 100 queues with 1000kbps limitation for download we can have one PCQ queue with 100 sub-streams

There is also an example available at MikroTik Wiki

Wiki excerpt:

There are two ways how to make this: using mangle and queue trees, or, using simple queues.

  1. Mark all packets with packet-marks upload/download: (lets constider that ether1-LAN is public interface to the Internet and ether2-LAN is local interface where clients are connected

    /ip firewall mangle add chain=prerouting action=mark-packet in-interface=ether1-LAN new-packet-mark=client_upload
/ip firewall mangle add chain=prerouting action=mark-packet in-interface=ether2-WAN new-packet-mark=client_download

  2. Setup two PCQ queue types - one for download and one for upload. dst-address is classifier for user's download traffic, src-address for upload traffic:

    /queue type add name="PCQ_download" kind=pcq pcq-rate=64000 pcq-classifier=dst-address  
/queue type add name="PCQ_upload" kind=pcq pcq-rate=32000 pcq-classifier=src-address

  3. Finally, two queue rules are required, one for download and one for upload:

    /queue tree add parent=global-in queue=PCQ_download packet-mark=client_download
/queue tree add parent=global-out queue=PCQ_upload packet-mark=client_upload

If you don't like using mangle and queue trees, you can skip step 1, do step 2, and step 3 would be to create one simple queue as shown here:

/queue simple add target-addresses=192.168.0.0/24 queue=PCQ_upload/PCQ_download
Cha0s
  • 2,432
  • 2
  • 15
  • 26
  • Thanks for the answer Cha0s :) I am not using firewall mangle so I just changed the simple queues from `add dst=ether1 max-limit=5M/10M name=Klasat target=172.16.2.0/25` to `add dst=ether1 max-limit=5M/10M name=Klasat queue=pcq-upload-default/pcq-download-default target=172.16.2.0/25`. I can not test it now since everyone has gone from the company, will test it tomorrow morning. – Denis Omeri Oct 21 '15 at 15:44
  • I get `input does not match any value of parent` when I attempt to execute step 3. Replacing `global-in` and `global-out` with `global` seems to fix it, however, I cannot get any limiting to work with the full version (using mangling) OR the simple queue option (as noted on Denis' answer). Using speedtest I still get 30Mbit/sec even though I am limiting to 2M. I am using RouterOS 6.32.4. – Tobias McNulty Jul 06 '16 at 03:45
  • My issue was that I had a `fasttrack` firewall filter rule that came installed by default on my router. After disabling that, these rules work fine. – Tobias McNulty Jul 06 '16 at 13:37
0

Thanks to Cha0s's answer I managed to create the fair limiting without creating hundreds of simple queues.

A note for other viewers trying to do the same thing.

Be careful after adding Queue Types to configure the Download/Upload Limit at Queue Type Rate and remove ( make unlimited ) the Target Upload & Target Download from Simple Queue

My Example:

 /queue type
      add kind=pcq name=pcq-download-Klasat pcq-classifier=dst-address pcq-rate=2M
      add kind=pcq name=pcq-upload-Klasat pcq-classifier=src-address pcq-rate=2M

 /queue simple
      add dst=ether1 name=Klasat queue=pcq-upload-Klasat/pcq-download-Klasat 
      target=172.16.2.0/25 total-queue=pcq-download-Klasat
Dave M
  • 4,494
  • 21
  • 30
  • 30
Denis Omeri
  • 163
  • 1
  • 1
  • 6
  • This doesn't limit traffic for me at all; what could I be doing wrong? Do you have anything else set up? Also I am not sure this qualifies as a separate answer currently. – Tobias McNulty Jul 06 '16 at 03:35
  • 1
    My issue was that I had a `fasttrack` firewall filter rule that came installed by default on my router. After disabling that, these rules work fine. – Tobias McNulty Jul 06 '16 at 13:36