Ethan, Here's something we are testing. So far so good. It does limit each http and https connection to 4M and doesn't hit the processor as hard as simple queues . It provides priority to dns traffic. This is by no means complete it is a test in progress.
/queue tree add max-limit=100M name="all bandwidth" parent=global priority=1 add max-limit=50M name=Download packet-mark=client-dw-packet parent="all bandwidth" priority=2 add name=queue1 parent=global add max-limit=10M name=http-dw packet-mark=http-dw-pk parent=Download priority=3 add max-limit=10M name=dns-dw-pk packet-mark=dns-dw-pk parent=Download priority=1 add max-limit=5M name=other-dw packet-mark=client-dw-packet parent=Download priority=6 add max-limit=2M name=Upload packet-mark=client-up-pk parent="all bandwidth" priority=1 add max-limit=2M name=dns-up-pk packet-mark=dns-up-pk parent=Upload priority=1 add max-limit=2M name=http-up packet-mark=http-up parent=Upload priority=2 add max-limit=1M name=other-up packet-mark=client-up-pk parent=Upload priority=6 add max-limit=2M name=http-udp-pk packet-mark=http-dw-pk-udp parent=Download priority=3 add name=TOTAL_DOWNLOAD parent=ether4 priority=1 /queue type add kind=pcq name=pcq_down_4M pcq-classifier=dst-address pcq-dst-address6-mask=64 pcq-rate=4M pcq-src-address6-mask=64 add kind=pcq name=pcq_up_1M pcq-classifier=src-address pcq-dst-address6-mask=64 pcq-rate=1M pcq-src-address6-mask=64 /queue tree add name=4M_CLIENT_DOWNLOAD packet-mark=4M_PACKET parent=TOTAL_DOWNLOAD queue=pcq_down_4M /ip firewall address-list add address=172.16.2.254 list=4M add address=172.16.2.252 list=4M add address=172.16.2.251 list=4M /ip firewall mangle add action=mark-connection chain=forward comment=TESTING new-connection-mark=4M_CONNECTION passthrough=yes src-address-list=\ 4M add action=mark-packet chain=forward comment=TESTING connection-mark=4M_CONNECTION new-packet-mark=4M_PACKET passthrough=yes add action=mark-connection chain=forward comment=client-dw-conn disabled=yes in-interface=bridge1 new-connection-mark=\ client-dw-conn passthrough=yes add action=mark-packet chain=forward comment=client-dw-packet connection-mark=client-dw-conn disabled=yes new-packet-mark=\ client-dw-packet passthrough=yes add action=mark-connection chain=prerouting comment=client-up-conn disabled=yes in-interface=bridge1 new-connection-mark=\ client-up-conn passthrough=yes add action=mark-packet chain=prerouting comment=client-up-pk connection-mark=client-up-conn disabled=yes new-packet-mark=\ client-up-pk passthrough=yes add action=mark-packet chain=forward comment=http-dw-pk disabled=yes log=yes log-prefix=HTTP_DOWNLOAD_MARK_PACKET \ new-packet-mark=http-dw-pk packet-mark=client-dw-packet passthrough=no port=80,443 protocol=tcp add action=mark-packet chain=forward comment="UDP http-dw-pk" disabled=yes log=yes log-prefix=HTTP_DOWNLOAD_MARK_PACKET \ new-packet-mark=http-dw-pk-udp packet-mark=client-dw-packet passthrough=no port=80,443 protocol=udp add action=mark-packet chain=forward comment=http-up-pk disabled=yes new-packet-mark=http-up-pk packet-mark=client-up-pk \ passthrough=no port=80,443 protocol=tcp add action=mark-packet chain=forward comment=dns-dw-pk disabled=yes log=yes log-prefix=DNS_MARK_PACKET new-packet-mark=\ dns-dw-pk packet-mark=client-dw-packet passthrough=no port=53 protocol=udp add action=mark-packet chain=forward comment=dns-up-pk disabled=yes new-packet-mark=dns-up-pk packet-mark=client-up-pk \ passthrough=no port=53 protocol=udp add action=mark-connection chain=prerouting connection-mark=no-mark disabled=yes dst-port=53 new-connection-mark=\ youtube_conn passthrough=yes protocol=udp add action=mark-packet chain=prerouting comment=http_conn connection-mark=http_conn disabled=yes dst-port=80,443 \ new-packet-mark=http_packet passthrough=no protocol=tcp On 10/2/2017 12:16 PM, David Hulsebus via Mikrotik-users wrote: > What version of the OS are you running? We are testing on V6.40.1 right > now. We are using qtree's to mark and assign a priority to different > traffic types and then setting up pcq's to limit individual IP's. Not > entirely sure it will be as scaleable as we want yet. Be happy to post > what we've done when I get back in today. > > Dave Hulsebus > > > On 10/2/2017 11:46 AM, Ethan E. Dee via Mikrotik-users wrote: >> Does anyone here know how I could speed limit individual ip's within a >> subnet as opposed to the subnet or interface as a whole? >> >> Say I wanted everyone in 10.1.0.0/24 to only be allowed 10mb/10mb >> individually. >> >> Can I do that in RouterOS? >> >> >> >> -- >> This message has been scanned by E.F.A. Project and is believed to be clean. >> >> >> _______________________________________________ >> Mikrotik-users mailing list >> [email protected] >> http://lists.wispa.org/mailman/listinfo/mikrotik-users -- Portative Technologies 1995 Allison Lane, Suite 100 Corydon, IN 47112 --- This email has been checked for viruses by Avast antivirus software. https://www.avast.com/antivirus _______________________________________________ Mikrotik-users mailing list [email protected] http://lists.wispa.org/mailman/listinfo/mikrotik-users
