Wow this is great.
Gotta love Mikrotik!
On 10/03/2017 07:58 AM, David Hulsebus via Mikrotik-users wrote:
Ethan,
Here's something we are testing. So far so good. It does limit each http
and https connection to 4M and doesn't hit the processor as hard as
simple queues . It provides priority to dns traffic. This is by no means
complete it is a test in progress.
/queue tree
add max-limit=100M name="all bandwidth" parent=global priority=1
add max-limit=50M name=Download packet-mark=client-dw-packet parent="all
bandwidth" priority=2
add name=queue1 parent=global
add max-limit=10M name=http-dw packet-mark=http-dw-pk parent=Download
priority=3
add max-limit=10M name=dns-dw-pk packet-mark=dns-dw-pk parent=Download
priority=1
add max-limit=5M name=other-dw packet-mark=client-dw-packet
parent=Download priority=6
add max-limit=2M name=Upload packet-mark=client-up-pk parent="all
bandwidth" priority=1
add max-limit=2M name=dns-up-pk packet-mark=dns-up-pk parent=Upload
priority=1
add max-limit=2M name=http-up packet-mark=http-up parent=Upload priority=2
add max-limit=1M name=other-up packet-mark=client-up-pk parent=Upload
priority=6
add max-limit=2M name=http-udp-pk packet-mark=http-dw-pk-udp
parent=Download priority=3
add name=TOTAL_DOWNLOAD parent=ether4 priority=1
/queue type
add kind=pcq name=pcq_down_4M pcq-classifier=dst-address
pcq-dst-address6-mask=64 pcq-rate=4M pcq-src-address6-mask=64
add kind=pcq name=pcq_up_1M pcq-classifier=src-address
pcq-dst-address6-mask=64 pcq-rate=1M pcq-src-address6-mask=64
/queue tree
add name=4M_CLIENT_DOWNLOAD packet-mark=4M_PACKET parent=TOTAL_DOWNLOAD
queue=pcq_down_4M
/ip firewall address-list
add address=172.16.2.254 list=4M
add address=172.16.2.252 list=4M
add address=172.16.2.251 list=4M
/ip firewall mangle
add action=mark-connection chain=forward comment=TESTING
new-connection-mark=4M_CONNECTION passthrough=yes src-address-list=\
4M
add action=mark-packet chain=forward comment=TESTING
connection-mark=4M_CONNECTION new-packet-mark=4M_PACKET passthrough=yes
add action=mark-connection chain=forward comment=client-dw-conn
disabled=yes in-interface=bridge1 new-connection-mark=\
client-dw-conn passthrough=yes
add action=mark-packet chain=forward comment=client-dw-packet
connection-mark=client-dw-conn disabled=yes new-packet-mark=\
client-dw-packet passthrough=yes
add action=mark-connection chain=prerouting comment=client-up-conn
disabled=yes in-interface=bridge1 new-connection-mark=\
client-up-conn passthrough=yes
add action=mark-packet chain=prerouting comment=client-up-pk
connection-mark=client-up-conn disabled=yes new-packet-mark=\
client-up-pk passthrough=yes
add action=mark-packet chain=forward comment=http-dw-pk disabled=yes
log=yes log-prefix=HTTP_DOWNLOAD_MARK_PACKET \
new-packet-mark=http-dw-pk packet-mark=client-dw-packet
passthrough=no port=80,443 protocol=tcp
add action=mark-packet chain=forward comment="UDP http-dw-pk"
disabled=yes log=yes log-prefix=HTTP_DOWNLOAD_MARK_PACKET \
new-packet-mark=http-dw-pk-udp packet-mark=client-dw-packet
passthrough=no port=80,443 protocol=udp
add action=mark-packet chain=forward comment=http-up-pk disabled=yes
new-packet-mark=http-up-pk packet-mark=client-up-pk \
passthrough=no port=80,443 protocol=tcp
add action=mark-packet chain=forward comment=dns-dw-pk disabled=yes
log=yes log-prefix=DNS_MARK_PACKET new-packet-mark=\
dns-dw-pk packet-mark=client-dw-packet passthrough=no port=53
protocol=udp
add action=mark-packet chain=forward comment=dns-up-pk disabled=yes
new-packet-mark=dns-up-pk packet-mark=client-up-pk \
passthrough=no port=53 protocol=udp
add action=mark-connection chain=prerouting connection-mark=no-mark
disabled=yes dst-port=53 new-connection-mark=\
youtube_conn passthrough=yes protocol=udp
add action=mark-packet chain=prerouting comment=http_conn
connection-mark=http_conn disabled=yes dst-port=80,443 \
new-packet-mark=http_packet passthrough=no protocol=tcp
On 10/2/2017 12:16 PM, David Hulsebus via Mikrotik-users wrote:
What version of the OS are you running? We are testing on V6.40.1 right
now. We are using qtree's to mark and assign a priority to different
traffic types and then setting up pcq's to limit individual IP's. Not
entirely sure it will be as scaleable as we want yet. Be happy to post
what we've done when I get back in today.
Dave Hulsebus
On 10/2/2017 11:46 AM, Ethan E. Dee via Mikrotik-users wrote:
Does anyone here know how I could speed limit individual ip's within a
subnet as opposed to the subnet or interface as a whole?
Say I wanted everyone in 10.1.0.0/24 to only be allowed 10mb/10mb
individually.
Can I do that in RouterOS?
--
This message has been scanned by E.F.A. Project and is believed to be clean.
_______________________________________________
Mikrotik-users mailing list
[email protected]
http://lists.wispa.org/mailman/listinfo/mikrotik-users
--
Ethan Dee
Network Admin
Globalvision
864 704 3600
[email protected]
For Support:
[email protected]
864 467 1333
For Sales:
[email protected]
864 467 1333
_______________________________________________
Mikrotik-users mailing list
[email protected]
http://lists.wispa.org/mailman/listinfo/mikrotik-users
