I've been trying to help another WISP with a new bandwidth limiter since
their ancient YDI box finally died.
The BCU did everything via mac-address so I've set up mangle rules for
src-mac-address to mark the connection and then mark all packets in each
connection so that they can have rate plans based by mac address. This
part is working great.
However they want to limit all unknown mac addresses to 64k/64k. I
thought the best way to do this would be to set up a mangle rule at the
beginning of the vlan chain to mark all packets as unknown. Then let
the src-mac mangle rules remark all known packets to their plans. Next
I would have a queue tree for each vlan interface with the unknown
packet mark and limit it to a PCQ queue.
The problem I'm running into is that all packets are being shaped by the
PCQ. If the PCQ rates are higher than the individual rates then the
individual rates apply, but if the PCQ rates are lower then they are
restricting things. Either I'm not following how the PCQ queue should
work or I've missed something simple. Here is the setup:
The MT is bridging several VLANs across 2 ethernet ports and all the
traffic is managed on a per vlan basis otherwise the mangle rules bring
the router to it's knees.
/ip firewall mangle add chain=forward in-interface=vlan2 action=jump
jump-target=vlan2
# Mangle rules for marking traffic
/ip firewall mangle add chain=vlan2 action=mark-packet
new-packet-mark=unknown_user passthrough=yes
/ip firewall mangle add chain=vlan2 src-mac-address=00:40:96:44:59:6F
action=mark-connection new-connection-mark=cid1 passthrough=yes
/ip firewall mangle add chain=vlan2 connection-mark=cid1
action=mark-packet new-packet-mark=cid1 passthrough=no
...
# PCQ Queue Types
/queue type add name=pcq-upload kind=pcq pcq-rate=64000 pcq-limit=50
pcq-classifier=dst-address pcq-total-limit=2000
/queue type add name=pcq-download kind=pcq pcq-rate=64000 pcq-limit=50
pcq-classifier=src-address pcq-total-limit=2000
# Default PCQ Queue for unknown MACs
/queue tree add name=vlan2-default-upload parent=vlan2-External
packet-mark=unknown_user queue=pcq-upload
/queue tree add name=vlan2-default-download parent=vlan2-Internal
packet-mark=unknown_user queue-pcq-download
# Queue for CID1
/queue tree add name=cid1-U parent=vlan2-External packet-mark=cid1
max-limit=128000
/queue tree add name=cid1-D parent=vlan2-Internal packet-mark=cid1
max-limit=512000
In the above scenario CID1 will be limited by the PCQ to 64k/64k, but if
I up the pcq-rate to be 1M/1M then CID1 will be limited at the correct
512k/128k. It acts like the PCQ is ignoring the packet-mark and
catching all packets.
Any advice would be greatly appreciated. I've tried moving the
unknown_user managle to the bottom of the mangle chain but that hasn't
helped either.
--
Sam Tetherow
Sandhills Wireless
--------------------------------------------------------------------------------
WISPA Wants You! Join today!
http://signup.wispa.org/
--------------------------------------------------------------------------------
WISPA Wireless List: [email protected]
Subscribe/Unsubscribe:
http://lists.wispa.org/mailman/listinfo/wireless
Archives: http://lists.wispa.org/pipermail/wireless/
