Well, I feel like an idiot. The Internal and External interfaces were
labeled incorrectly (or the cables were plugged in the wrong way, take
your pick).
I now have it working as expected the setup below does work. Not sure
why it was exhibiting the behavior it was, but I didn't spend the time
investigating once I got it fixed.
Sam Tetherow
Sandhills Wireless
Sam Tetherow wrote:
> I've been trying to help another WISP with a new bandwidth limiter since
> their ancient YDI box finally died.
>
> The BCU did everything via mac-address so I've set up mangle rules for
> src-mac-address to mark the connection and then mark all packets in each
> connection so that they can have rate plans based by mac address. This
> part is working great.
>
> However they want to limit all unknown mac addresses to 64k/64k. I
> thought the best way to do this would be to set up a mangle rule at the
> beginning of the vlan chain to mark all packets as unknown. Then let
> the src-mac mangle rules remark all known packets to their plans. Next
> I would have a queue tree for each vlan interface with the unknown
> packet mark and limit it to a PCQ queue.
>
> The problem I'm running into is that all packets are being shaped by the
> PCQ. If the PCQ rates are higher than the individual rates then the
> individual rates apply, but if the PCQ rates are lower then they are
> restricting things. Either I'm not following how the PCQ queue should
> work or I've missed something simple. Here is the setup:
>
> The MT is bridging several VLANs across 2 ethernet ports and all the
> traffic is managed on a per vlan basis otherwise the mangle rules bring
> the router to it's knees.
>
> /ip firewall mangle add chain=forward in-interface=vlan2 action=jump
> jump-target=vlan2
>
> # Mangle rules for marking traffic
> /ip firewall mangle add chain=vlan2 action=mark-packet
> new-packet-mark=unknown_user passthrough=yes
> /ip firewall mangle add chain=vlan2 src-mac-address=00:40:96:44:59:6F
> action=mark-connection new-connection-mark=cid1 passthrough=yes
> /ip firewall mangle add chain=vlan2 connection-mark=cid1
> action=mark-packet new-packet-mark=cid1 passthrough=no
> ...
>
> # PCQ Queue Types
> /queue type add name=pcq-upload kind=pcq pcq-rate=64000 pcq-limit=50
> pcq-classifier=dst-address pcq-total-limit=2000
> /queue type add name=pcq-download kind=pcq pcq-rate=64000 pcq-limit=50
> pcq-classifier=src-address pcq-total-limit=2000
>
> # Default PCQ Queue for unknown MACs
> /queue tree add name=vlan2-default-upload parent=vlan2-External
> packet-mark=unknown_user queue=pcq-upload
> /queue tree add name=vlan2-default-download parent=vlan2-Internal
> packet-mark=unknown_user queue-pcq-download
>
> # Queue for CID1
> /queue tree add name=cid1-U parent=vlan2-External packet-mark=cid1
> max-limit=128000
> /queue tree add name=cid1-D parent=vlan2-Internal packet-mark=cid1
> max-limit=512000
>
> In the above scenario CID1 will be limited by the PCQ to 64k/64k, but if
> I up the pcq-rate to be 1M/1M then CID1 will be limited at the correct
> 512k/128k. It acts like the PCQ is ignoring the packet-mark and
> catching all packets.
>
> Any advice would be greatly appreciated. I've tried moving the
> unknown_user managle to the bottom of the mangle chain but that hasn't
> helped either.
>
>
--------------------------------------------------------------------------------
WISPA Wants You! Join today!
http://signup.wispa.org/
--------------------------------------------------------------------------------
WISPA Wireless List: [email protected]
Subscribe/Unsubscribe:
http://lists.wispa.org/mailman/listinfo/wireless
Archives: http://lists.wispa.org/pipermail/wireless/
