Are you tired of long dynamic simple queue list for your PPP clients?
Would you like to replace all your dynamic simple queues only with several PCQ type queues?
Well - from RouterOS v3.10 it is possible by using dynamic ppp address-lists
Dynamic ppp address-lists can be enabled by:
new attribute in ppp profile - “address-list”.
new RADIUS attribute - “Mikrotik-Address-List” (vendor=Mikrotik, id=19)
(usable only by ppp, not hotspot or wireless)
Both specifies to witch “ip firewall address-list” ppp (pppoe, pptp, l2tp, async ppp) should
add remote (client) address. Then this address-list can be used for packet marking in
IP firewall mangle facility, and in the end marks can be sued for PCQ type queues.
Is it also possible to get networks that are specified
as Radius Framed-Route reply attributes dynamically
inserted into that same address list in addition to the
PPP peer host address?
That would make the feature useful for clients that get
Radius-assigned subnet routing of public address ranges
with no NAT at the client CPE.
Was also possible earlier, just without address-list feature. Just make an IP-Pool per bandwidth you like to have on your AC and map them to a PCQ queue.
You will be able to handle much more users on your AC, without getting higher latency!
That address-list feature was the main point missing. if you have several types of pppoe clients with different limitations - you need those dynamic address lists to create lists otherwise impossible because of dynamic nature of situation.
You will be able to handle much more users on your AC, without getting higher latency!
Is this accurate? Will the use of “Dynamic ppp address-lists” on a PPPoE access server improve performance of the server over the PPPoE servers default use of simple queues?
That address-list feature was the main point missing. if you have several types of pppoe clients with different limitations - you need those dynamic address lists to create lists otherwise impossible because of dynamic nature of situation.
No, works also without that feature great. Just define an ip pool per bandwidth you want to offer and map each user an ip from the corresponding pool. Than you just need a PCQ queue for each pool. Works great.
Not the use of “Dynamic ppp address-lists” will improve the performance, but so (or the way described above) you need only one PCB queue per bandwidth you want to have or sell to your customers, instead of hundreds of automaticly created simple queues.
Sure, that works, but it’s not what I was asking for.
When I asked about Radius Framed-Route attribute based routes above I was specifically talking about a scenario where a customer gets routed a public subnet via his PPP-assigned address as the gateway, i.e. a customer that does not only have one public address (and everything he does is NATed behind that address) but instead a client that in addition has one or more public subnets routed to him and does no NAT.
Such a client will transmit and receive IP traffic not only from his one PPP-assigned address but possibly also from any of the subnet address ranges that are routed to his CPE (and beyond). Thus these additional addresses (coming from Framed-Route Radius reply attributes on the ISP’s end) would also need to be included into the dynamic PPP address list to be caught by the PCQ queues…
Correct, and also your szenario works with the methode mentioned above, without the use of address-lists, only with giving a special bandwidth thru special pool addresses.
But for the szenario what you are looking for - routing a subnet thru a pppoe-tunnel - I prefer to do the bandwidth limitation for this kind of customers thru the tunnel. So here a simple queue works better for me as PCQ.
The Hotspot Address List feature is a great one for me - it has solved a problem I have been working on trying to have different “classes” of hotspot user routed down different bandwidth lines. This makes it super easy to do!
One more request though - can you make it possible to specify the address list in the batch add portion of User Manager?
I think this feature would be better if they could be assigned per secret or per pppoe user. And that a user could be assigned to more then one list.
Say I have a user that wants to have all p2p that Mikrotik can catch blocked on his connection and he has a dynamic IP assigned by PPPoE. I would like to assign him to the address list “nop2p2”. I could assign that to a small handful of PPPoE users that desire it without having to create an addition “nop2p” profile for all my service plans.
I mean, maybe… Let me extend my wishes here, I would love to see one MT ROS package based on v3.11 but its pppoe server is a implementation from 2.9.x. Is that even possible? i.e. A special router OS package v3.12.x with just the pppoe server from any ROS 2.9.x. Would be the finest solution to me.
I have strange problem with address-lists.
We have pptp сервер + radius + dynamic ppp address-list + mangle + pcq to limit bandwidth per ip.
For first hours all works fine, but after some time several ip from access lists stop hit mangle rules to mark packet. And user get unlimited bandwidth. When view address list all looks fine, if i remove dynamic entry and replace it with static all start to work. If i just add static entry for this ip without removing dynamic entry, traffic from this ip don’t hit mangle rules.
I have static address lists, and I have this problem too: sometimes entries in address list stop working and do not ‘participate’ in firewall matching. But if you select that (not disabled) entry in WinBox and press “Enable”, visually nothing changes, but address list entry is working again…
