Community discussions

MikroTik App
 
rmg_e
just joined
Topic Author
Posts: 6
Joined: Tue Jun 12, 2007 2:31 pm

How limit pps on the interface

Tue Jun 12, 2007 3:43 pm

Is it posible to limit pps (pakets per sekond) for interface or client ip address?
 
User avatar
gmsmstr
Trainer
Trainer
Posts: 982
Joined: Fri Jun 04, 2004 2:22 am
Location: St. Louis, MO
Contact:

Re: How limit pps on the interface

Wed Jun 13, 2007 12:52 am

The only thing I can think of off the top of my head is the limit setting in the simple queues. This should effectifly limit pps, however, i would be looking to limit by bandwidth vs PPS.

Need Mikrotik Support, contact
Dennis Burgess
St. Louis Network Engineering Services
http://www.mikrotikconsulting.com
dmburgess@mikrotikconsulting.com
Certified Mikrotik Engineer

Purchase hours on-line!
 
rmg_e
just joined
Topic Author
Posts: 6
Joined: Tue Jun 12, 2007 2:31 pm

Re: How limit pps on the interface

Wed Jun 13, 2007 9:40 am

But in simple queue is posible tu limit kbps but not pps. So if i want limit pps to 200 how can i do it ?
 
User avatar
warwick09
Member Candidate
Member Candidate
Posts: 190
Joined: Mon Aug 07, 2006 1:34 pm
Location: The Bahamas / Florida

Re: How limit pps on the interface

Mon Jun 18, 2007 4:39 pm

Directly speaking, there isnt a way to influence the amount of pps an interface can "push thru" but you can limit the bandwidth which will in turn influence the amount of pps. Experiment and ull find a suitable setting.

Regards.

Also the pps is very dependent on the type of data that is being handled. For example a typical voip conversation at only 64kbps will exhibit about 50-60 pps while a normal 2mbps/~+2000kbps download will exhibit about 200pps. This is because of the amount of traffic sent in one block. 64 bytes with voip vs the 1500 in a normal ethernet block/frame.
 
changeip
Forum Guru
Forum Guru
Posts: 3830
Joined: Fri May 28, 2004 5:22 pm

Re: How limit pps on the interface

Mon Jun 18, 2007 8:08 pm

limiting pps is necessary sometimes, especially on a wireless link where pps makes a difference. maybe you can use the limit/dst-limit/nth rules somehow. There isn't a direct filter for pps but you might be able to accomplish it with other methods.
 
rmg_e
just joined
Topic Author
Posts: 6
Joined: Tue Jun 12, 2007 2:31 pm

Re: How limit pps on the interface

Fri Jun 04, 2010 11:00 am

simple way to limit pps :
______________________________________________________________________________________________
:global kl44 "192.168.181.25/30"
# add klient ip

/ip firewall mangle add action=mark-packet chain=forward comment="" disabled=no new-packet-mark=$kl1 packet-size=0-40 passthrough=yes src-address=$kl1
# mark small pakets 0-40 bytes
/ip firewall filter add action=accept chain=forward comment="$kl1" disabled=no limit=30,5 packet-mark=$kl1
# accept only 30 small pakets from ip
/ip firewall filter add action=drop chain=forward comment="" disabled=no packet-mark=$kl1
# drop if more than 30pps
/ip firewall filter add action=accept chain=forward comment="" disabled=no dst-address=$kl1 limit=170,85
# accept 170 pps for download
/ip firewall filter add action=accept chain=forward comment="" disabled=no limit=70,35 src-address=$kl1
# accept 70 pps for upload
/ip firewall filter add action=drop chain=forward comment="" disabled=no src-address=$kl1
# drop ( limited upload PPS)
/ip firewall filter add action=drop chain=forward comment="" disabled=no dst-address=$kl1
# drop (limited download pps)
__________________________________________________________________________________________________


170 pps download speed is about 1.9 mbs with speedtest
70pps upload speed is about 0.5mbs with speedtest
:D
 
rmg_e
just joined
Topic Author
Posts: 6
Joined: Tue Jun 12, 2007 2:31 pm

Re: How limit pps on the interface

Fri Jun 04, 2010 11:04 am

if using bridge interface do:

/interface bridge settings
set use-ip-firewall=yes use-ip-firewall-for-vlan=yes
 
User avatar
NetworkPro
Forum Guru
Forum Guru
Posts: 1376
Joined: Mon Jan 05, 2009 6:23 pm
Location: bit.ly/the-qos
Contact:

Re: How limit pps on the interface

Fri Jun 04, 2010 12:00 pm

simple way to limit pps :
______________________________________________________________________________________________
:global kl44 "192.168.181.25/30"
# add klient ip

/ip firewall mangle add action=mark-packet chain=forward comment="" disabled=no new-packet-mark=$kl1 packet-size=0-40 passthrough=yes src-address=$kl1
# mark small pakets 0-40 bytes
/ip firewall filter add action=accept chain=forward comment="$kl1" disabled=no limit=30,5 packet-mark=$kl1
# accept only 30 small pakets from ip
/ip firewall filter add action=drop chain=forward comment="" disabled=no packet-mark=$kl1
# drop if more than 30pps
/ip firewall filter add action=accept chain=forward comment="" disabled=no dst-address=$kl1 limit=170,85
# accept 170 pps for download
/ip firewall filter add action=accept chain=forward comment="" disabled=no limit=70,35 src-address=$kl1
# accept 70 pps for upload
/ip firewall filter add action=drop chain=forward comment="" disabled=no src-address=$kl1
# drop ( limited upload PPS)
/ip firewall filter add action=drop chain=forward comment="" disabled=no dst-address=$kl1
# drop (limited download pps)
__________________________________________________________________________________________________


170 pps download speed is about 1.9 mbs with speedtest
70pps upload speed is about 0.5mbs with speedtest
:D
Oh no this is horrible bad practice I can't watch I will have nighmares. I am going to a monastery. This does it. The world is a bad place. :)

QUIT DROPPING RANDOM PACKETS wiill ya?! jeezas chrisler !! :)

A good script-like example though. And so if one knows which packets not to drop, one could try to exclude them from this work of the devil.
 
rmg_e
just joined
Topic Author
Posts: 6
Joined: Tue Jun 12, 2007 2:31 pm

Re: How limit pps on the interface

Wed Oct 20, 2010 8:25 am

If it is so bad , can somebody write better?
 
User avatar
NetworkPro
Forum Guru
Forum Guru
Posts: 1376
Joined: Mon Jan 05, 2009 6:23 pm
Location: bit.ly/the-qos
Contact:

Re: How limit pps on the interface

Wed Oct 20, 2010 5:30 pm

Why would you want to limit the pps on the interface? Why can't you upgrade the routers?

As it turns out, over-provisioning is cheaper than bandwidth limiting, shaping etc.

If you have to drop packets - make sure they are of lowest priority. For example do not drop gaming packets and do not drop the ones that have high priority in this example: http://wiki.mikrotik.com/wiki/NetworkPr ... oS_Example
 
rmg_e
just joined
Topic Author
Posts: 6
Joined: Tue Jun 12, 2007 2:31 pm

Re: How limit pps on the interface

Thu Nov 11, 2010 10:15 am

Wifi network speed is sensitive to PPS.
Only p2p programs and viruses can generate 200 and more pps.
Priority works then you set max-limit. That can i set if my speed is from 256kbps to 2048kbps?
My configuration is good ant it works fine.
 
User avatar
NetworkPro
Forum Guru
Forum Guru
Posts: 1376
Joined: Mon Jan 05, 2009 6:23 pm
Location: bit.ly/the-qos
Contact:

Re: How limit pps on the interface

Thu Nov 11, 2010 12:41 pm

The competition will get to such biz that drops packets and eat it alive :)
 
kolson606
just joined
Posts: 3
Joined: Fri Mar 04, 2016 8:52 pm

Re: How limit pps on the interface

Tue Mar 08, 2016 12:16 am

Help - how do I limit pps by address lists for WISP? I need to limit pps by address lists. We are an WISP that has AP's that can handle roughly 3000 pps but recently video traffic can have low bandwidth and very high pps killing the AP. For example, we have 4 Mbps of bandwidth running 3000 pps instead of what it should be at around 333 pps.

I got this working in the FW for address list 587pps. But the other address list (250pps) doesn't seem to shape on pps correctly, especially the upstream. What am I doing wrong here? If mangle is a better option please provide a sample example using my mockup. In this case I have two address lists, one for static IPs that will get 584 pps or 7 Mb up/down and the other is for 250 pps which will be for 3 Mbps. We don't need to prioritize traffic. Just drop packets to protect the APs other clients when this happens. Simple transparent bridge. No routing or nat on this server. I thought address lists would be easiest because then we can change the "package" the customer may have. PPS is a huge issue lately and doesn't often correlate with bandwidth and is death for WISPs. We control bandwith with other servers (Netequalizers)

Here's my current config: Any help would be appreciated! Thanks.


#
/interface bridge
add name=allportsbridge
/interface ethernet
set [ find default-name=ether1 ] comment=WANInternet
set [ find default-name=ether2 ] comment=LANinside
/ip neighbor discovery
set ether1 comment=WANInternet
set ether2 comment=LANinside
/port
set 0 name=serial0
set 1 name=serial1
/interface bridge port
add bridge=allportsbridge interface=ether1
add bridge=allportsbridge interface=ether2
/interface bridge settings
set use-ip-firewall=yes use-ip-firewall-for-vlan=yes
/ip firewall address-list
add address=10.0.0.248 list=584ppsList
add address=10.0.0.250 list=250ppsList
/ip firewall filter
add chain=forward comment="Accept 584 pps for download" dst-address-list=\
584ppsList limit=584,292
add chain=forward comment="Accept 584 pps for upload" limit=584,292 \
src-address-list=584ppsList
add chain=forward comment="Accept 250 pps for download" dst-address-list=\
250ppsList limit=250,125
add chain=forward comment="Accept 250 pps for upload" dst-limit=\
0,5,dst-address limit=250,125 src-address-list=250ppsList
add action=drop chain=forward comment="Drop download 584 pps" \
connection-limit=0,32 dst-address-list=584ppsList limit=0,5
add action=drop chain=forward comment="Drop upload 584 pps" limit=0,5 \
src-address-list=584ppsList
add action=drop chain=forward comment="Drop download 250 pps" \
dst-address-list=250ppsList
add action=drop chain=forward comment="Drop upload 250 pps" limit=0,5 \
src-address-list=250ppsList

Who is online

Users browsing this forum: No registered users and 39 guests