Page 1 of 1

How limit pps on the interface

Posted: Tue Jun 12, 2007 3:43 pm
by rmg_e
Is it posible to limit pps (pakets per sekond) for interface or client ip address?

Re: How limit pps on the interface

Posted: Wed Jun 13, 2007 12:52 am
by gmsmstr
The only thing I can think of off the top of my head is the limit setting in the simple queues. This should effectifly limit pps, however, i would be looking to limit by bandwidth vs PPS.

Need Mikrotik Support, contact
Dennis Burgess
St. Louis Network Engineering Services
http://www.mikrotikconsulting.com
dmburgess@mikrotikconsulting.com
Certified Mikrotik Engineer

Purchase hours on-line!

Re: How limit pps on the interface

Posted: Wed Jun 13, 2007 9:40 am
by rmg_e
But in simple queue is posible tu limit kbps but not pps. So if i want limit pps to 200 how can i do it ?

Re: How limit pps on the interface

Posted: Mon Jun 18, 2007 4:39 pm
by warwick09
Directly speaking, there isnt a way to influence the amount of pps an interface can "push thru" but you can limit the bandwidth which will in turn influence the amount of pps. Experiment and ull find a suitable setting.

Regards.

Also the pps is very dependent on the type of data that is being handled. For example a typical voip conversation at only 64kbps will exhibit about 50-60 pps while a normal 2mbps/~+2000kbps download will exhibit about 200pps. This is because of the amount of traffic sent in one block. 64 bytes with voip vs the 1500 in a normal ethernet block/frame.

Re: How limit pps on the interface

Posted: Mon Jun 18, 2007 8:08 pm
by changeip
limiting pps is necessary sometimes, especially on a wireless link where pps makes a difference. maybe you can use the limit/dst-limit/nth rules somehow. There isn't a direct filter for pps but you might be able to accomplish it with other methods.

Re: How limit pps on the interface

Posted: Fri Jun 04, 2010 11:00 am
by rmg_e
simple way to limit pps :
______________________________________________________________________________________________
:global kl44 "192.168.181.25/30"
# add klient ip

/ip firewall mangle add action=mark-packet chain=forward comment="" disabled=no new-packet-mark=$kl1 packet-size=0-40 passthrough=yes src-address=$kl1
# mark small pakets 0-40 bytes
/ip firewall filter add action=accept chain=forward comment="$kl1" disabled=no limit=30,5 packet-mark=$kl1
# accept only 30 small pakets from ip
/ip firewall filter add action=drop chain=forward comment="" disabled=no packet-mark=$kl1
# drop if more than 30pps
/ip firewall filter add action=accept chain=forward comment="" disabled=no dst-address=$kl1 limit=170,85
# accept 170 pps for download
/ip firewall filter add action=accept chain=forward comment="" disabled=no limit=70,35 src-address=$kl1
# accept 70 pps for upload
/ip firewall filter add action=drop chain=forward comment="" disabled=no src-address=$kl1
# drop ( limited upload PPS)
/ip firewall filter add action=drop chain=forward comment="" disabled=no dst-address=$kl1
# drop (limited download pps)
__________________________________________________________________________________________________


170 pps download speed is about 1.9 mbs with speedtest
70pps upload speed is about 0.5mbs with speedtest
:D

Re: How limit pps on the interface

Posted: Fri Jun 04, 2010 11:04 am
by rmg_e
if using bridge interface do:

/interface bridge settings
set use-ip-firewall=yes use-ip-firewall-for-vlan=yes

Re: How limit pps on the interface

Posted: Fri Jun 04, 2010 12:00 pm
by NetworkPro
simple way to limit pps :
______________________________________________________________________________________________
:global kl44 "192.168.181.25/30"
# add klient ip

/ip firewall mangle add action=mark-packet chain=forward comment="" disabled=no new-packet-mark=$kl1 packet-size=0-40 passthrough=yes src-address=$kl1
# mark small pakets 0-40 bytes
/ip firewall filter add action=accept chain=forward comment="$kl1" disabled=no limit=30,5 packet-mark=$kl1
# accept only 30 small pakets from ip
/ip firewall filter add action=drop chain=forward comment="" disabled=no packet-mark=$kl1
# drop if more than 30pps
/ip firewall filter add action=accept chain=forward comment="" disabled=no dst-address=$kl1 limit=170,85
# accept 170 pps for download
/ip firewall filter add action=accept chain=forward comment="" disabled=no limit=70,35 src-address=$kl1
# accept 70 pps for upload
/ip firewall filter add action=drop chain=forward comment="" disabled=no src-address=$kl1
# drop ( limited upload PPS)
/ip firewall filter add action=drop chain=forward comment="" disabled=no dst-address=$kl1
# drop (limited download pps)
__________________________________________________________________________________________________


170 pps download speed is about 1.9 mbs with speedtest
70pps upload speed is about 0.5mbs with speedtest
:D
Oh no this is horrible bad practice I can't watch I will have nighmares. I am going to a monastery. This does it. The world is a bad place. :)

QUIT DROPPING RANDOM PACKETS wiill ya?! jeezas chrisler !! :)

A good script-like example though. And so if one knows which packets not to drop, one could try to exclude them from this work of the devil.

Re: How limit pps on the interface

Posted: Wed Oct 20, 2010 8:25 am
by rmg_e
If it is so bad , can somebody write better?

Re: How limit pps on the interface

Posted: Wed Oct 20, 2010 5:30 pm
by NetworkPro
Why would you want to limit the pps on the interface? Why can't you upgrade the routers?

As it turns out, over-provisioning is cheaper than bandwidth limiting, shaping etc.

If you have to drop packets - make sure they are of lowest priority. For example do not drop gaming packets and do not drop the ones that have high priority in this example: http://wiki.mikrotik.com/wiki/NetworkPr ... oS_Example

Re: How limit pps on the interface

Posted: Thu Nov 11, 2010 10:15 am
by rmg_e
Wifi network speed is sensitive to PPS.
Only p2p programs and viruses can generate 200 and more pps.
Priority works then you set max-limit. That can i set if my speed is from 256kbps to 2048kbps?
My configuration is good ant it works fine.

Re: How limit pps on the interface

Posted: Thu Nov 11, 2010 12:41 pm
by NetworkPro
The competition will get to such biz that drops packets and eat it alive :)

Re: How limit pps on the interface

Posted: Tue Mar 08, 2016 12:16 am
by kolson606
Help - how do I limit pps by address lists for WISP? I need to limit pps by address lists. We are an WISP that has AP's that can handle roughly 3000 pps but recently video traffic can have low bandwidth and very high pps killing the AP. For example, we have 4 Mbps of bandwidth running 3000 pps instead of what it should be at around 333 pps.

I got this working in the FW for address list 587pps. But the other address list (250pps) doesn't seem to shape on pps correctly, especially the upstream. What am I doing wrong here? If mangle is a better option please provide a sample example using my mockup. In this case I have two address lists, one for static IPs that will get 584 pps or 7 Mb up/down and the other is for 250 pps which will be for 3 Mbps. We don't need to prioritize traffic. Just drop packets to protect the APs other clients when this happens. Simple transparent bridge. No routing or nat on this server. I thought address lists would be easiest because then we can change the "package" the customer may have. PPS is a huge issue lately and doesn't often correlate with bandwidth and is death for WISPs. We control bandwith with other servers (Netequalizers)

Here's my current config: Any help would be appreciated! Thanks.


#
/interface bridge
add name=allportsbridge
/interface ethernet
set [ find default-name=ether1 ] comment=WANInternet
set [ find default-name=ether2 ] comment=LANinside
/ip neighbor discovery
set ether1 comment=WANInternet
set ether2 comment=LANinside
/port
set 0 name=serial0
set 1 name=serial1
/interface bridge port
add bridge=allportsbridge interface=ether1
add bridge=allportsbridge interface=ether2
/interface bridge settings
set use-ip-firewall=yes use-ip-firewall-for-vlan=yes
/ip firewall address-list
add address=10.0.0.248 list=584ppsList
add address=10.0.0.250 list=250ppsList
/ip firewall filter
add chain=forward comment="Accept 584 pps for download" dst-address-list=\
584ppsList limit=584,292
add chain=forward comment="Accept 584 pps for upload" limit=584,292 \
src-address-list=584ppsList
add chain=forward comment="Accept 250 pps for download" dst-address-list=\
250ppsList limit=250,125
add chain=forward comment="Accept 250 pps for upload" dst-limit=\
0,5,dst-address limit=250,125 src-address-list=250ppsList
add action=drop chain=forward comment="Drop download 584 pps" \
connection-limit=0,32 dst-address-list=584ppsList limit=0,5
add action=drop chain=forward comment="Drop upload 584 pps" limit=0,5 \
src-address-list=584ppsList
add action=drop chain=forward comment="Drop download 250 pps" \
dst-address-list=250ppsList
add action=drop chain=forward comment="Drop upload 250 pps" limit=0,5 \
src-address-list=250ppsList