Hello gurus,
Hope you can help me with a rare problem I'm experiencing these days.
I have attached an image how I am controlling a ISP Network. I had all the network rules on the RB1000 (NAT, ROUTING, Address List, Firewall and QoS) but the processor is reaching to 95% with 1000 clients already so it was time to make a change.
I thought that separating QoS on a RB1200 (mangle rules, queue trees) and NAT and Routing on RB1000 will help, but something else on the configuration seems that is missing.
The RB1200 just has to be a transparent QoS controller so I bridged all the ports and all the AP's are connected to the RB1200 and the RB1200 is connected to RB1000 as the figure shows, but the principal problem is in the queue tree in the parent section.
The download master queue has as the parent the bridge, so is the upload master queue, and it is just queuing the upload but not the download. What would be the best solution?? global-in for download parent and global-out for upload parent??
besides the processor in the RB1200 is up to 100% in a few seconds and not controlling download...can you guys give a hint??
Thank you very much for your help
-
-
andrescamino
Member Candidate
- Posts: 198
- Joined:
- Location: Guayaquil-Ecuador
Bridge Problem with RB1200 not controlling Queue trees
You do not have the required permissions to view the files attached to this post.
-
-
c0d3rSh3ll
Long time Member
- Posts: 557
- Joined:
- Location: [admin@Chile] >
Re: Bridge Problem with RB1200 not controlling Queue trees
how you have configured the bridge in the rb1000??
paste the rules.
paste the rules.
-
-
andrescamino
Member Candidate
- Posts: 198
- Joined:
- Location: Guayaquil-Ecuador
Re: Bridge Problem with RB1200 not controlling Queue trees
Hello c0d3rSh3ll,
There are too many rules, I will try to put make my point in the queue tree section. What i want to do the RB1200 is to be a transparent traffic controller. I tried this week and had just a little bit of luck finally is queuing but not as it's supposed to be.
The
In the RB1000 Queue tree scheme
The Download Queue has as parent bridge1 (ether2, ether3 and ether4 are connected to access point where clients are connected) The Upload Queue has as parent ether1 (ether1 is connected to the internet provider)
IT WORKS! but CPU is already 95%
In the RB1000 + RB1200 Queue tree scheme (The RB1200 is doing the queuing part)
The Download Queue has as parent global in (all ports are bridged in the RB1200)
The Upload queue has as parent global-out (all ports are bridged in the RB1200)
IT DOESNT' WORK
I just would like to know what parents should have the RB1200 or I should have another configuration in order to control the traffic in the RB1200 if all ports are bridged.
Thanks for your help
There are too many rules, I will try to put make my point in the queue tree section. What i want to do the RB1200 is to be a transparent traffic controller. I tried this week and had just a little bit of luck finally is queuing but not as it's supposed to be.
The
In the RB1000 Queue tree scheme
The Download Queue has as parent bridge1 (ether2, ether3 and ether4 are connected to access point where clients are connected) The Upload Queue has as parent ether1 (ether1 is connected to the internet provider)
IT WORKS! but CPU is already 95%
In the RB1000 + RB1200 Queue tree scheme (The RB1200 is doing the queuing part)
The Download Queue has as parent global in (all ports are bridged in the RB1200)
The Upload queue has as parent global-out (all ports are bridged in the RB1200)
IT DOESNT' WORK
I just would like to know what parents should have the RB1200 or I should have another configuration in order to control the traffic in the RB1200 if all ports are bridged.
Thanks for your help
-
-
andrescamino
Member Candidate
- Posts: 198
- Joined:
- Location: Guayaquil-Ecuador
Re: Bridge Problem with RB1200 not controlling Queue trees
This are the ruleon RB1200
FIREWALL:
QUEUES:
No matter what i choose on parents for Down_total and Up_total I can control download and upload, I just can control one of both rules or upload or download
This is the lab where I am trying
FIREWALL:
Code: Select all
/ip firewall address-list
add address=10.10.10.2 disabled=no list=Res_512k_01
add address=10.10.10.4 disabled=no list=Res_512k_01
/ip firewall connection tracking
set enabled=yes generic-timeout=10m icmp-timeout=10s tcp-close-timeout=10s \
tcp-close-wait-timeout=10s tcp-established-timeout=1d \
tcp-fin-wait-timeout=10s tcp-last-ack-timeout=10s \
tcp-syn-received-timeout=5s tcp-syn-sent-timeout=5s tcp-syncookie=no \
tcp-time-wait-timeout=10s udp-stream-timeout=3m udp-timeout=10s
/ip firewall mangle
add action=mark-connection chain=forward disabled=no new-connection-mark=\
conn_512k_res_01 passthrough=yes src-address-list=Res_512k_01
add action=mark-packet chain=forward connection-mark=conn_512k_res_01 \
disabled=no new-packet-mark=pack_512k_res_01 passthrough=no
Code: Select all
/queue tree
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=1M name=Down_total parent=global-in priority=8
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=512k \
max-limit=1M name=Res_01_512_down packet-mark=pack_512k_res_01 parent=\
Down_total priority=1 queue=download
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=1M name=Up_total parent=global-out priority=8
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=512k \
max-limit=1M name=Res_01_512 packet-mark=pack_512k_res_01 parent=Up_total \
priority=1 queue=uploadThis is the lab where I am trying
You do not have the required permissions to view the files attached to this post.
-
-
andrescamino
Member Candidate
- Posts: 198
- Joined:
- Location: Guayaquil-Ecuador
Re: Bridge Problem with RB1200 not controlling Queue trees
nothing?? no clue about this??
-
-
kirshteins
MikroTik Support
- Posts: 592
- Joined:
Re: Bridge Problem with RB1200 not controlling Queue trees
Have you enabled use-ip-firewall in bridge settings?
-
-
andrescamino
Member Candidate
- Posts: 198
- Joined:
- Location: Guayaquil-Ecuador
Re: Bridge Problem with RB1200 not controlling Queue trees
Hello kirshteins
yes i have enabled it...but no luck...it marks the packets but it doesn't queue it
I don't know what parent to choose. I have done it before but one interface that i selected for upload was the ethernet where I have the public ip, and for download the bridge, but since the whole interface is a bridge now...it doesn't queue it correctly...am i marking it wrong or selecting badly the interfaces for queue trees??
thanks for your answers
yes i have enabled it...but no luck...it marks the packets but it doesn't queue it
I don't know what parent to choose. I have done it before but one interface that i selected for upload was the ethernet where I have the public ip, and for download the bridge, but since the whole interface is a bridge now...it doesn't queue it correctly...am i marking it wrong or selecting badly the interfaces for queue trees??
thanks for your answers
-
-
andrescamino
Member Candidate
- Posts: 198
- Joined:
- Location: Guayaquil-Ecuador
Re: Bridge Problem with RB1200 not controlling Queue trees
Hello to all...
If all ports are bridged in this RB1200 how can I tell it that download is for the clients connected on ether2,3...12 and for upload is for ether1
Megis_qos pdf shows this:
If all ports are bridged in this RB1200 how can I tell it that download is for the clients connected on ether2,3...12 and for upload is for ether1
Megis_qos pdf shows this:
I am really having a headache here...is it really possible to control traffic transparent with Mikrotik?? I mean...if the gateway is not the controller....I have done it when the gateway is the controller...but with a Mikrotik in the middle of gateway and LAN...i can't make it work the queue treesEach Interface HTB only receives traffic that will
be leaving through a particular interface – there
is no need for to separate upload and download
in mangle
-
-
andrescamino
Member Candidate
- Posts: 198
- Joined:
- Location: Guayaquil-Ecuador
Re: Bridge Problem with RB1200 not controlling Queue trees
This link is for simple queue where you don't have to select the interface...
http://wiki.mikrotik.com/wiki/TransparentTrafficShaper
for queue tree any clue?
http://wiki.mikrotik.com/wiki/TransparentTrafficShaper
for queue tree any clue?
Who is online
Users browsing this forum: No registered users and 74 guests