Community discussions

MikroTik App
  4. RouterOS
  5. Beginner Basics

Queues need help

Post Reply
 
dakrai21
just joined
Topic Author
Posts: 9
Joined: Sun Feb 04, 2024 6:18 am

Queues need help

Sun Mar 10, 2024 10:44 am

Hello everyone,

I need help with my PPPoE Server bandwidth. I make profiles and give each one a specified bandwidth limit. The bandwidth limit didn't match to what I set when I set up my client router for PPPOE. I then tried using basic queues and the destination IP address, but that didn't work either. However, when I torch the queue profile and try to speed test, my bandwidth limit does work.

More Details: I have running dhcp server, static and PPPoE set up for my LAN interface

Code: Select all
# 2024-03-10 16:13:53 by RouterOS 7.13.3
# software id = ********
#
# model = RB5009UG+S+
# serial number = ************
/interface bridge
add name=LAN_BRIDGE
/interface ethernet
set [ find default-name=ether1 ] name=eth1-WAN
set [ find default-name=ether2 ] name=eth2-WAN2

/interface wireguard
add comment=back-to-home-vpn listen-port=1007 mtu=1420 name=back-to-home-vpn
/interface bonding
add name=bond_lan slaves=ether5,ether6
/interface list
add name=LAN
add name=WAN
/ip pool
add name=dhcp_pool ranges=10.10.0.1-10.10.10.0,10.10.10.2-10.10.255.254
add name=pppoe_pool ranges=120.84.50.0/24
/ip dhcp-server
add address-pool=dhcp_pool interface=LAN_BRIDGE lease-time=1d name=\
    dhcp_server
/ppp profile
set *0 dns-server=8.8.8.8,192.168.111.1 use-encryption=yes
add dns-server=8.8.8.8,1.1.1.1 local-address=120.84.50.1 name=5Mbps \
    rate-limit=6M/6M remote-address=pppoe_pool use-encryption=yes
add dns-server=8.8.8.8,1.1.1.1 local-address=120.84.50.1 name=15Mbps \
    rate-limit=17M/17M remote-address=pppoe_pool use-encryption=yes
add dns-server=8.8.8.8,1.1.1.1 local-address=120.84.50.1 name=10Mbps \
    rate-limit=11M/11M remote-address=pppoe_pool use-encryption=yes
add dns-server=8.8.8.8,1.1.1.1 local-address=120.84.50.1 name=20Mbps \
    rate-limit=22M/22M remote-address=pppoe_pool use-encryption=yes
/interface bridge port
add bridge=LAN_BRIDGE interface=LAN
/interface detect-internet
set detect-interface-list=all
/interface list member
add interface=ether7 list=LAN
add interface=ether8 list=LAN
add interface=bond_lan list=LAN
add interface=eth1-WAN list=WAN
add interface=eth2-WAN2 list=WAN
add interface=pppoe-out1 list=WAN
/interface pppoe-server server
add default-profile=5Mbps disabled=no interface=LAN_BRIDGE \
    one-session-per-host=yes service-name=pppoe_server
/interface wireguard peers
add allowed-address=*******************
/ip address
add address=10.10.10.1/16 interface=LAN_BRIDGE network=10.10.0.0
add address=192.168.50.1/24 interface=LAN_BRIDGE network=192.168.50.0
add address=192.168.100.1/24 interface=LAN_BRIDGE network=192.168.100.0
/ip cloud
set back-to-home-vpn=enabled ddns-enabled=yes
/ip cloud advanced
set use-local-address=yes
/ip dhcp-client
add interface=eth2-WAN2
/ip dhcp-server network
add address=10.10.0.0/16 dns-server=8.8.8.8,1.1.1.1 gateway=10.10.10.1
/ip dns
set allow-remote-requests=yes servers=8.8.8.8,1.1.1.1
/ip firewall filter
add action=accept chain=input dst-port=8291 protocol=tcp
add action=accept chain=input comment="accept establised,related" \
    connection-state=established,related in-interface-list=WAN
add action=drop chain=input connection-state=invalid in-interface-list=WAN
add action=accept chain=input comment="Allow Winbox" dst-port=8291 \
    in-interface-list=WAN protocol=tcp src-port=8291
add action=accept chain=input comment="allow SSH" dst-port=22 \
    in-interface-list=WAN protocol=tcp
add action=drop chain=input comment="block everything else" \
    in-interface-list=WAN
add action=fasttrack-connection chain=forward comment=\
    "fast-track for established,related" connection-state=established,related \
    hw-offload=yes
add action=accept chain=forward comment="accept established,related" \
    connection-state=established,related
add action=drop chain=forward connection-state=invalid
add action=drop chain=forward comment=\
    "drop access to clients behind NAT from WAN" connection-nat-state=!dstnat \
    connection-state=new in-interface-list=WAN
/ip firewall mangle
/ip firewall nat
add action=masquerade chain=srcnat out-interface-list=WAN
/ip firewall raw
/ip service
set ftp disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/ppp secret
add name=ppp1 profile=5Mbps service=pppoe
/system clock
set time-zone-name=********
/system identity
set name=***********************
/system note
set show-at-login=no
/tool bandwidth-server
set authenticate=no
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
You do not have the required permissions to view the files attached to this post.
Top
 
dakrai21
just joined
Topic Author
Posts: 9
Joined: Sun Feb 04, 2024 6:18 am

Re: Queues need help

Sun Mar 10, 2024 3:38 pm

Guys please help
Top
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11646
Joined: Thu Mar 03, 2016 10:23 pm

Re: Queues need help

Sun Mar 10, 2024 4:00 pm

Disable fasttrack rule in firewall (chain=forward).

Fasttrack bypasses lits of packet processing, most queues included. Torch disables fasttrack (in order to show anything), that's why queues work then.

Be prepared to see CPU utilization go up considerably, depending on your WAN speed it may become a bottleneck.
Top
 
dakrai21
just joined
Topic Author
Posts: 9
Joined: Sun Feb 04, 2024 6:18 am

Re: Queues need help

Mon Mar 11, 2024 3:08 pm

Hello, it's working now, mkx thank you so much. However what ideas do you have regarding CPU utilization?
Top
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11646
Joined: Thu Mar 03, 2016 10:23 pm

Re: Queues need help

Mon Mar 11, 2024 5:01 pm

Generally no ideas. As soon as one starts with non-trivial things (and queuing / traffic shaping is not trivial), router has to process each packet and that simply requires some CPU power.
Top
Post Reply

Who is online

Users browsing this forum: Google [Bot] and 11 guests
  4. RouterOS
  5. Beginner Basics