v7.10
If I use a Bridge, with bridge-filter to mark packets, and use that mark-packet in Queue Tree, the Queue Tree bandwidth limiting works properly. Everything is good.
However, if I then disable the bridge-filter rules, and put them in the ip firewall mangle rules, and turn on use-ip-firewall... the queue tree status shows the proper information (it turns red when using all of the max-limit bandwidth), the mangle rules show traffic, BUT it doesn't actually limit the speed to the devices.
Somehow, in both of those cases above, the queue tree LOOKS like it's working based on the queue status winbox numbers and the colors changing from green to yellow to red... but it only actually limits it when using the bridge-filter and not when using the use-ip-firewall and mangle.
I have hardware offload disabled, fast path disabled in the bridge settings.
I'll post config if needed, but I'm hoping that someone recognizes this and can say that in general this should work, or that this is known not to work, one way or another.
Re: Bridge use-ip-firewall + mangle + queue doesn't work
+1 to this...
I have several mikrotik routers with different versions and both simple and complex configs.
I'm trying to allocate a fixed ammount fo bandwidth to certain websites/ip addresses (address list), but regardless of firewall or bridge filter, just packet marks or connection and packet marks, simple queue, queue tree, queue order, even with a simple fasttrack rule for the marked packets i cannot get the results i'm looking for.
This i've tried on v7 devices so far, as most of them are production devices, i will be getting a v6 router to test and report back.
I have several mikrotik routers with different versions and both simple and complex configs.
I'm trying to allocate a fixed ammount fo bandwidth to certain websites/ip addresses (address list), but regardless of firewall or bridge filter, just packet marks or connection and packet marks, simple queue, queue tree, queue order, even with a simple fasttrack rule for the marked packets i cannot get the results i'm looking for.
This i've tried on v7 devices so far, as most of them are production devices, i will be getting a v6 router to test and report back.
Re: Bridge use-ip-firewall + mangle + queue doesn't work
I don't have such issue with queue tree, ip firewall enabled on bridge, no bridge filters, fastrack rule enabled for packets without mark and when I set max limit to queue items it limits, tested with some lower value than actual current bandwidh (since my bandwith varries over LTE so I used some lower value than Speedtest result). Parent interface queue is set to fq_codel with default values and childs to wireless-default (sfq) with also default values.
But I have other issue, how to get queue tree more responsive since my bandwidth varries from 30M (sometimes even less) to 120M (sometimes but rarely more) depending on time in a day (how many users are currently using my cell) and weather conditions. Max limit on queues is set to max (120M) but when testing in lower bw condition (30M) with torrent download which is in lowest priority queue, HTTP download starts rising after 30s or more and torrent download dropping, so web browsing is also affected, not sure if I can somehow tweak this with fq_codel values without affecting greatly on CPU (ARM, 716 MHz) load to get faster queue response.
But I have other issue, how to get queue tree more responsive since my bandwidth varries from 30M (sometimes even less) to 120M (sometimes but rarely more) depending on time in a day (how many users are currently using my cell) and weather conditions. Max limit on queues is set to max (120M) but when testing in lower bw condition (30M) with torrent download which is in lowest priority queue, HTTP download starts rising after 30s or more and torrent download dropping, so web browsing is also affected, not sure if I can somehow tweak this with fq_codel values without affecting greatly on CPU (ARM, 716 MHz) load to get faster queue response.