My simple queues have been working flawlessly for some time, until now. A few things have been tweaked on the router lately (disable UPnP and create specific firewall rules for example). My simple queues are now only working ONE DIRECTION.
Here is the top part of Simple Queue rules
0 name="Eth8 Ooma" target="" dst=eth8 parent=none packet-marks="" priority=2/2
queue=default-small/default-small limit-at=0/0 max-limit=0/0 burst-limit=0/0
burst-threshold=0/0 burst-time=0s/0s total-priority=2
1 name="DVD.201" target=172.20.3.201/32 dst=bridge2 parent=none packet-marks="" priority=8/8
queue=default-small/default-small limit-at=0/0 max-limit=350k/1100k
burst-limit=400k/1200k burst-threshold=375k/1150k burst-time=5s/5s total-max-limit=1200k
2 name="WorkPC" target=172.20.3.64/32 dst=bridge2 parent=none packet-marks="" priority=8/8
queue=default-small/default-small limit-at=0/0 max-limit=350k/1200k burst-limit=0/0
burst-threshold=0/0 burst-time=0s/0s total-max-limit=1M
And the NAT…
Flags: X - disabled, I - invalid, D - dynamic
0 chain=dstnat action=dst-nat to-addresses=172.16.98.101 to-ports=422 protocol=tcp
dst-address=126.211.10.0/24 dst-port=10222
1 chain=dstnat action=dst-nat to-addresses=172.16.98.101 to-ports=6881 protocol=udp
dst-address=126.211.10.0/24 dst-port=6881
2 chain=dstnat action=dst-nat to-addresses=172.16.98.102 to-ports=4423 protocol=tcp
dst-address=126.211.10.0/24 dst-port=24423
3 chain=dstnat action=dst-nat to-addresses=172.16.98.101 to-ports=4423 protocol=tcp
dst-address=126.211.10.0/24 dst-port=14423
4 chain=dstnat action=dst-nat to-addresses=172.16.98.203 to-ports=378 protocol=tcp
dst-address=126.211.10.0/24 dst-port=203378
5 chain=srcnat action=masquerade to-addresses=0.0.0.0 out-interface=bridge2
The device I am looking at is rule 2 (WorkPC). If I run a bandwidth test I achieve 2.7+ mbit D/L and 0.34 mbit u/l with the queue turning red for upload only. The image below shows a log of activity during the download (none).
Any pointers?
What the heck?
If I create two identical queues for #2 with one tweak, one with dst=bridge2 and one with dst=eth10, one queue catches traffic in one direction while the other in the opposite direction. The bridge is:
/interface bridge
add arp=proxy-arp l2mtu=1598 name=bridge1 protocol-mode=rstp
add l2mtu=1598 name=bridge2 priority=0x4000 protocol-mode=rstp
/interface bridge port
add bridge=bridge1 interface=eth1 path-cost=500
add bridge=bridge1 interface=wlan0_private path-cost=800
add bridge=bridge1 interface=eth2 path-cost=500
add bridge=bridge1 interface=eth3 path-cost=500
add bridge=bridge1 interface=eth4 path-cost=500
add bridge=bridge1 interface=eth5 path-cost=500
add bridge=bridge1 interface=eth6 path-cost=500
add bridge=bridge1 interface=eth7 path-cost=500
add bridge=bridge1 interface=eth8 path-cost=500
add bridge=bridge2 interface=eth9 path-cost=200
add bridge=bridge2 interface=eth10 path-cost=100
add bridge=bridge2 interface=Uplink-Bridge path-cost=300
/interface bridge settings
set use-ip-firewall=yes
The uplink IP address is assigned to the bridge. The uplink bridge is intentional, and provides a method to directly look at and interact with the upstream network.
I discovered more that is not making sense with queues in 6.7. CAN ANYONE ELSE CONFIRM THEY ARE HAVING ISSUES?
The manual says:
Check your configuration:
[admin@Augsha] /queue simple> print
Flags: X - disabled, I - invalid, D - dynamic
0 name="private" target-addresses=10.1.1.0/24 dst-address=0.0.0.0/0
interface=ether2 parent=none direction=both priority=8
queue=default-small/default-small limit-at=0/0 max-limit=256k/512k
burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s
total-queue=default-small
The max-limit parameter cuts down the maximum available bandwidth. The value max-limit=256k/512k means that clients from private network will get maximum of 512kbps for download and 256kbps for upload. The target-addresses allows to define the source IP addresses to which the queue rule will be applied.
Probably, you want to exclude the server from being limited, if so, add a queue for it without any limitation (max-limit=0/0 which means no limitation). [b]Move this rule to the beginning of the list, because items in /queue simple are executed in order one by one if router finds rule that satisfy certain packet next rules aren’t compared[/b]:
[admin@MikroTik] /queue simple> add name=server target-addresses=10.1.1.1/32 max-limit=0/0 \
interface=ether2
So, the next rule is not to be compared, right?
This is not happening. I have a rule to allow local traffic to not be queued.
0 name="Allow local" target=172.17.3.0/24 dst=172.17.3.0/24 parent=none
packet-marks="" priority=8/8 queue=default/default limit-at=0/0 max-limit=0/0
burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s
Then, I have rules to limit speed per ip. The problem is, local traffic is being queued at the rates of rules below rule 0.
Something seems really messed up! Anyone else having issues with queues in 6.7? This is an RB2011.
For future assistance to someone, I scrapped this queue strategy, implemented explicit parent and children using simple queues and this remedied everything.