Bandwidth limitations with IP exclusions

RouterOS Beginner Basics
1

Hi,

I’ve been trying to setup bandwidth limitations on an RB2011UiAS running RouterOS v6.5. I’ve found various guides via google and have successfully configured simple queue using pcq, etc, but always fall short as soon as I try to exclude certain IP’s. One problem I’m running into is the blogs and how-to’s reference global-in and global-out, but those don’t exist in v6.5 and I don’t know how to work around it. Here’s the scoop:

Ether1 is Public & has dhcp client on it. The rest of the ports are bridged using 192.168.80.0/24. DHCP server on the bridge with a pool of 192.168.80.10 - 192.168.80.240. By default all IP’s in that subnet should have bandwidth limitations to reduced them down to .5Mb down/.25Mb up. However, I have two IPs in that same subnet that I need to set at 1.5Mb down/1Mb up, or possibly wide open if that would work better.

If anyone could point to me an existing sample that is written for RouterOS v6.5, or point me in the right direction, I’d appreciate it.

2

One of the guides I followed was at http://wiki.mikrotik.com/wiki/Manual:Queues_-_PCQ_Examples and that worked out fine until I tried to exclude certain IP’s.

What I tried: I created an address list in IP->Firewall called “ExcludedIP” set to 192.168.80.240. Then I changed the mangle rules to only mark the packets if they are NOT on the ExcludedIP list. This didn’t seem to have any affect. :frowning:

3

Just create one simple Queue with target IP of computer that you want to exclude and put it first on the list:

/queue simple
add name="Excluded" target=192.168.80.240/32 place-before=0 queue=default-small/default-small limit-at=0/0 max-limit=10M/10M total-queue=default
4

That worked great! Thank you. In testing that, I was reminded of a fact that I forgot to mention in my first post. The guide listed at http://wiki.mikrotik.com/wiki/Manual:Queues_-_PCQ_Examples indicates to use a Queue Tree, but I was unable to use the queue tree because it referenced “global-in” and “global-out” which doesn’t exist in v6.5. So instead of using a queue tree, I created a simple queue as such (this includes your code):

0 X  name="Excluded" target=192.168.80.240/32 parent=none packet-marks="" priority=8/8 queue=default-small/default-small limit-at=0/0 
      max-limit=10M/10M burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s total-queue=default 

 1    name="Client-Download" target=192.168.80.0/24 parent=none packet-marks=client_download priority=8/8 queue=PCQ_upload/PCQ_download 
      limit-at=0/0 max-limit=0/0 burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s 

 2    name="Client-Upload" target=192.168.80.0/24 parent=none packet-marks=client_upload priority=8/8 queue=PCQ_upload/PCQ_download 
      limit-at=0/0 max-limit=0/0 burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s

And here’s my Types referenced above:

5   name="PCQ_download" kind=pcq pcq-rate=1M pcq-limit=50 pcq-classifier=dst-address pcq-total-limit=2000 pcq-burst-rate=0 
     pcq-burst-threshold=0 pcq-burst-time=10s pcq-src-address-mask=32 pcq-dst-address-mask=32 pcq-src-address6-mask=128 
     pcq-dst-address6-mask=128 

 6   name="PCQ_upload" kind=pcq pcq-rate=512k pcq-limit=50 pcq-classifier=src-address pcq-total-limit=2000 pcq-burst-rate=0 
     pcq-burst-threshold=0 pcq-burst-time=10s pcq-src-address-mask=32 pcq-dst-address-mask=32 pcq-src-address6-mask=128 
     pcq-dst-address6-mask=128

And just for completeness here’s my mangle:

0   ;;; mark packets from ether1 client_upload
     chain=prerouting action=mark-packet new-packet-mark=client_upload passthrough=yes in-interface=ether1-gw 

 1   ;;; mark packets from ether2 client_download
     chain=prerouting action=mark-packet new-packet-mark=client_download passthrough=yes in-interface=ether2

What I end up with is my downloads are limited correctly, and 192.168.80.240 exclusion does work, but the uploads don’t get throttled except for 192.168.80.240, and then it seems like the limits for upload and download are reversed.