Question seems to be simple but pretty non-typical. Googling gave me nothing. Though I’m not very experienced Mikrotik admin.
I have RB750Gr2 with one physical ISP connection interface. There are two static IP on this interface, each one with own ISP gateway IP. No VLANS, no anything else, just two available static gateways, defined by IP.
I want to shape all traffic going through the first gateway so the second gateway will have guaranteed available bandwidth. No nuances. No internal LAN shaping rules. No internal subnets. No external target rules.
I’ve tried to use Simple Queues. But I can’t figure how to designate the traffic which is going through some gateway IP there.
What is the right way here to dig deeper and to solve the task?
need to limit outgoing (internet upload) traffic to one isp so second has sufficient interface bandwidth left
Simplest solution (in my opinion)
queue tree on isp connection interface
** parent queue for interface with “max-limit” set to physical limit of interface (ex 1gb, 100mb,…)
** child queue for limit_isp: with “limit-at” applied as desired, with priority 2, packet-mark=limit_isp
** child queue for guaranteed_isp no limits, with priority 1, packet-mark=no-mark
mark all upload traffic to limited_isp
** in mangle:postrouting mark all traffic going to limit_isp with packet-mark=limit_isp
Done
Note:
this will guarantee / limit traffic to “limit isp” to limit-at value. The remaining bandwidth will be offered according to priority: first to “no limit” isp, but if not used / needed, can then be used by “limit isp” as well.
need to limit outgoing (internet upload) traffic to one isp so second has sufficient interface bandwidth left
Yep. But I need to limit all traffic, both outgoing and incoming.
** child queue for limit_isp: with “limit-at” applied as desired, with priority 2, packet-mark=limit_isp
** child queue for guaranteed_isp no limits, with priority 1, packet-mark=no-mark
Possibly dumb questions: What entities do you mean under “limit_isp” and “guaranteed_isp”? And what is the way to designate desired gateway (by its IP?) in your scheme?
It is important to understand that you cannot limit incoming traffic. It has to be limited at the other side of the bottleneck.
You can do some surrogate limiting by limiting the traffic outgoing to your LAN, but you will be delaying and dropping traffic locally on your router that already had arrived on the (presumably bottleneck) connection to your ISP, so it will no nothing w.r.t. priority, latency, guaranteed bandwidth, etc.
This method is mainly useful to shape connection rates e.g. depending on rate plan for an internal user.
First ISP gateway is for conventional internet usage in office.
Second ISP gateway is for special usage only: connections from outside to hosts in LAN (via port forwarding) and connections from LAN to external hosts via strict static routes.
In fact, I hope to get configuration more or less similar to two independent routers on two independent ISP connections.
Well… It looks like my question is not simple at all in terms of Mikrotik configuration. It is pretty normal though, I guess.
I need to dig it deeper myself now. For the sake of this society.
connections from outside: can be connection-mark-ed on mangle:prerouting.
to external hosts: can be connection-mark-ed in mangle:forward
Have a look at VRF.
Suggestion: you probably have a switch linked to that isp port and two CPE’s anyway? then configure two different port on Mikrotik with their own ip/gw, both connected to same switch. it will make your life easier.
It is pretty normal though, I guess.