I am deploying a new Mikrotik RB2011iL-RM for a new high-speed connection. Here is a simplified, sanitized version of the proposed setup (with an accompanying diagram, also at http://i326.photobucket.com/albums/k435/bph-spruce/QueingExample_zps7eccad37.png).
A block of routable IP addresses is assigned by the upstream ISP. 207.1.0.0/24 for the example. Their equipment is at 207.1.0.1, and that’s our gateway (we route all internet traffic to 207.1.0.1).
There are two edge servers that must be on this same subnet (i.e. cannot be NAT-ed or masqueraded), at 207.1.0.3 and 207.1.0.4. The Upstream router is plugged in to Eth6, the servers to Eth7 and Eth8. Eth6-10 are bridged (Bridge1), and the bridge has an IP number of 207.1.0.2. So far so good.
We route and masquerade two LANs, 192.168.0.0/24 and 192.168.1.0/24, plugged in to Eth1 and Eth2. Eth1 is 192.168.0.1/24 and Eth2 is 192.168.1.1/24.
Routing Tables (correctly) send all of the traffic where it needs to go between the three LANs. Traffic on 207.1.0.0 is not routed to get to the internet, but is routed as necessary to the private LANs.
That all works.
Now, for bandwidth management and reporting, we want to have a queue that counts (and may eventually limit) traffic on Eth6. In other words, the traffic flowing to/from the internet. If I build a queue on Eth6, it doesn’t seem to see the traffic. If I define the queue on Bridge1, it sees traffic from Eth1 and Eth2 to the bridge, but I don’t think it counts traffic from Server 1 or Server 2 to the internet, and I think it DOES count traffic from Eth1 to Server1 (since it’s flowing through the bridge).
- I do NOT want to count traffic between Server 1 and Server 2, but I DO want to count traffic going from Server 1 or 2 to the Internet (Eth6).
- I do NOT want to count traffic between any combination of Eth1, Eth2, Server1 and/or Server2, but I DO want to count from any of those to Eth6.
I have use-ip-firewall turned on, but that doesn’t seem to make a difference.
What kind of queue do I need, and where/how do I define it.
Thanks!
(Consultants offering a planning service are welcome to contact me as well.)
