BW Limit of more than 4200 Mbps CCR1072

discoengineer · April 18, 2022, 9:20pm

Hi,

We have a CCR1072 which is acting as edge router for providing internet services to customers. We have recently taken on board a customer whose BW requirement is of 5000 Mbps. I was trying to implement this download limit via PCQ and simple queue but when we enter the value of more than 4200 Mbps in Max Download Limit (in case of simple queue) or in Rate (in case of PCQ) Mikrotik does not accept the value. How can we achieve this?

guipoletto · April 18, 2022, 9:31pm

As far as i know, queues are single-core things.
It is even impressive that you managed to see 4+Gbps under a softqueue

I don’t think this is really scalable.

Do you have a switch in the path where you could set the limit at the interface?

discoengineer · April 25, 2022, 9:18am

I havent been able to achieve 4200 Mbps on the CCR for the customer. Though the CCR accepts the value of 4200M but once the queue is enabled, the traffic is choked at 500 Mbps. Further to add, yes i have NX3k on which the customer is terminated but the NX3K can apply traffic police on physical interface but not on LAGs or SVIs. Is there anyway we can achieve this capping on Mikrotik as we were hoping to use this CCR for customers link 1G to 5G capacity.

guipoletto · April 26, 2022, 4:20pm

This makes more sense.

You have 72 cores, but the queue will limit all the customer traffic to a single core

therefore you will not be able to control the bandwidth to this customer using this tool. Simple-queues are software-queues, and for that ammount of bandwidth, you need a hardware-based queue.

I suggest putting a switch with limiting capabilities in the path for this client

For instance, in a CRS317, you can go to Switch → port → SFP11 → set ingress (upload) and Egress (download) rate limits for that port.

Zacharias · April 26, 2022, 4:27pm

As far as i know, simple queues use multiple processor cores…

chechito · April 26, 2022, 8:54pm

afaik:

multiple simple queues without parent or different parents uses multiple different processor cores

a single simple queue only uses a single processor core for most of his load, the same apply for multiple simple queues whit the same parent

chechito · April 26, 2022, 8:58pm

maybe try an ACL not for the LAG or SVI interface
instead of that for the Destination MAC address of the traffic

or

for the ip address or addresses of the traffic you want to limit

in Mikrotik CRS 3xx you can do that, i think is very likely NX3k can do that too

BartoszP · April 27, 2022, 6:24am

4200MB looks like a victim of a 4294967295 (unsigned 32-bit) number limit

chechito · April 27, 2022, 3:56pm

i was expecting that with ROS 7.x the 4200MB queue limit will be eradicated but until today is not

i have used that on big CHR with big CPU to do QoS deployments sucessfully

but when we reach 4200 limit we had to abandon it

discoengineer · May 6, 2022, 8:58am

Thanks for the input guipoletto. I see your suggestion and get your point but in case we have multiple customers, some being allocated 2 x 10G interfaces for redundancy, allocated each customer a dedicated port whether he has 2 Gbps traffic or 5 Gbps traffic, we will need many switches as we will only be able to apply hardware limit using the switch. Applying on SVI or IP level would save the number of physical ports we use as one 10G interface could facilitate multiple customers. But at the end of the day, if CCR is not capable enough, there is now choice but to allocate each customer a dedicated physical port.

discoengineer · May 6, 2022, 9:00am

Hi chechito. Thanks for the input. Ill check and see if I can get this done on N3K and will share update.

discoengineer · June 2, 2022, 8:32pm

Just to update, talked to Mikrotik support and the guy there gave an excellent suggestion which was to use firewall to restrict traffic. Used the below mentioned command:

/ip firewall filter
add action=drop chain=forward out-interface=ether1 limit=!1G,100M:bit

"This simple firewall filter rule will limit ether1 outgoing traffic to 1Gbps with 100Mbp burst "

I changed the out-interface to the designated vlan of the customer and the download was restricted. No heavy utilization of CPU cores. Have implemented upto 3Gbps using this for another customer on the same CCR and no CPU choking observed. All seems normal till now. Will keep under monitoring. Do share if anyone else has had an experience with using this rule to do BW shaping.

chechito · June 3, 2022, 1:41pm

interesting rule

thank you for sharing

looks like MikroTik is working on the subject

changelog of 7.3rc1 shows this:
*) queue - allow to set higher limits than 4G;

maybe in no distant future we will enjoy queues with big limits

we will see how the 1.000 mhz tilera in order execution cores on ccr1072 perform vs 2.000 mhz arm out of order execution cores on ccr2116/2216

shailparmar · October 29, 2023, 6:24am

The same limit of 4200 is there in /Switch Rules .

I tried searching reason for that, but now I understand from this comment.

Can anyone confirm is this limit is still there or removed.

Thanks