CCR Simple Queue - not working upload limiting.

Piotrbuli · July 26, 2015, 7:47pm

Hi,
I’ve moved from x86 ROS v5, to CCR ROS 6.30.1 with my “BRAS”.
In v5 I had double QoS with Queue tree, and now I have implemented SQ for limiting client bandwidth.

After some small adjustments it seemed to work fine, but today I have noticed greater upload trafiic than usuall.
Target address have max-limit for upload set to 1 Mb/s, but it can consume up to 10 Mb/s.
Simple Queue traffic shows 3Mb/s, while user is consuming 10 Mb/s upload (see torch).
It seems to be some UDP traffic (torrent?).
simple_queue_upload_issue2.png
Simple queue settings:

/queue simple
add max-limit=1024k/11160k name="Kruszynska Ciska - taryfa" target=\
    192.168.22.33/32

Yet I have no mangle entries - I just want to ensure, that client limitation is working fine, and then I will work on QoS and some Dual-Wan failover functionality.

Could you help me sort this out?

Piotrbuli · July 28, 2015, 4:01pm

Whatever,
seems like it was my fault - client, which was consuming upload bandwidth had publicly accessible DNS enabled. .
So, this client was part of some kind of DDoS attack probably.

I’m glad, that I found this, but shouldn’t Simple Queue shape udp dns trafiic as well?

EDinATL · July 30, 2015, 8:37pm

Been playing with simple queues a lot lately and found something I wanted to share that might fix the issues relating to “download limits/queues are working but upload limits don’t seem to work.”

I found that having a parent queue by itself worked ok for queueing/limiting my WAN link, but as soon as I added a child queue (for a specific machine/IP address) it would break and no limiting/queueing would take place, and the clue that stood out for me was that I could see the traffic coming down in the graphs, but uploads would not show up at all.

The solution I found was to add a catch-all rule to match all the remaining traffic that isn’t specified by my other queues.

/queue simple
add dst=ether1-gateway max-limit=6M/27M name="WAN parent" target=""
add max-limit=3M/27M name=queue2 parent="WAN parent" target=192.168.1.14/32
add dst=ether1-gateway max-limit=6M/27M name="default match all" parent="WAN parent" target=""

So, if you’re troubleshooting your queueing, try looking into the matching effectiveness and make sure that all traffic is being matched.