Do I need queues

ron401 · January 15, 2010, 3:16am

Hi everybody!
I’m running a small wireless isp of about 200 customers. I would like to set my customers up in different speed packages. something like 150 people at 4mbps/1mbps 20 at 6mbps/2mbps and so on.
I’m using my mikrotik box as a dhcp server so i won’t have a problem distinguishing who’s who. so far i’ve looked into simple queues and queue trees and they both seem like they are limiting the whole connection and the setups that i’ve seen don’t show any easy way to limit by mac address or ip address. i’ve also looked into the hotspot functionality that mikrotik provides but i’m not really sure i want my customers to have to log in every time they want to get online.

i’m running version 4.4 with two physical nics

thanks in advance for the help!

fewi · January 15, 2010, 4:46am

http://wiki.mikrotik.com/wiki/PCQ

PCQ allows you to easily create substreams (for example by source IP for upstream and by destination IP for downstream) with a rate limit. Read the wiki for details and examples, but here a (very) rough outline:

Add address-lists to easily identify what profile a user should get:

/ip firewall address-list
add list=profile1 address=10.1.0.10
add list=profile1 address=10.1.0.11
add list=profile2 address=10.1.0.12

Add 4 PCQ queue types - one for 4 meg down, one for 1 meg up, one for 6 meg down and one for 2 meg up. The pcq-total-limit value comes from the pcq-limit multiplied by the amount of customer you’re expecting:

/queue type
add name="profile1-up" kind=pcq pcq-rate=1000000 pcq-limit=50 pcq-classifier=src-address pcq-total-limit=7500 
add name="profile1-down" kind=pcq pcq-rate=4000000 pcq-limit=50 pcq-classifier=dst-address pcq-total-limit=7500 
add name="profile2-up" kind=pcq pcq-rate=2000000 pcq-limit=50 pcq-classifier=src-address pcq-total-limit=1000 
add name="profile2-down" kind=pcq pcq-rate=6000000 pcq-limit=50 pcq-classifier=dst-address pcq-total-limit=1000

Mark traffic

/ip firewall mangle
add chain=prerouting action=mark-packet new-packet-mark=profile1-up passthrough=no src-address-list=profile1 in-interface=LAN
add chain=postrouting action=mark-packet new-packet-mark=profile1-up passthrough=no src-address-list=profile1 out-interface=LAN
add chain=prerouting action=mark-packet new-packet-mark=profile2-up passthrough=no src-address-list=profile2 in-interface=LAN
add chain=postrouting action=mark-packet new-packet-mark=profile2-up passthrough=no src-address-list=profile2 out-interface=LAN

And QoS the traffic

/queue tree
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=profile1-up packet-mark=profile1-up parent=global-in priority=8 queue=profile1-up
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=profile1-down packet-mark=profile1-down parent=global-out priority=8 queue=profile1-down
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=profile2-up packet-mark=profile2-up parent=global-in priority=8 queue=profile2-up
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=profile2-down packet-mark=profile2-down parent=global-out priority=8 queue=profile2-down

There’s plenty of examples for this all over the wiki and the forums as rate-limiting per customer is an extremely common requirement.

ron401 · January 15, 2010, 2:15pm

thank you very much

ron401 · January 21, 2010, 7:44pm

from the example above and whats on the wiki pages i have tried to set this up. But it still doesn’t work.
I have the dhcp server setup to server 172.20.34.x address and nat to a public 64.8.76.181 and i am able to browse
I have the laptop that i’m testing with setup in the 0768/128 address list/queue.

I have setup the queue types:

[admin@MikroTik for BEM] /queue type> pr
 0 name="default" kind=pfifo pfifo-limit=50 

 1 name="ethernet-default" kind=pfifo pfifo-limit=50 

 2 name="wireless-default" kind=sfq sfq-perturb=5 sfq-allot=1514 

 3 name="synchronous-default" kind=red red-limit=60 red-min-threshold=10 red-max-threshold=50 red-burst=20 red-avg-packet=1000 

 4 name="hotspot-default" kind=sfq sfq-perturb=5 sfq-allot=1514 

 5 name="1024/512-up" kind=pcq pcq-rate=64000 pcq-limit=50 pcq-classifier=src-address pcq-total-limit=7500 

 6 name="1024/512-down" kind=pcq pcq-rate=128000 pcq-limit=50 pcq-classifier=dst-address pcq-total-limit=7500 

 7 name="2048/512-up" kind=pcq pcq-rate=64000 pcq-limit=50 pcq-classifier=src-address pcq-total-limit=1000 

 8 name="2048/512-down" kind=pcq pcq-rate=256000 pcq-limit=50 pcq-classifier=dst-address pcq-total-limit=1000 

 9 name="3078/1024-up" kind=pcq pcq-rate=128000 pcq-limit=50 pcq-classifier=src-address pcq-total-limit=1000 

10 name="3078/1024-down" kind=pcq pcq-rate=385000 pcq-limit=50 pcq-classifier=dst-address pcq-total-limit=1000 

11 name="4096/1024-up" kind=pcq pcq-rate=128000 pcq-limit=50 pcq-classifier=src-address pcq-total-limit=1000 

12 name="4096/1024-down" kind=pcq pcq-rate=512000 pcq-limit=50 pcq-classifier=dst-address pcq-total-limit=1000 

13 name="5120/1024-up" kind=pcq pcq-rate=128000 pcq-limit=50 pcq-classifier=src-address pcq-total-limit=1000 

14 name="5120/1024-down" kind=pcq pcq-rate=640000 pcq-limit=50 pcq-classifier=dst-address pcq-total-limit=1000 

15 name="6144/1024-up" kind=pcq pcq-rate=128000 pcq-limit=50 pcq-classifier=src-address pcq-total-limit=1000 

16 name="6144/1024-down" kind=pcq pcq-rate=768000 pcq-limit=50 pcq-classifier=dst-address pcq-total-limit=1000 

17 name="7168/1024-up" kind=pcq pcq-rate=128000 pcq-limit=50 pcq-classifier=src-address pcq-total-limit=1000 

18 name="7168/1024-down" kind=pcq pcq-rate=896000 pcq-limit=50 pcq-classifier=dst-address pcq-total-limit=1000 

19 name="8192/1024-up" kind=pcq pcq-rate=128000 pcq-limit=50 pcq-classifier=src-address pcq-total-limit=1000 

20 name="8192/1024-down" kind=pcq pcq-rate=1024000 pcq-limit=50 pcq-classifier=dst-address pcq-total-limit=1000 

21 name="0768/128-up" kind=pcq pcq-rate=48000 pcq-limit=50 pcq-classifier=src-address pcq-total-limit=20971520 

22 name="0768/128-down" kind=pcq pcq-rate=96000 pcq-limit=50 pcq-classifier=dst-address pcq-total-limit=20971520 

23 name="default-small" kind=pfifo pfifo-limit=10

I have set up the queue trees:

[admin@MikroTik for BEM] /queue tree> pr
Flags: X - disabled, I - invalid 
 0   name="0768/128-down" parent=global-in packet-mark=0768/128-down limit-at=0 queue=1024/512-down priority=8 max-limit=0 
     burst-limit=0 burst-threshold=0 burst-time=0s 

 1   name="0768/128-up" parent=global-out packet-mark=0768/128-down limit-at=0 queue=0768/128-down priority=8 max-limit=0 
     burst-limit=0 burst-threshold=0 burst-time=0s 

 2   name="1024/512-up" parent=global-out packet-mark=1024/512-up limit-at=0 queue=1024/512-up priority=8 max-limit=0 burst-limit=>
     burst-threshold=0 burst-time=0s 

 3   name="1024/512-down" parent=global-in packet-mark=1024/512-down limit-at=0 queue=1024/512-down priority=8 max-limit=0 
     burst-limit=0 burst-threshold=0 burst-time=0s 

 4   name="2048/512-up" parent=global-out packet-mark=2048/512-up limit-at=0 queue=2048/512-up priority=8 max-limit=0 burst-limit=>
     burst-threshold=0 burst-time=0s 

 5   name="2048/512-down" parent=global-in packet-mark=2048/512-down limit-at=0 queue=2048/512-down priority=8 max-limit=0 
     burst-limit=0 burst-threshold=0 burst-time=0s 

 6   name="3078/1024-up" parent=global-out packet-mark=3078/1024-up limit-at=0 queue=3078/1024-up priority=8 max-limit=0 
     burst-limit=0 burst-threshold=0 burst-time=0s 

 7   name="4096/1024-up" parent=global-out packet-mark=4096/1024-up limit-at=0 queue=4096/1024-up priority=8 max-limit=0 
     burst-limit=0 burst-threshold=0 burst-time=0s 

 8   name="4096/1024-down" parent=global-in packet-mark=4096/1024-down limit-at=0 queue=4096/1024-down priority=8 max-limit=0 
     burst-limit=0 burst-threshold=0 burst-time=0s 

 9   name="5120/1024-up" parent=global-out packet-mark=5120/1024-up limit-at=0 queue=5120/1024-up priority=8 max-limit=0 
     burst-limit=0 burst-threshold=0 burst-time=0s 

10   name="5120/1024-down" parent=global-in packet-mark=5120/1024-down limit-at=0 queue=5120/1024-down priority=8 max-limit=0 
     burst-limit=0 burst-threshold=0 burst-time=0s 

11   name="6144/1024-up" parent=global-out packet-mark=6144/1024-up limit-at=0 queue=6144/1024-up priority=8 max-limit=0 
     burst-limit=0 burst-threshold=0 burst-time=0s 

12   name="6144/1024-down" parent=global-in packet-mark=6144/1024-down limit-at=0 queue=6144/1024-down priority=8 max-limit=0 
     burst-limit=0 burst-threshold=0 burst-time=0s 

13   name="7168/1024-up" parent=global-out packet-mark=7168/1024-up limit-at=0 queue=7168/1024-up priority=8 max-limit=0 
     burst-limit=0 burst-threshold=0 burst-time=0s 

14   name="7168/1024-down" parent=global-in packet-mark=7168/1024-down limit-at=0 queue=7168/1024-down priority=8 max-limit=0 
     burst-limit=0 burst-threshold=0 burst-time=0s 

15   name="8192/1024-up" parent=global-out packet-mark=8192/1024-up limit-at=0 queue=8192/1024-up priority=8 max-limit=0 
     burst-limit=0 burst-threshold=0 burst-time=0s 

16   name="8192/1024-down" parent=global-in packet-mark=8192/1024-down limit-at=0 queue=8192/1024-down priority=8 max-limit=0 
     burst-limit=0 burst-threshold=0 burst-time=0s

I have added the address of the laptop i’m using to test with to the address list:

[admin@MikroTik for BEM] /ip firewall address-list> pr
Flags: X - disabled, D - dynamic 
 #   LIST                                                                                           ADDRESS                        
 0   0768/128    172.20.34.254                  
 1   1024/512    0.0.0.0                        
 2   2048/512     0.0.0.0                        
 3   3078/1024     0.0.0.0                        
 4   4096/1024     0.0.0.0                        
 5   5120/1024      0.0.0.0                        
 6   6144/1024     0.0.0.0                        
 7   7168/1024    0.0.0.0                        
 8   8192/1024    0.0.0.0

I have setup mangle:

[admin@MikroTik for BEM] /ip firewall mangle> pr
Flags: X - disabled, I - invalid, D - dynamic 
 0   chain=prerouting action=mark-packet new-packet-mark=0768/128-up passthrough=no src-address-list=0768/128 in-interface=LAN 

 1   chain=postrouting action=mark-packet new-packet-mark=0768/128-down passthrough=no src-address-list=0768/128 out-interface=WAN 

 2   chain=prerouting action=mark-packet new-packet-mark=1024/512-up passthrough=no src-address-list=1024/512 in-interface=LAN 

 3   chain=postrouting action=mark-packet new-packet-mark=1024/512-up passthrough=no src-address-list=1024/512 out-interface=WAN 

 4   chain=prerouting action=mark-packet new-packet-mark=2048/512-up passthrough=no src-address-list=2048/512 in-interface=LAN 

 5   chain=postrouting action=mark-packet new-packet-mark=2048/512-up passthrough=no src-address-list=2048/512 out-interface=WAN 

 6   chain=prerouting action=mark-packet new-packet-mark=3078/1024-up passthrough=no src-address-list=3078/1024 in-interface=LAN 

 7   chain=postrouting action=mark-packet new-packet-mark=3078/1024-up passthrough=no src-address-list=3078/1024 out-interface=WAN 

 8   chain=prerouting action=mark-packet new-packet-mark=4096/1024-up passthrough=no src-address-list=4096/1024 in-interface=LAN 

 9   chain=postrouting action=mark-packet new-packet-mark=4096/1024-up passthrough=no src-address-list=4096/1024 out-interface=WAN 

10   chain=prerouting action=mark-packet new-packet-mark=5120/1024-up passthrough=no src-address-list=5120/10242 in-interface=LAN 

11   chain=postrouting action=mark-packet new-packet-mark=5120/1024-up passthrough=no src-address-list=5120/1024 out-interface=WAN 

12   chain=prerouting action=mark-packet new-packet-mark=6144/1024-up passthrough=no src-address-list=6144/1024 in-interface=LAN 

13   chain=postrouting action=mark-packet new-packet-mark=6144/1024-up passthrough=no src-address-list=6144/1024 out-interface=WAN 

14   chain=prerouting action=mark-packet new-packet-mark=7168/1024-up passthrough=no src-address-list=7168/1024 in-interface=LAN 

15   chain=postrouting action=mark-packet new-packet-mark=7168/1024-up passthrough=no src-address-list=7168/1024 out-interface=WAN 

16   chain=prerouting action=mark-packet new-packet-mark=8192/1024-up passthrough=no src-address-list=8192/1024 in-interface=LAN 

17   chain=postrouting action=mark-packet new-packet-mark=8192/1024-up passthrough=no src-address-list=8192/1024 out-interface=WAN

ron401 · January 26, 2010, 7:40pm

anybody?

fewi · January 26, 2010, 8:02pm

Sorry, my original post was inaccurate.

/ip firewall mangle
add chain=prerouting action=mark-packet new-packet-mark=profile1-up passthrough=no src-address-list=profile1 in-interface=LAN
add chain=postrouting action=mark-packet new-packet-mark=profile1-up passthrough=no src-address-list=profile1 out-interface=LAN

should be

/ip firewall mangle
add chain=prerouting action=mark-packet new-packet-mark=profile1-up passthrough=no src-address-list=profile1 in-interface=LAN
add chain=postrouting action=mark-packet new-packet-mark=profile1-down passthrough=no dst-address-list=profile1 out-interface=LAN

You caught the mistake in the packet mark name but still need to match the destination address rather than the source address, or downstream packets won’t match that rule, won’t be marked and won’t be rate limited.

Does that fix the issue?

wisperer · January 31, 2010, 2:10am

I use a 450 g for dhcp and I just set up a simple queue for every ip it gives out

That allows me to see in real time what each ip is doing, the total use and everything else in the pull down menu

vraa · January 31, 2010, 8:55am

Can you explain a little how you did this?

fewi · February 1, 2010, 3:02pm

Keep in mind that simple queues are evaluated top to bottom and will not scale very well. If you have hundreds of clients simple queues are a bad idea.

ron401 · February 1, 2010, 4:49pm

i have about 250 clients