Hello
I’m e new mikrotik user, at the moment i’ve 2 installation running, in both case I’ve been forced to reduce complexity (end features) having problem with queue and traffic shaping.
I apologize for my poor english
I would have some advice about this scenario, very similar to the one in http://wiki.mikrotik.com/wiki/Queue_Tree_with_more_than_two_interfaces, I’d like to know if there is a better way of doing this and if this could be a good starting point to add control on VPN traffic.
I have:
ADSL connection
2 or more different LAN subnet that share the adsl connection
VPN connection with LAN
There is not routing between LAN
My setup is the follow (simplified from 3 to 2 LAN):
/ip address
0 192.168.1.2/24 192.168.1.0 192.168.1.255 WAN
1 172.26.20.1/24 172.26.20.0 172.26.20.255 LAN2
2 172.26.10.1/24 172.26.10.0 172.26.10.255 LAN1
/ip firewall mangle> print
1 ;;; LAN1
chain=prerouting action=mark-connection new-connection-mark=Lan1-up passthrough=yes
src-address=172.26.10.0/24
2 chain=prerouting action=mark-packet new-packet-mark=Lan1U passthrough=no connection-mark=Lan1-up
3 chain=postrouting action=mark-connection new-connection-mark=Lan1-dow passthrough=yes
dst-address=172.26.10.0/24
4 chain=postrouting action=mark-packet new-packet-mark=Lan1D passthrough=no
connection-mark=Lan1-dow
5 … the same 4 rules for LAN2 with address 172.26.20.0/24 and mark prefix = Lan2
then I added queue configuration
/queue type
…
5 name=“pcq-upload” kind=pcq pcq-rate=0 pcq-limit=50 pcq-classifier=src-address
pcq-total-limit=2000
6 name=“pcq-download” kind=pcq pcq-rate=0 pcq-limit=50 pcq-classifier=dst-address
pcq-total-limit=2000
/queue tree
/queue> tree print
Flags: X - disabled, I - invalid
0 name=“Download” parent=global-out packet-mark=“” limit-at=0 queue=pcq-download priority=1
max-limit=8000000 burst-limit=0 burst-threshold=0 burst-time=0s
1 name=“Upload” parent=WAN packet-mark=“” limit-at=0 queue=pcq-upload priority=1
max-limit=512000 burst-limit=0 burst-threshold=0 burst-time=0s
2 name=“LAN1-D” parent=Download packet-mark=Lan1D limit-at=0 queue=pcq-download priority=5
max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s
3 name=“LAN1-U” parent=Upload packet-mark=Lan1U limit-at=0 queue=pcq-upload priority=5 max-limit=0
burst-limit=0 burst-threshold=0 burst-time=0s
4 name=“LAN2-D” parent=Download packet-mark=Lan2D limit-at=0 queue=pcq-download priority=5
max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s
5 name=“LAN2-U” parent=Upload packet-mark=Lan2U limit-at=0 queue=pcq-upload priority=5
max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s
The problem are:
VPN traffic is correctly managed from this rule?
Is correct to bound Upload queue to WAN and Download to global-out (global-out limitation is on total of upload and download, of limitation is occurring only on mangled traffic? )
best regards
Paolo Giorgi