Hello,
I would like your help if my rules are OK. I have 150M/150M bandwidth which I provide internet
in two networks (Offices & Hotspot). I want to equal share bandwidth for all users but to limit
all users in hotspot network up to 100M/100M so Offices network will have minimum 50M/50M
bandwidth all the time.
I’m using mangle rules and queue tree with pcq.
/ip firewall mangle add action=mark-connection chain=forward comment=“Offices Network” in-interface=bridge.offices.lan new-connection-mark=offices.upload passthrough=yes
/ip firewall mangle add action=mark-connection chain=forward new-connection-mark=offices.download out-interface=bridge.offices.lan passthrough=yes
/ip firewall mangle add action=mark-packet chain=forward connection-mark=offices.upload new-packet-mark=offices.upload passthrough=yes
/ip firewall mangle add action=mark-packet chain=forward connection-mark=offices.download new-packet-mark=offices.download passthrough=yes
/ip firewall mangle add action=mark-connection chain=forward comment=“Guests Network” in-interface=bridge.guests.lan new-connection-mark=hotspot.upload passthrough=yes
/ip firewall mangle add action=mark-connection chain=forward new-connection-mark=hotspot.download out-interface=bridge.guests.lan passthrough=yes
/ip firewall mangle add action=mark-packet chain=forward connection-mark=hotspot.upload new-packet-mark=hotspot.upload passthrough=yes
/ip firewall mangle add action=mark-packet chain=forward connection-mark=hotspot.download new-packet-mark=hotspot.download passthrough=yes
/queue tree add max-limit=150M name=“Total Download” parent=global queue=pcq-down
/queue tree add max-limit=100M name=“hotspot down” packet-mark=hotspot.download parent=“Total Download” queue=pcq-down
/queue tree add name=“offices down” packet-mark=offices.download parent=“Total Download” queue=pcq-down
/queue tree add max-limit=150M name=“Total Upload” parent=global queue=pcq-up
/queue tree add max-limit=100M name=“hotspot up” packet-mark=hotspot.upload parent=“Total Upload” queue=pcq-up
/queue tree add name=“offices up” packet-mark=offices.upload parent=“Total Upload” queue=pcq-up
I would like your suggestions for my config.
Thanks
Hey
- make sure the pcq are setup for ip only up->src & down->dst ip
- don’t specify max on children queues, only “limit at”, so that these can use all available bandwidth of parent. Right now even if office is using 0, hotspot will be limited to 100.
- I’m guessing, you would want to give prio to office?
- mark connection in forward, mark packets in postrouting => no need for pass-through
- only mark connections if needed: connection-mark=no-mark
- connection marking is for the whole connection, both up & down → connection marks: office or hotspot
- hotspot is bulk of your traffic: don’t mark it and use packet-mark=no-mark for queueing. these could be even fast-tracked
ex
Down: max 150
off: limit:50, prio 1
hot: limit100, prio 2
Up: (same)
hey,
Thanks for the suggestions. I got some questions because didn’t understand all perfectly…
“…* don’t specify max on children queues, only “limit at”, so that these can use all available bandwidth of parent. Right now even if office is using 0, hotspot will be limited to 100..”
- I can’t setup only “limit at”. I get error. It wants also max limit.
"…
- only mark connections if needed: connection-mark=no-mark
- connection marking is for the whole connection, both up & down → connection marks: office or hotspot
- hotspot is bulk of your traffic: don’t mark it and use packet-mark=no-mark for queueing. these could be even fast-tracked.."
If i got it correctly you suggest to use one rule to mark Office traffic
/ip firewall mangle add action=mark-connection chain=forward comment=“Offices Network” in-interface=bridge.offices.lan new-connection-mark=offices.lan passthrough=yes
/ip firewall mangle add action=mark-packet chain=postrouting connection-mark=offices.lan new-packet-mark=offices.lan passthrough=no
and use the marked packets for down and up queues.
“..* hotspot is bulk of your traffic: don’t mark it and use packet-mark=no-mark for queueing. these could be even fast-tracked..”
if I use packet-mark=no-mark for queuing queue tree is not working correctly. Download is 0 all the time and only upload got traffic.
Maybe my Total Parent is wrong. I use global for both down and up.
If its not trouble can you provide more detailed rules plz.
thank you
“I can’t setup only “limit at”. I get error. It wants also max limit.”
Edit: apparently with limit-at, max is indeed mandatory.
/ip firewall mangle add action=mark-connection chain=forward comment="Offices Network" in-interface=bridge.offices.lan new-connection-mark=offices connection-mark=no-mark
/ip firewall mangle add action=mark-connection chain=forward comment="Guests Network" in-interface=bridge.guests.lan new-connection-mark=hotspot connection-mark=no-mark
/ip firewall mangle add action=mark-packet chain=postrouting connection-mark=offices new-packet-mark=offices
/ip firewall mangle add action=mark-packet chain=postrouting connection-mark=hotspot new-packet-mark=hotspot
/queue tree add max-limit=150M name="Total Download" parent=global queue=pcq-down
/queue tree add limit-at=50M max-limit=150M name="offices down" packet-mark=offices parent="Total Download" queue=pcq-down priority=2
/queue tree add limit-at=100M max-limit=150M name="hotspot down" packet-mark=hotspot parent="Total Download" queue=pcq-down priority=4
/queue tree add max-limit=150M name="Total Upload" parent=global queue=pcq-up
/queue tree add limit-at=50M max-limit=150M name="offices up" packet-mark=offices parent="Total Upload" queue=pcq-up priority=2
/queue tree add limit-at=100M max-limit=150M name="hotspot up" packet-mark=hotspot parent="Total Upload" queue=pcq-up priority=4
Edit: you are not using FastTrack, are you?
Hi,
I’m not using FastTrack.
I used your rules but in queue tree the download isn’t working.
I can watch all traffic with upload rules.
Thanks.
Hey
As you’ll notice in the below diagram HTB global is after postrouting mangle. So it should be working…
Try moving the mangle rules to prerouting?
/ip firewall mangle add action=mark-packet chain=prerouting connection-mark=offices new-packet-mark=offices
/ip firewall mangle add action=mark-packet chain=prerouting connection-mark=hotspot new-packet-mark=hotspot
Hey,
Thanks for the help I change the mangle rules to prerouting but nothing.
Queue tree don’t work correctly. I double checked everything but I got them as you
suggested. Maybe I missed something…
Thanks
You can also check in connection list (ip → firewall → connections) that the connections from offices / hotspot are properly marked => column: connection mark.
thx,
I try again tomorrow to see whats wrong.
Hi,
I couldn’t find what is wrong and I deleted everything. I made new rules according what I read from
https://wiki.mikrotik.com/wiki/Manual:Queues_-_PCQ_Examples
/ip firewall mangle add action=mark-packet chain=prerouting comment=“Office Network” in-interface=bridge.offices.lan new-packet-mark=office.upload passthrough=no
/ip firewall mangle add action=mark-packet chain=postrouting new-packet-mark=offices.download out-interface=bridge.offices.lan passthrough=no
/ip firewall mangle add action=mark-packet chain=prerouting comment=“Other Networks” in-interface=bridge.guests.lan new-packet-mark=others.upload passthrough=no
/ip firewall mangle add action=mark-packet chain=postrouting new-packet-mark=others.download out-interface=bridge.guests.lan passthrough=no
/queue tree add max-limit=150M name=“Total Download” parent=global
/queue tree add max-limit=150M name=“Total Upload” parent=global
/queue tree add limit-at=100M max-limit=150M name=“2. others download” packet-mark=others.download parent=“Total Download” priority=4 queue=PCQ_download
/queue tree add limit-at=100M max-limit=150M name=“2. others upload” packet-mark=others.upload parent=“Total Upload” priority=4 queue=PCQ_upload
/queue tree add limit-at=50M max-limit=150M name=“1. offices download” packet-mark=offices.download parent=“Total Download” priority=2 queue=PCQ_download
/queue tree add limit-at=50M max-limit=150M name=“1. offices upload” packet-mark=office.upload parent=“Total Upload” priority=2 queue=PCQ_upload
It seems to work OK when i do speed tests but any suggestions are welcome.
Thanks
If it’s working and you’re happy, don’t touch it. Cheers