Equally Distribute Available Bandwidth With PCQ

fr0zon · May 11, 2011, 8:40pm

Hi Guys,

Please would you give me a hand with this.
Ive looked around for about an hour on the forums but cant find a difinative answer.

I have a 2mb ppoe connection and i want to share this equally among my pc’s but if only one pc is active it should have the full 2mb, if 2 pcs are active 1mb each etc.

Thanks alot!

fewi · May 11, 2011, 8:55pm

http://wiki.mikrotik.com/wiki/Manual:Queues_-_PCQ#PCQ_Rate_Examples
See the second example. Set the pcq-rate to 0, and the max-limit of the queue that implements the PCQ queue type to 2 megs.

fr0zon · May 11, 2011, 9:00pm

Thanks fewi

Is this right ?

name=“PCQ_download” kind=pcq pcq-rate=0 pcq-limit=50
pcq-classifier=dst-address pcq-total-limit=2000 pcq-burst-rate=0
pcq-burst-threshold=0 pcq-burst-time=10s pcq-src-address-mask=32
pcq-dst-address-mask=32 pcq-src-address6-mask=128
pcq-dst-address6-mask=128

/queue tree> print
Flags: X - disabled, I - invalid
0 name=“queue1” parent=global-in limit-at=0 queue=PCQ_download priority=8
max-limit=2048 burst-limit=0 burst-threshold=0 burst-time=0s

fewi · May 11, 2011, 9:41pm

I don’t have enough information about your network topology to say for sure - after all this thread is virtually without context.

That should probably be applied to the PPPoE interface as a parent rather than global-in. Global-in, after all, is all traffic that enters the router - so both packets that enter via the WAN interface as well as packets that enter via the LAN interface.

akosenko · May 12, 2011, 7:10am

fr0zon, if you use NAT on your router, then you must use globa-in or global-out interfaces for parents, because after SNAT or before DNAT pcq don’t know client’s addresses. So your config is right, but how write fewi - we’re don’t have enoght info about your network topology to say 100%.

Many users use NAT on own routers, but many network professionals and support specialists think that users use simple routing and provide to users wrong solutions.

sorry for my bad English.

fr0zon · May 12, 2011, 4:55pm

Thanks Guys

If you would please help me out with a string of commands i can copy into console, I cant get this working.

Fewi, here is the info you require.

Flags: X - disabled, I - invalid, D - dynamic
0 address=192.168.50.1/24 network=192.168.50.0 interface=ether1
actual-interface=ether1

1 D address=41.162.7.20/32 network=2.0.0.252 interface=pppoe-out1
actual-interface=pppoe-out1

0 ADS dst-address=0.0.0.0/0 gateway=2.0.0.252
gateway-status=2.0.0.252 reachable pppoe-out1 distance=1 scope=30
target-scope=10

1 ADC dst-address=2.0.0.252/32 pref-src=41.162.7.20 gateway=pppoe-out1
gateway-status=pppoe-out1 reachable distance=0 scope=10

2 ADC dst-address=192.168.50.0/24 pref-src=192.168.50.1 gateway=ether1
gateway-status=ether1 reachable distance=0 scope=10

NAME TYPE MTU L2MTU

0 R ether1 ether 1500 1526
1 R wlan1 wlan 1500 2290
2 R pppoe-out1 pppoe-out 1480

may/12/2011 18:53:20 by RouterOS 5.0rc11

software id = 6PWX-DEZ3

/ip firewall connection tracking
set enabled=yes generic-timeout=10m icmp-timeout=10s tcp-close-timeout=10s
tcp-close-wait-timeout=10s tcp-established-timeout=1d
tcp-fin-wait-timeout=10s tcp-last-ack-timeout=10s
tcp-syn-received-timeout=5s tcp-syn-sent-timeout=5s tcp-syncookie=no
tcp-time-wait-timeout=10s udp-stream-timeout=3m udp-timeout=10s
/ip firewall filter
add action=passthrough chain=unused-hs-chain comment=
“place hotspot rules here” disabled=yes
add action=accept chain=input comment=“Allow Winbox” disabled=no dst-port=
8291 protocol=tcp
add action=add-src-to-address-list address-list=“port scanners”
address-list-timeout=2w chain=input comment="Port scanners to list "
disabled=no protocol=tcp psd=21,3s,3,1
add action=add-src-to-address-list address-list=“port scanners”
address-list-timeout=2w chain=input comment=“NMAP FIN Stealth scan”
disabled=no protocol=tcp tcp-flags=fin,!syn,!rst,!psh,!ack,!urg
add action=add-src-to-address-list address-list=“port scanners”
address-list-timeout=2w chain=input comment=“SYN/FIN scan” disabled=no
protocol=tcp tcp-flags=fin,syn
add action=add-src-to-address-list address-list=“port scanners”
address-list-timeout=2w chain=input comment=“SYN/RST scan” disabled=no
protocol=tcp tcp-flags=syn,rst
add action=add-src-to-address-list address-list=“port scanners”
address-list-timeout=2w chain=input comment=“FIN/PSH/URG scan” disabled=
no protocol=tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack
add action=add-src-to-address-list address-list=“port scanners”
address-list-timeout=2w chain=input comment=“ALL/ALL scan” disabled=no
protocol=tcp tcp-flags=fin,syn,rst,psh,ack,urg
add action=drop chain=input comment=“dropping port scanners” disabled=no
src-address-list=“port scanners”
add action=add-src-to-address-list address-list=“port scanners”
address-list-timeout=2w chain=input comment=“NMAP NULL scan” disabled=no
protocol=tcp tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg
add action=add-src-to-address-list address-list=ssh_blacklist
address-list-timeout=1w3d chain=input connection-state=new disabled=no
dst-port=22 protocol=tcp src-address-list=ssh_stage3
add action=add-src-to-address-list address-list=ssh_stage3
address-list-timeout=1m chain=input connection-state=new disabled=no
dst-port=22 protocol=tcp src-address-list=ssh_stage2
add action=add-src-to-address-list address-list=ssh_stage2
address-list-timeout=1m chain=input connection-state=new disabled=no
dst-port=22 protocol=tcp src-address-list=ssh_stage1
add action=add-src-to-address-list address-list=ssh_stage1
address-list-timeout=1m chain=input connection-state=new disabled=no
dst-port=22 protocol=tcp
add action=drop chain=input comment=“drop ssh brute forcers” disabled=no
dst-port=22 protocol=tcp src-address-list=ssh_blacklist
/ip firewall nat
add action=dst-nat chain=dstnat comment=“HTPC PORT 80” disabled=no dst-port=
9091 protocol=tcp to-addresses=192.168.50.104 to-ports=80
add action=dst-nat chain=dstnat comment=“Forward Port 9090 to NAS” disabled=
no dst-port=9090 protocol=tcp to-addresses=192.168.50.102 to-ports=9090
add action=passthrough chain=unused-hs-chain comment=
“place hotspot rules here” disabled=yes
add action=masquerade chain=srcnat disabled=no src-address=192.168.50.0/24
/ip firewall service-port
set ftp disabled=no ports=21
set tftp disabled=no ports=69
set irc disabled=no ports=6667
set h323 disabled=no
set sip disabled=no ports=5060,5061
set pptp disabled=no

Thats everything you asked for.

THANKS in advance

usmany · May 13, 2011, 9:06am

You can try this syntax, i am sure will solve your problem, but change the ip address 10.11.35.0/24 to your network ip address

/ip firewall mangle add chain=forward src-address=10.11.35.0/24
action=mark-connection new-connection-mark=users-con
/ip firewall mangle add connection-mark=users-con action=mark-packet
new-packet-mark=users chain=forward

/queue type add name=pcq-download kind=pcq pcq-classifier=dst-address
/queue type add name=pcq-upload kind=pcq pcq-classifier=src-address

/queue tree add parent=lan queue=pcq-download packet-mark=users
/queue tree add parent=internet queue=pcq-upload packet-mark=users

When you change the ip address, just copy and paste into the new terminal prompt.

Enjoy