Fair bandwidth sharing problem

macsrwe · March 14, 2010, 4:38am

I am trying to implement bandwidth limitation on subscribers to a WISP. I am trying to “guarantee” each “standard” user (192.168.3.128-254) a download speed of 1Mb, and each “premium” user (192.168.3.64-127) a download speed of 1.5Mb, while allowing them to run slightly faster than that if extra bandwidth if available, and allowing them to degrade equally if all together they overload the total WAN bandwidth. I understood that the following configuration commands would do this:

[admin@town] /queue> simple print

Flags: X - disabled, I - invalid, D - dynamic 
 0    name="std-user" target-addresses=192.168.3.128/25 dst-address=0.0.0.0/0 interface=lan parent=none
       direction=both priority=8 queue=upload-std/download-std limit-at=512k/1024k max-limit=600k/1300k
       burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s total-queue=wireless-default 

 1    name="prem-user" target-addresses=192.168.3.64/26 dst-address=0.0.0.0/0 interface=lan parent=none
       direction=both priority=7 queue=upload-prem/download-prem limit-at=512k/1536k max-limit=600k/1700k
       burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s total-queue=wireless-default 

[admin@town] /queue> type print
...
 5 name="download-std" kind=pcq pcq-rate=1200000 pcq-limit=50 pcq-classifier=dst-address pcq-total-limit=2000 

 6 name="upload-std" kind=pcq pcq-rate=620000 pcq-limit=50 pcq-classifier=src-address pcq-total-limit=2000 

 7 name="download-prem" kind=pcq pcq-rate=1800000 pcq-limit=50 pcq-classifier=dst-address pcq-total-limit=2000 

 8 name="upload-prem" kind=pcq pcq-rate=620000 pcq-limit=50 pcq-classifier=src-address pcq-total-limit=2000

However, the behavior I am seeing suggests that I may have established a 1Mb/sec “pool” which all standard users are sharing, such that if two people are active simultaneously, they get only 512Kb each. That was not my intent. I wanted each user to get 1Mb or 1.5Mb, respectively.

Can someone suggest how I could fix this configuration to make it do what I want? I have studied the queueing documentation in two generations of manuals and find the explanations simply impenetrable. Thanks.

Caci99 · March 14, 2010, 3:50pm

The limits you have secified are for that one queue, doesn’t matter if you specifie a subnet
or a single IP. Those limits will be applied on that queue.
In order to get the limits for each client you have to increase those limits
to the multiple of the number of clients for each subnet.
For example, if you have 10 users on the subnet 192.168.3.128/25 the queue should be sth like:

0 name=“std-user” target-addresses=192.168.3.128/25 dst-address=0.0.0.0/0 interface=lan parent=none
direction=both priority=8 queue=upload-std/download-std limit-at=5120k/10240k max-limit=6000k/13000k
burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s total-queue=wireless-default

macsrwe · March 14, 2010, 5:21pm

But that assumes all my subscribers are working continuously all the time – otherwise, when nine subscribers are idle, the remaining one will be able to suck up the entire bandwidth. This is not the operation I want, either. How could one arrange to get the operation I want as I have described it; that is, each user is individually guaranteed 1Mb, and can take advantage of unused bandwidth but only up to a max of 1.3Mb?

fewi · March 14, 2010, 5:37pm

You cannot do that with simple queues without creating one queue per user. Use PCQ instead. The wiki and presentation slides from MUM have many examples.

macsrwe · March 14, 2010, 6:33pm

All right, fair enough, I guess I will search for those writeups.

One further question. There is a “rate limit” field in /ip dhcp-server lease. It seems to correspond exactly to the mechanism I want, in the DHCP case, at least – limit each user independently to a certain max bandwidth, not limit an entire class of users to share the same bandwidth. Is this true, or am I misleading myself again?

Caci99 · March 14, 2010, 9:15pm

I am not aware of the feature you mention in the dhcp server, but I think it will
still create a simple queue.
There is one problem with the queues, the more they are, the more latency you will have.
Every packet will have to pass one queue after another, although it could match itself
in the very first one, so try to keep quantity of queues as low as possible.

pcglobelb · March 15, 2010, 9:56am

do your clients have static ips ? in all cases i really recommend you read a little about pcq

macsrwe · March 15, 2010, 7:02pm

My WISP clients have static IPs. My question about the DHCP lease feature was for a separate Mikrotik, an in-building router.

nickb · March 17, 2010, 11:19pm

I’ve implemented a similar system.

/ip firewall address-list
add address=0.0.0.0 comment="" disabled=no list=Restricted
add address=0.0.0.0 comment="" disabled=no list=Standard
add address=0.0.0.0 comment="" disabled=no list=Enhanced
/ip firewall mangle
add action=mark-connection chain=forward comment="Mark Restricted Traffic" \
    disabled=no new-connection-mark=Restricted_Connection passthrough=yes \
    src-address-list=Restricted
add action=mark-packet chain=forward comment="" connection-mark=\
    Restricted_Connection disabled=no new-packet-mark=Restricted_Traffic \
    passthrough=no
add action=mark-connection chain=forward comment="Mark Standard Traffic" \
    disabled=no new-connection-mark=Standard_Connection passthrough=yes \
    src-address-list=Standard
add action=mark-packet chain=forward comment="" connection-mark=\
    Standard_Connection disabled=no new-packet-mark=Standard_Traffic \
    passthrough=no
add action=mark-connection chain=forward comment="Mark Enhanced Traffic" \
    disabled=no new-connection-mark=Enhanced_Connection passthrough=yes \
    src-address-list=Enhanced
add action=mark-packet chain=forward comment="" connection-mark=\
    Enhanced_Connection disabled=no new-packet-mark=Enhanced_Traffic \
    passthrough=no
add action=log chain=forward comment="Check for unmarked traffic" disabled=no \
    log-prefix=""
/queue type
add kind=pcq name=PCQ_down_2M pcq-classifier=dst-address pcq-limit=20 \
    pcq-rate=2000000 pcq-total-limit=500
add kind=pcq name=PCQ_up_512k pcq-classifier=src-address pcq-limit=20 \
    pcq-rate=512000 pcq-total-limit=500
add kind=pcq name=PCQ_down_1M pcq-classifier=dst-address pcq-limit=30 \
    pcq-rate=1000000 pcq-total-limit=1000
add kind=pcq name=PCQ_down_768k pcq-classifier=dst-address pcq-limit=30 \
    pcq-rate=768000 pcq-total-limit=1000
add kind=pcq name=PCQ_up_384k pcq-classifier=src-address pcq-limit=30 \
    pcq-rate=384000 pcq-total-limit=1000
add kind=pcq name=PCQ_up_256k pcq-classifier=src-address pcq-limit=30 \
    pcq-rate=256000 pcq-total-limit=1000
/queue tree
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=Total_Download packet-mark="" parent=Broadcast priority=\
    8 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=Total_Upload packet-mark="" parent=Feed priority=8 \
    queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=Restricted_Download packet-mark=Restricted_Traffic \
    parent=Total_Download priority=8 queue=PCQ_down_768k
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=Standard_Download packet-mark=Standard_Traffic parent=\
    Total_Download priority=4 queue=PCQ_down_1M
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=Enhanced_Download packet-mark=Enhanced_Traffic parent=\
    Total_Download priority=4 queue=PCQ_down_2M
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=Restricted_Upload packet-mark=Restricted_Traffic parent=\
    Total_Upload priority=8 queue=PCQ_up_256k
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=Standard_Upload packet-mark=Standard_Traffic parent=\
    Total_Upload priority=4 queue=PCQ_up_384k
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=Enhanced_Upload packet-mark=Enhanced_Traffic parent=\
    Total_Upload priority=4 queue=PCQ_up_512k

This creates three service classes:

768k/256k “Restricted”
1M/384k “Standard”
2M/512k “Enhanced”

Note that this configuration does not have a guaranteed minimum. Some research into this structure should reveal how you can do so.