I’m trying to understand the MUM US 2009 QoS guide by Janis Megis. Well he mentions that
In case of SRC-NAT (masquerade) Global-Out will be aware of private client addresses, but Interface HTB will not – Interface HTB is after SRC-NAT
Then he opts for limit traffic per client (IP addresses) in Out-Interface HTB.
The question is, if he is considering a network with a masquerade (src-nat) applied. It’s not clear for me what implies the phrase Global-Out will be aware of private client addresses
Salud!
Hi again,
Janis has provided indepth diagrams of how the MikroTik packet flow system works here: http://wiki.mikrotik.com/wiki/Manual:Packet_Flow
These show what chains packets will enter and when specific chains are reached, such as src-nat, dst-nat, pre-routing, post-routing etc.
Hope this helps you 
He’s saying that you can match or modify private client addresses in Global-Out. It’s before the src has been rewritten to the public source address.
Ok. I understand. Applying masquerade, packets’ source addresses are rewritten somewhere in between the Global Out and Out-Interface HTB, and, being that the private source addresses are required/used as classifiers for the PCQ structure to generate the sub-streams that corresponds every user/subnet, then, the PCQ structure must be attached to the Global Out interface.
I don’t know why Janis didn’t consider the masquerade, but being the case that I will implement masquerade, I need your help about the rules to implement the queue tree. It’s just about changing the parameter parent to parent=global-out for both, the total download and upload or implies more changes.
Thanks in advance for your help.
Salud!