How to disable ALL Queues

RouterOS Beginner Basics
1

Dear Mikrotik experts,

I’m new to Mikrotik and RouterOS, and I’m having a nightmare time with Queues.

I’m maintaining an RB450G hotspot for a hotel (about 100 wi-fi users daily), and everything is working well except that I don’t know how to eliminate any Queues, and it’s slowing down the network to a crawl!

I got a 50/10Mbps cable line, and total usage doesn’t get above 10Mbps because of Queues.

Please tell me how I can disable all Queues entirely, so that users stop complaining… I would gladly learn how to use queues, and read all the material, but for now I just need to get rid of them. :slight_smile:

This is urgent. I greatly appreciator the help!

Thank You

2

select them all and hit D

3

Thank you for replying.

There’s a “hot-spot” Queue, “Simple Queue”, as well as “Interface Queues”.

Also, each Queue has “Queue Types” which I can adjust. I tried setting it at 50, 100 and 200 (packets), and it’s working fine for some time, but then slows down again!

The “Queue Type” that I choose was PFIFO. Is it the one to use if I don’t want it to restrict traffic?

If I delete the “Simple Queue and Hotspot Queue”, it doesn’t get any better.

Please help. Is there a way to just disable any queues and any sorts or restrictions/queue types?

Thank you for prompt response!

4 
/ip firewall mangle
add chain=prerouting action=mark-packet new-packet-mark=override
/queue tree
add parent=global-in max-limit=100000000 packet-mark=override
add parent=global-out max-limit=100000000 packet-mark=override

Or something. Hotspots automatically install dynamic queues (marked with a ‘D’). You can’t get rid of them, but you can override them. The above unconditionally marks all packets and shoves them into global queues that don’t do anything until they have 100Mbps in them (will never be reached because your ISP will drop things before that happens).

That said, all this should be completely unnecessary. A 450G should be able to handle 100 Hotspot users with 100 simple dynamic queues just fine. There’s something wrong with your topology or your configuration and you’re trying to slap a band aid on it instead of fixing the underlying issue.

Post a network diagram and your configuration.

Incidentally, thus forum is the wrong place for urgent help. This is community based. If you need urgent help you need to pay a consultant.

5

I agree with you, fewi, it should not be necessary to disable the queues… just adjust them. Thank you very much for helping!

The topology is as follows:

WAN: Comcast modem (50/10), 5 static IPs. Only 1 IP is used - configured on RB450G Eth1.
HotSpot: Eth2 connected to Dell switch . 10.10.15.0 /24
InternetCafe: Eth4 (12 workstations): connected to different switch. 10.10.16.0 /24

If I connect my laptop straight to the Comcast cable modem, and assign it a public IP, it works fine and pages load quickly. So something is going on inside of the RB450G…

I tried:

  1. adjusting the Interface Queue “queue type” on eth1, 2, 4 to “default”, PFIFO and increasing the number to 50, 100, 200 packets. It’s a complete crawl at 10-50, but a little better at 200 or so.

  2. There were also some entries in Firewall that were red/invalid. I deleted those.

Complete configuration attached:

MikroTik RouterOS 4.10 (c) 1999-2010 http://www.mikrotik.com/

file -- File name
hide-sensitive -- 


[username@PostMikrotik] > export 
# jan/01/1970 16:07:47 by RouterOS 4.10
# software id = ID94-PKAP
#
/interface bridge
add admin-mac=00:00:00:00:00:00 ageing-time=5m arp=enabled auto-mac=yes \
    comment="" disabled=yes forward-delay=15s max-message-age=20s mtu=1500 \
    name=bridge priority=0x8000 protocol-mode=none transmit-hold-count=6
/interface ethernet
set 0 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited comment=\
    "" disabled=no full-duplex=yes l2mtu=1524 mac-address=00:0C:42:54:CC:B2 \
    master-port=none mtu=1500 name=ether1-gateway speed=100Mbps
set 1 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited comment=\
    "" disabled=no full-duplex=yes l2mtu=1524 mac-address=00:0C:42:54:CC:B3 \
    master-port=none mtu=1500 name=ether2-PostWiFi speed=100Mbps
set 2 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited comment=\
    "" disabled=no full-duplex=yes l2mtu=1524 mac-address=00:0C:42:54:CC:B4 \
    master-port=none mtu=1500 name=ether3-local speed=100Mbps
set 3 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited comment=\
    "" disabled=no full-duplex=yes l2mtu=1524 mac-address=00:0C:42:54:CC:B5 \
    master-port=none mtu=1500 name=ether4-IntCafe speed=100Mbps
set 4 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited comment=\
    "" disabled=no full-duplex=yes l2mtu=1524 mac-address=00:0C:42:54:CC:B6 \
    master-port=none mtu=1500 name=ether5-local speed=100Mbps
/interface ethernet switch
set switch1 mirror-source=none mirror-target=none name=switch1 \
    switch-all-ports=yes
/ip hotspot profile
set WiFiServerProfile dns-name="" hotspot-address=10.10.15.1 html-directory=\
    hotspot http-proxy=0.0.0.0:0 login-by=http-chap name=WiFiServerProfile \
    rate-limit="" smtp-server=0.0.0.0 split-user-domain=no use-radius=no
/ip hotspot
add disabled=no idle-timeout=5h interface=ether2-PostWiFi keepalive-timeout=\
    none name=PostWiFi profile=WiFiServerProfile
/ip ipsec proposal
set default auth-algorithms=sha1 comment="" disabled=no enc-algorithms=3des \
    lifetime=30m name=default pfs-group=modp1024
/ip pool
add name="Post Wi-Fi pool" ranges=10.10.15.2-10.10.15.254
add name="Post .11 pool" ranges=192.168.11.10-192.168.11.200
/ip dhcp-server
add address-pool="Post Wi-Fi pool" authoritative=after-2sec-delay \
    bootp-support=static disabled=no interface=ether2-PostWiFi lease-time=1h \
    name=PostWiFi
add address-pool="Post .11 pool" authoritative=after-2sec-delay \
    bootp-support=static disabled=no interface=ether5-local lease-time=1d \
    name=PostMGR
/ip hotspot user profile
set WiFiUserProfile address-pool="Post Wi-Fi pool" idle-timeout=4h \
    keepalive-timeout=4h name=WiFiUserProfile shared-users=unlimited \
    status-autorefresh=5m transparent-proxy=no
/port
set 0 baud-rate=auto data-bits=8 flow-control=none name=serial0 parity=none \
    stop-bits=1
/ppp profile
set default change-tcp-mss=yes comment="" name=default only-one=default \
    use-compression=default use-encryption=default use-vj-compression=default
set default-encryption change-tcp-mss=yes comment="" name=default-encryption \
    only-one=default use-compression=default use-encryption=yes \
    use-vj-compression=default
/queue type
set default kind=pfifo name=default pfifo-limit=200
set ethernet-default kind=pfifo name=ethernet-default pfifo-limit=250
set wireless-default kind=pfifo name=wireless-default pfifo-limit=250
set synchronous-default kind=red name=synchronous-default red-avg-packet=1000 \
    red-burst=20 red-limit=60 red-max-threshold=50 red-min-threshold=10
set hotspot-default kind=pfifo name=hotspot-default pfifo-limit=250
set default-small kind=pfifo name=default-small pfifo-limit=250
/queue simple
add burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s comment="" \
    direction=both disabled=no dst-address=0.0.0.0/0 interface=\
    ether2-PostWiFi limit-at=0/0 max-limit=0/0 name=queue1 parent=none \
    priority=8 queue=default/default target-addresses=\
    10.10.15.0/24,10.10.16.0/24 total-queue=default
/routing bgp instance
set default as=65530 client-to-client-reflection=yes comment="" disabled=no \
    ignore-as-path-len=no name=default out-filter="" redistribute-connected=\
    no redistribute-ospf=no redistribute-other-bgp=no redistribute-rip=no \
    redistribute-static=no router-id=0.0.0.0 routing-table=""
/routing ospf instance
set default comment="" disabled=no distribute-default=never in-filter=ospf-in \
    metric-bgp=auto metric-connected=20 metric-default=1 metric-other-ospf=\
    auto metric-rip=20 metric-static=20 name=default out-filter=ospf-out \
    redistribute-bgp=no redistribute-connected=no redistribute-other-ospf=no \
    redistribute-rip=no redistribute-static=no router-id=0.0.0.0
/routing ospf area
set backbone area-id=0.0.0.0 comment="" disabled=no instance=default name=\
    backbone type=default
/snmp
set contact="" enabled=no engine-boots=0 engine-id="" location="" \
    time-window=15 trap-sink=0.0.0.0 trap-version=1
/snmp community
set Serge address=192.168.11.1/32 authentication-password="" \
    authentication-protocol=MD5 encryption-password="" encryption-protocol=\
    DES name=Serge read-access=no security=none write-access=no
/system logging action
set memory memory-lines=100 memory-stop-on-full=no name=memory target=memory
set disk disk-file-count=2 disk-file-name=log disk-lines-per-file=100 \
    disk-stop-on-full=no name=disk target=disk
set echo name=echo remember=yes target=echo
set remote bsd-syslog=no name=remote remote=0.0.0.0:514 src-address=0.0.0.0 \
    syslog-facility=daemon syslog-severity=auto target=remote
/system routerboard settings
set baud-rate=115200 boot-delay=2s boot-device=nand-if-fail-then-ethernet \
    boot-protocol=bootp cpu-frequency=680MHz enable-jumper-reset=yes \
    enter-setup-on=any-key force-backup-booter=no silent-boot=no
set baud-rate=115200 boot-delay=2s boot-device=nand-if-fail-then-ethernet \
    boot-protocol=bootp cpu-frequency=680MHz enable-jumper-reset=yes \
    enter-setup-on=any-key force-backup-booter=no silent-boot=no
/user group
add comment="" name=read policy="local,telnet,ssh,reboot,read,test,winbox,pass\
    word,web,sniff,sensitive,!ftp,!write,!policy"
add comment="" name=write policy="local,telnet,ssh,reboot,read,write,test,winb\
    ox,password,web,sniff,sensitive,!ftp,!policy"
add comment="" name=full policy="local,telnet,ssh,ftp,reboot,read,write,policy\
    ,test,winbox,password,web,sniff,sensitive"
/interface bridge port
add bridge=bridge comment="" disabled=no edge=auto external-fdb=auto horizon=\
    none interface=ether2-PostWiFi path-cost=10 point-to-point=auto priority=\
    0x80
add bridge=bridge comment="" disabled=no edge=auto external-fdb=auto horizon=\
    none interface=ether3-local path-cost=10 point-to-point=auto priority=\
    0x80
add bridge=bridge comment="" disabled=no edge=auto external-fdb=auto horizon=\
    none interface=ether4-IntCafe path-cost=10 point-to-point=auto priority=\
    0x80
add bridge=bridge comment="" disabled=no edge=auto external-fdb=auto horizon=\
    none interface=ether5-local path-cost=10 point-to-point=auto priority=\
    0x80
/interface bridge settings
set use-ip-firewall=no use-ip-firewall-for-pppoe=no use-ip-firewall-for-vlan=\
    no
/interface ethernet switch port
set (unknown) vlan-header=leave-as-is vlan-mode=fallback
set (unknown) vlan-header=leave-as-is vlan-mode=fallback
set (unknown) vlan-header=leave-as-is vlan-mode=fallback
set (unknown) vlan-header=leave-as-is vlan-mode=fallback
set (unknown) vlan-header=leave-as-is vlan-mode=fallback
/interface l2tp-server server
set authentication=pap,chap,mschap1,mschap2 default-profile=\
    default-encryption enabled=no max-mru=1460 max-mtu=1460 mrru=disabled
/interface ovpn-server server
set auth=sha1,md5 certificate=none cipher=blowfish128,aes128 default-profile=\
    default enabled=no keepalive-timeout=60 mac-address=FE:B6:7C:EA:E4:2E \
    max-mtu=1500 mode=ip netmask=24 port=1194 require-client-certificate=no
/interface pptp-server server
set authentication=mschap1,mschap2 default-profile=default-encryption \
    enabled=no keepalive-timeout=30 max-mru=1460 max-mtu=1460 mrru=disabled
/ip accounting
set account-local-traffic=no enabled=no threshold=256
/ip accounting web-access
set accessible-via-web=no address=0.0.0.0/0
/ip address
add address=10.10.15.1/24 broadcast=10.10.15.255 comment=\
    "default configuration" disabled=no interface=ether2-PostWiFi network=\
    10.10.15.0
add address=192.168.11.1/24 broadcast=192.168.11.255 comment="" disabled=no \
    interface=ether5-local network=192.168.11.0
add address=173.164.123.456/29 broadcast=173.164.123.456 comment="" disabled=\
    no interface=ether1-gateway network=173.164.123.456
add address=10.10.16.1/24 broadcast=10.10.16.255 comment="" disabled=no \
    interface=ether4-IntCafe network=10.10.16.0
/ip dhcp-client
add add-default-route=yes comment="default configuration" \
    default-route-distance=1 disabled=no interface=ether1-gateway \
    use-peer-dns=yes use-peer-ntp=yes
/ip dhcp-server config
set store-leases-disk=5m
/ip dhcp-server network
add address=10.10.15.0/24 comment="" dns-server=10.10.15.1 gateway=10.10.15.1 \
    netmask=24
add address=192.168.11.0/24 comment="" dns-server=192.168.11.1 gateway=\
    192.168.11.1 netmask=24
/ip dns
set allow-remote-requests=no cache-max-ttl=1w cache-size=2048KiB \
    max-udp-packet-size=512 servers=68.87.76.178,68.87.78.130
/ip firewall connection tracking
set enabled=yes generic-timeout=10m icmp-timeout=10s tcp-close-timeout=10s \
    tcp-close-wait-timeout=10s tcp-established-timeout=1d \
    tcp-fin-wait-timeout=10s tcp-last-ack-timeout=10s \
    tcp-syn-received-timeout=5s tcp-syn-sent-timeout=5s tcp-syncookie=no \
    tcp-time-wait-timeout=10s udp-stream-timeout=3m udp-timeout=10s
/ip firewall filter
add action=passthrough chain=unused-hs-chain comment=\
    "place hotspot rules here" disabled=yes
add action=accept chain=input comment="default configuration" disabled=no \
    protocol=icmp
add action=accept chain=input comment="default configuration" \
    connection-state=established disabled=no in-interface=ether1-gateway
add action=accept chain=input comment="default configuration" \
    connection-state=related disabled=no in-interface=ether1-gateway
add action=drop chain=input comment="default configuration" disabled=no \
    in-interface=ether1-gateway
/ip firewall nat
add action=passthrough chain=unused-hs-chain comment=\
    "place hotspot rules here" disabled=yes
add action=masquerade chain=srcnat comment="default configuration" disabled=\
    no out-interface=ether1-gateway
add action=masquerade chain=srcnat comment="masquerade hotspot network" \
    disabled=no src-address=10.10.15.0/24
/ip firewall service-port
set ftp disabled=no ports=21
set tftp disabled=no ports=69
set irc disabled=no ports=6667
set h323 disabled=no
set sip disabled=no ports=5060,5061
set pptp disabled=no
/ip hotspot service-port
set ftp disabled=yes ports=21
/ip hotspot user
add comment="" disabled=no name=usa password=hostels profile=WiFiUserProfile
/ip hotspot walled-garden
add action=allow comment="place hotspot rules here" disabled=yes
/ip hotspot walled-garden ip
add action=accept comment="" disabled=no dst-address=193.95.456.789 server=\
    PostWiFi
/ip neighbor discovery
set ether1-gateway discover=no
set ether2-PostWiFi discover=yes
set ether3-local discover=yes
set ether4-IntCafe discover=yes
set ether5-local discover=yes
set bridge discover=yes
/ip proxy
set always-from-cache=no cache-administrator=webmaster cache-hit-dscp=4 \
    cache-on-disk=no enabled=no max-cache-size=none max-client-connections=\
    600 max-fresh-time=3d max-server-connections=600 parent-proxy=0.0.0.0 \
    parent-proxy-port=0 port=8080 serialize-connections=no src-address=\
    0.0.0.0
/ip route
add comment="" disabled=no distance=1 dst-address=0.0.0.0/0 gateway=\
    173.164.123.567 scope=30 target-scope=10
/ip service
set telnet address=0.0.0.0/0 disabled=no port=23
set ftp address=0.0.0.0/0 disabled=no port=21
set www address=0.0.0.0/0 disabled=no port=80
set ssh address=0.0.0.0/0 disabled=no port=22
set www-ssl address=0.0.0.0/0 certificate=none disabled=yes port=443
set api address=0.0.0.0/0 disabled=yes port=8728
set winbox address=0.0.0.0/0 disabled=no port=8291
/ip socks
set connection-idle-timeout=2m enabled=no max-connections=200 port=1080
/ip traffic-flow
set active-flow-timeout=30m cache-entries=4k enabled=no \
    inactive-flow-timeout=15s interfaces=all
/ip upnp
set allow-disable-external-interface=yes enabled=no show-dummy-rule=yes
/mpls
set dynamic-label-range=16-1048575 propagate-ttl=yes
/mpls interface
add comment="" disabled=no interface=all mpls-mtu=1508
/mpls ldp
set distribute-for-default-route=no enabled=no hop-limit=255 loop-detect=no \
    lsr-id=0.0.0.0 path-vector-limit=255 transport-address=0.0.0.0 \
    use-explicit-null=no
/ppp aaa
set accounting=yes interim-update=0s use-radius=no
/queue interface
set ether1-gateway queue=default
set ether2-PostWiFi queue=default
set ether3-local queue=ethernet-default
set ether4-IntCafe queue=default
set ether5-local queue=ethernet-default
set bridge queue=default
/radius incoming
set accept=no port=3799
/routing bfd interface
set all comment="" disabled=no interface=all interval=0.2sec min-rx=0.2sec \
    multiplier=5
/routing mme
set bidirectional-timeout=2 gateway-class=none gateway-keepalive=1m \
    gateway-selection=no-gateway origination-interval=5s preferred-gateway=\
    0.0.0.0 timeout=1m ttl=50
/routing rip
set distribute-default=never garbage-timer=2m metric-bgp=1 metric-connected=1 \
    metric-default=1 metric-ospf=1 metric-static=1 redistribute-bgp=no \
    redistribute-connected=no redistribute-ospf=no redistribute-static=no \
    routing-table=main timeout-timer=3m update-timer=30s
/store
add comment="" disabled=no disk=system name=web-proxy1 type=web-proxy
/system clock
set time-zone-name=America/Los_Angeles
/system clock manual
set dst-delta=+00:00 dst-end="jan/01/1970 00:00:00" dst-start=\
    "jan/01/1970 00:00:00" time-zone=+00:00
/system console
add disabled=no port=serial0 term=vt102
/system health
set
/system identity
set name=PostMikrotik
/system logging
add action=memory disabled=no prefix="" topics=info
add action=memory disabled=no prefix="" topics=error
add action=memory disabled=no prefix="" topics=warning
add action=echo disabled=no prefix="" topics=critical
/system note
set note="" show-at-login=yes
/system ntp client
set enabled=no mode=broadcast primary-ntp=0.0.0.0 secondary-ntp=0.0.0.0
/system upgrade mirror
set check-interval=1d enabled=no primary-server=0.0.0.0 secondary-server=\
    0.0.0.0 user=""
/system watchdog
set auto-send-supout=no automatic-supout=yes no-ping-delay=5m watch-address=\
    none watchdog-timer=yes
/tool bandwidth-server
set allocate-udp-ports-from=2000 authenticate=yes enabled=yes max-sessions=\
    100
/tool e-mail
set from=<> password="" server=0.0.0.0:25 username=""
/tool graphing
set page-refresh=300 store-every=5min
/tool graphing interface
add allow-address=0.0.0.0/0 disabled=no interface=all store-on-disk=yes
/tool mac-server
add disabled=no interface=ether2-PostWiFi
add disabled=no interface=ether3-local
add disabled=no interface=ether4-IntCafe
add disabled=no interface=ether5-local
/tool mac-server ping
set enabled=yes
/tool sms
set allowed-number="" channel=0 keep-max-sms=0 receive-enabled=no secret=""
/tool sniffer
set file-limit=10 file-name="" filter-address1=0.0.0.0/0:0-65535 \
    filter-address2=0.0.0.0/0:0-65535 filter-protocol=ip-only filter-stream=\
    yes interface=all memory-limit=10 memory-scroll=no only-headers=no \
    streaming-enabled=no streaming-server=0.0.0.0
/user aaa
set accounting=yes default-group=read interim-update=0s use-radius=no
6

Why are you manually bridging all those interfaces that are separate networks and have IP addresses on the physical interfaces? That is going to cause problems. What topology are you trying to implement? What service should the LAN side interfaces receive?
I also don’t understand the manual simple queue attached to ether2. Since you’re bridging everything through the interface named ‘bridge’ that will interfere with traffic flow.

Remove the bridge and all its ports, remove the simple queue attached to ether2. Then test again from behind the Hotspot, and test from a non-Hotspot interface.

7

The “bridge” was there by default, i “disabled” it in Winbox. Should i delete it completely? Is “bridge ports” something different that I should also delete?

Lan on Eth4 can receive any/all services (Internet Cafe)

The topology is simple - has 1 WAN (Eth1), HotSpot (Eth2), and InternetCafe (Eth4).

There was a “HotSpot Queue” created by the HotSpot Wizard, but I wasn’t sure how it works, so I deleted it, and created a Simple Queue… in attempt to set “override” on any restrictions so that it stops blocking traffic. I will remove the Simple Queue.

What about “Interface Queues”, do I need to adjust the “queue types packets” on those? I switched the “default” from 50 to 200. Should I switch that back?

I just received my “Learn RouterOS” book, and reading about Firewall/Queues right now… :slight_smile: