Mikrotik Bandwith Allocation per VLAN ID

RouterOS General
1

Hi Guys

I am trying to find out wether it is possible to allocate bandwidth on a per-vlan basis.

We have multiple satellite connections coming into our infrastructure over a single gig ethernet cable from another service provider. The provider provides the connectivity on layer 2 and we are responsible for layer 3 connectivity for the clients on the other side of the satellite connections. The single gig ethernet cable is currently plugging into a Mikrotik 1100 router on our side, setup with VLAN ID and IP Addresses and everything works perfectly. The challenge now is that whilst we only have the one satellite client connecting, we can limit the bandwidth on the ethernet port to 512k for example which limits the client to only have 512k internet breakout. In the future, we need to be able to limit bandwidth as multiple VLAN IDs will be coming over that single ethernet cable and I’m not sure if one can do this at all.

I hope that I have provided enough information and look forward to your questions and comments.


Regards, Gabriel

2

Just apply a queue to the IP range of the VLAN.

http://wiki.mikrotik.com/wiki/Manual:Queue
http://wiki.mikrotik.com/wiki/Manual:Queues_-_PCQ

3

Mark packets coming into a VLAN interface (Upload traffic) in mangle, and optionally packets leaving a VLAN interface (Download traffic).

In queue trees set up one parent queue with the WAN interface as it’s parent and sub queues for the upload traffic with the marked packets, be sure to have a max-limit on the parent queue as well as the child ones.

Then set up a queue tree with a parent of the VLAN interface and specify the max-limit. The reason why you don’t need to worry about marked packets for this queue is because it’s a separate routed interface than the WAN, so you can just limit the download speed for the entire interface. Where the WAN has to deal with the upload of multiple VLAN interfaces.

4

Thanks guys, I will definitely give it a try.

5

here is what i have to now. can you perhaps check if i am still on the right track ??

/interface bridge
add admin-mac=00:00:00:00:00:00 ageing-time=5m arp=enabled auto-mac=yes
disabled=no forward-delay=15s l2mtu=1594 max-message-age=20s mtu=1500 name=
br-vlan597 priority=0x8000 protocol-mode=none transmit-hold-count=6

/interface ethernet
set 5 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited disabled=no
full-duplex=yes l2mtu=1598 mac-address=00:0C:42:EB:B2:EA master-port=none
mtu=1500 name=ether4 speed=100Mbps

/interface vlan
add arp=enabled disabled=no interface=ether4 l2mtu=1594 mtu=1500 name
use-service-tag=no vlan-id=597

/interface bridge port
add bridge=br-vlan597 disabled=no edge=auto external-fdb=auto horizon
interface=vlan597 path-cost=10 point-to-point=auto priority=0x80

/ip firewall mangle
add action=mark-packet chain=prerouting comment=“Mark Download Traffic from Client” disabled=no
in-interface=br-vlan597 new-packet-mark=vlan597_download passthrough=no
add action=mark-packet chain=postrouting comment=“Mark Upload Traffic to Client” disabled=no
new-packet-mark=vlan597_upload out-interface=br-vlan597 passthrough=no

/queue tree
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=128k name=
q_vlan597 parent=br-vlan68 priority=8


/queue tree
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=128k name=
q_vlan597_download packet-mark=vlan597_download parent=q_vlan597 priority=8 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=
q_vlan597_upload packet-mark=vlan597_upload parent=q_vlan597 priority=8 queue=default


much appreciated !

6

Is VLAN 597 your WAN port then? If not, then your rules are a bit backwards.

Everything in the MikroTik is from the perspective of the router. So traffic leaving an the LAN interface is always going to be download to the client, and traffic coming into the LAN interface is going to be upload for the client. Your mangle rules then could be backwards depending on your setup.

Also your queue trees are only attached to the VLAN interface, remember the router can only control traffic that it sends from an interface, not traffic it receives from an interface. In order for you to limit upload bandwidth, the upload queue’s parent needs to be the interface upload traffic leaves from.