hi guys , iam very new to mikrotik basically iam from cisco background i work for small isp ..
our problem is due to one user every body in the sector are getting very high latency and if i blok that user everything is fine when i observed via torch tool that particular user is generating huge traffic due to many reasons like virus ,torrents etc
now can any one help us how to limit those users what is the solution for that .
thank you
We used to have the same problem until we bought MikroTik.
We use PCC load balancing across 6 different gateways and also use PCQ to throttle them.
To do this, you’re going to want to use queues and you’ll have to mark the incoming connections.
Here we mark our connections and which package they are on (for bandwidth purposes) and also mark connections to route them
with PCC to load balance our gateways.
/ip firewall mangle
add action=mark-connection chain=prerouting comment=\
"HTTPS needs dedicated IP for security purposes." disabled=no dst-port=\
443 new-connection-mark=1st-conn passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting comment=\
"FTP connections go through 10.10.1.2" disabled=no layer7-protocol=ftp \
new-connection-mark=2nd-conn passthrough=yes
add action=mark-connection chain=prerouting comment="" disabled=no \
new-connection-mark=1st-conn passthrough=yes per-connection-classifier=\
both-addresses-and-ports:6/0
add action=mark-connection chain=prerouting comment="" disabled=no \
new-connection-mark=2nd-conn passthrough=yes per-connection-classifier=\
both-addresses-and-ports:6/1
add action=mark-connection chain=prerouting comment="" disabled=no \
new-connection-mark=3rd-conn passthrough=yes per-connection-classifier=\
both-addresses-and-ports:6/2
add action=mark-connection chain=prerouting comment="" disabled=no \
new-connection-mark=4th-conn passthrough=yes per-connection-classifier=\
both-addresses-and-ports:6/3
add action=mark-connection chain=prerouting comment="" disabled=no \
new-connection-mark=5th-conn passthrough=yes per-connection-classifier=\
both-addresses-and-ports:6/4
add action=mark-connection chain=prerouting comment="" disabled=no \
new-connection-mark=6th-conn passthrough=yes per-connection-classifier=\
both-addresses-and-ports:6/5
add action=mark-packet chain=prerouting comment="Mark Platinum Customers" \
disabled=no new-packet-mark=platinum-traffic passthrough=yes \
src-address-list=Platinum-Customer
add action=mark-packet chain=prerouting comment="Mark Gold Customers" \
disabled=no new-packet-mark=gold-traffic passthrough=yes \
src-address-list=Gold-Customer
add action=mark-packet chain=prerouting comment="Mark Silver Customers" \
disabled=no new-packet-mark=silver-traffic passthrough=yes \
src-address-list=Silver-Customer
add action=mark-packet chain=prerouting comment="Mark Bronze Customers" \
disabled=no new-packet-mark=bronze-traffic passthrough=yes
add action=mark-routing chain=prerouting comment="" connection-mark=1st-conn \
disabled=no new-routing-mark=1st_route passthrough=yes
add action=mark-routing chain=prerouting comment="" connection-mark=2nd-conn \
disabled=no new-routing-mark=2nd_route passthrough=yes
add action=mark-routing chain=prerouting comment="" connection-mark=3rd-conn \
disabled=no new-routing-mark=3rd_route passthrough=yes
add action=mark-routing chain=prerouting comment="" connection-mark=4th-conn \
disabled=no new-routing-mark=4th_route passthrough=yes
add action=mark-routing chain=prerouting comment="" connection-mark=5th-conn \
disabled=no new-routing-mark=5th_route passthrough=yes
add action=mark-routing chain=prerouting comment="" connection-mark=6th-conn \
disabled=no new-routing-mark=6th_route passthrough=yes
Now the actual throttling bit.
/queue tree
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name="Bandwidth Management" parent=ether2 priority=8
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=16413k name="Basic Customer" packet-mark=bronze-traffic parent=\
"Bandwidth Management" priority=7 queue="PCQ_BASIC_IN 1M"
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=9217k name="Silver Package" packet-mark=silver-traffic parent=\
"Bandwidth Management" priority=5 queue="PCQ_SILVER_IN 1.5"
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=2048k name="Gold Clients" packet-mark=gold-traffic parent=\
"Bandwidth Management" priority=3 queue="PCQ_GOLD_IN 2M"
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=9217k name="Platinum Clients" packet-mark=platinum-traffic \
parent="Bandwidth Management" priority=1 queue=default
Here are the PCQ types.
/queue type
set default kind=pfifo name=default pfifo-limit=50
set ethernet-default kind=pfifo name=ethernet-default pfifo-limit=50
set wireless-default kind=sfq name=wireless-default sfq-allot=1514 \
sfq-perturb=5
set synchronous-default kind=red name=synchronous-default red-avg-packet=1000 \
red-burst=20 red-limit=60 red-max-threshold=50 red-min-threshold=10
set hotspot-default kind=sfq name=hotspot-default sfq-allot=1514 sfq-perturb=\
5
add kind=pcq name="PCQ_BASIC_IN 1M" pcq-classifier=src-address pcq-limit=40 \
pcq-rate=1024000 pcq-total-limit=7000
add kind=pcq name="PCQ_SILVER_IN 1.5" pcq-classifier=src-address pcq-limit=40 \
pcq-rate=1536000 pcq-total-limit=7000
add kind=pcq name="PCQ_GOLD_IN 2M" pcq-classifier=src-address pcq-limit=15 \
pcq-rate=2048000 pcq-total-limit=500
add kind=pcq name="PCQ_PLATINUM_IN 3M" pcq-classifier=src-address pcq-limit=\
50 pcq-rate=3072000 pcq-total-limit=2000
add kind=pcq name=BASIC_OUT pcq-classifier=dst-address pcq-limit=40 pcq-rate=\
312000 pcq-total-limit=7000
add kind=pcq name="P2P Limit 256k" pcq-classifier=src-address pcq-limit=50 \
pcq-rate=256000 pcq-total-limit=2000
set default-small kind=pfifo name=default-small pfifo-limit=10
This is something a little extra to nerf filesharing.
/queue simple
add burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s comment="" \
direction=both disabled=no dst-address=0.0.0.0/0 interface=ether2 \
limit-at=0/0 max-limit=0/0 name="Limit P2P" p2p=all-p2p parent=none \
priority=8 queue="P2P Limit 256k/P2P Limit 256k" total-queue=\
default-small
wow that big i need little time to sink in
hi thank for the info can i implement pcq from winbox ?
our goal is to limit the flodding user eg: i have to limit 10.0.0.40 ip address which is effecting entire sector
thank you