P2P Ratelimiting Per User

RouterOS General
1

Right now with p2p I can do a global queue that puts all the p2p in one queue and that works fine.

I would like to give each of our users a seperate 8k/256kbps ratelimit for example on p2p. Each user already has a seperate public IP. The reason being is that if one user has there upstream maxed out it will only affect them and not everyone else. Can anyone give an example of how to do this?

Matt

2

http://www.mikrotik.com/Documentation/HowTo.html#How_p2p

3

I have 512 IP addresses. I would need to add at least 255 x 4 rules to do it that way, ugh. Is there not an easier way?

Matt

4

Here is an example where the clients that need control are on interface ‘wlan1’ and the Internet backbone is connected to ‘ether1.’

MARK ALL P2P CONNECTIONS

[admin@MikroTik] queue tree> /ip firewall mangle print
Flags: X - disabled, I - invalid, D - dynamic
0 p2p=all-p2p action=accept mark-flow=p2p
[admin@MikroTik] queue tree>

QUEUE TYPES 4 AND 5 SET THE SPEED AND CLASSIFIER

  • FOR “pcq-upload-8k” THE SPEED IS SET AND THE CLASSIFIER IS FOR THE SOURCE ADDRESS BECAUSE ALL P2P TRAFFIC COMING FROM A USER CAN BE IDENTIFIED BY HIS SOURCE ADDRESS. A MORE BRIEF EXPLANATION – 1. THE SPEED LIMIT IS SET. 2. THE CLASSIFIER SETS WHETHER IT IS FOR EACH SOURCE OR DESTINATION IP ADDRESS, SCR-PORT, OR DST-PORT. IN LINE 4 WE SET THE CLASSIFIER TO SOURCE ADDRESS BECAUSE HE IS THE SENDER. AND IN LINE 5 WE SET THE CLASSIFIER TO DESTINATION ADDRESS BECAUSE HE IS RECEIVING.

(another way to say it)
FOR EACH QUEUE, PUT ALL CONNECTIONS FROM (FOR UPLOAD) OR TO (FOR DOWNLOAD) THE SAME CLIENT INTO THE SAME QUEUE AND LIMIT THAT QUEUE TO 8K FOR UPLOAD AND 64K FOR DOWNLOAD.

[admin@MikroTik] queue tree> .. type print
0 name=“default” kind=pfifo bfifo-limit=15000 pfifo-limit=50 red-limit=60
red-min-threshold=10 red-max-threshold=50 red-burst=20 sfq-perturb=5
sfq-allot=1514 pcq-rate=0 pcq-limit=50 pcq-classifier=“”

1 name=“ethernet-default” kind=pfifo bfifo-limit=15000 pfifo-limit=50
red-limit=60 red-min-threshold=10 red-max-threshold=50 red-burst=20
sfq-perturb=5 sfq-allot=1514 pcq-rate=0 pcq-limit=50 pcq-classifier=“”

2 name=“wireless-default” kind=sfq bfifo-limit=15000 pfifo-limit=50 red-limit=60
red-min-threshold=10 red-max-threshold=50 red-burst=20 sfq-perturb=5
sfq-allot=1514 pcq-rate=0 pcq-limit=50 pcq-classifier=“”

3 name=“synchronous-default” kind=red bfifo-limit=15000 pfifo-limit=50
red-limit=60 red-min-threshold=10 red-max-threshold=50 red-burst=20
sfq-perturb=5 sfq-allot=1514 pcq-rate=0 pcq-limit=50 pcq-classifier=“”

4 name=“pcq-upload-8k” kind=pcq bfifo-limit=15000 pfifo-limit=50 red-limit=60
red-min-threshold=10 red-max-threshold=50 red-burst=20 sfq-perturb=5
sfq-allot=1514 pcq-rate=8192 pcq-limit=50 pcq-classifier=src-address

5 name=“pcq-download-64k” kind=pcq bfifo-limit=15000 pfifo-limit=50 red-limit=60
red-min-threshold=10 red-max-threshold=50 red-burst=20 sfq-perturb=5
sfq-allot=1514 pcq-rate=65536 pcq-limit=50 pcq-classifier=dst-address
[admin@MikroTik] queue tree>

QUEUES LINES 1 AND 2 SET THE FLOW AND QUEUE TYPE FOR THE NEW QUEUE RULE. WE LIMIT ALL P2P CONNECTION WITH THE SET QUEUE TYPE. WE PUT ALL OF THE P2P CONNECTIONS IN A DYNAMICALLY CREATED QUEUE FOR EACH ADDRESS.

[admin@MikroTik] queue tree> print
Flags: X - disabled, I - invalid, D - dynamic
0 name=“p2p-upload” parent=ether1 flow=p2p limit-at=0 queue=pcq-upload-8k
priority=8 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0

1 name=“p2p-download” parent=wlan1 flow=p2p limit-at=0 queue=pcq-download-64k
priority=8 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0
[admin@MikroTik] queue tree>