I currently have a network setup that is all through ethernet. All users are connecting using Reserved DHCP addresses. I have a prerouting mangle set up under the firewall. UPLOAD and DOWNLOAD Queues, and the types are set up as UPLOAD and DOWNLOAD with the srcaddr and destaddr. Basically I wanted to share the “bandwidth pot” between whoever was actually using the internet at the time.
I would like to know if there is a certain way to tell if PCQ is actually working.. According to the “Queue” dialog I do have traffic going in and out of the queue (global-in and global-out).
I am wondering whether or not it is actually splitting the way I wanted it to. Should the user’s disconnect the ethernet when they are not using it to enable other users to use that bandwidth or is it basically managed by what ip’s are actually sending and receiving packets? Or should I go through and hand out a username and password to everyone in order for the PCQ to work properly??
Thanks for any assistance.. and Happy Thanksgiving!
Look at connection tracking, that will show you if the connections are being marked correctly from your mangle rules (ensure the column “Connection Mark” is enabled).
Look at queues to show you the traffic flowing through your queues. (Depends on you using simple queues or queue trees, but principle is the same. But this example is using queue trees.
If both those screens are showing something like the examples above and you have applied the right rules in the pcq queue types, then yes, it is working. When the green icons change to yellow and red, the queues are limiting the traffic. On the bottom status line it will also show what quantity of packets are being queued (or delayed). If it shows “0 packets queued” then none of the queues has reached their limit.
Colours of icons will only change colour to yellow and red if the queues is limiting the traffic. Until then, the icons are green, which means the queues are not actually doing anything! Queues only begin to prioritise traffic when it reaches the limits set in the queue. Until then all traffic flows without delay.
This means that you will only really know the rules you have set are working when the traffic level being marked is greater than your limits for that traffic type.
There is no need for the users to connect or disconnect. If you have created the mangle rules correctly, then the limits will be applied on each new connection of the packets, not the user. I.e. each time the traffic from one PC starts a new connection to some new service, or opens a new thread to a remote service, then the mangle rule will pick up that new connection and apply the packet mark accordingly. That is why looking at the connection tracking screen is useful as it will show some connections that have no packet mark. Those are the ones you have missed and have not applied a rule to them. So you then have to go back to the mangle rules and add some more rules to capture those connections that you are missing.
In my example, there are three connections that are unmarked. No limiting will be applied to those three connections.
