PCQ, queue and mangle rules for hotspot event

tchus · August 28, 2011, 9:12am

I have an event with @ 50 users max at a hotspot.

I’ve basically duplicated fewi’s mangle and queue rules(customizing Hotspot deployments) and added a couple hotspot profiles to try to get the address lists to populate as users login. I need to undersand how that works ( after I get the queues undestood) together with UserManager. I have a clue but not tested yet.

My question:

Do the mangle and queues look correct?
Edited: I’d like 2 groups of users to get 1.8M/756k and 2M/1M each.

The available bandwidth is 12/3

Thanks

Wan/ether1. Lan(Hotspot)/ether2

/queue tree> print
Flags: X - disabled, I - invalid
0 name=“hs1-unauth-up” parent=global-in packet-mark=hs1-unauth-up limit-at=0
queue=hs1-unauth-up priority=8 max-limit=3M burst-limit=0
burst-threshold=0 burst-time=0s

1 name=“hs1-unauth-down” parent=global-out packet-mark=hs1-unauth-down
limit-at=0 queue=hs1-unauth-down priority=8 max-limit=3M burst-limit=0
burst-threshold=0 burst-time=0s

2 name=“hs1-down” parent=global-out packet-mark=hs1-down limit-at=0
queue=hs1-down priority=8 max-limit=10M burst-limit=0 burst-threshold=0
burst-time=0s

3 name=“hs1-up” parent=global-in packet-mark=hs1-up limit-at=0 queue=hs1-up
priority=8 max-limit=10M burst-limit=0 burst-threshold=0 burst-time=0s

/queue type> print
0 name=“default” kind=pfifo pfifo-limit=50

1 name=“ethernet-default” kind=pfifo pfifo-limit=50

2 name=“wireless-default” kind=sfq sfq-perturb=5 sfq-allot=1514

3 name=“synchronous-default” kind=red red-limit=60 red-min-threshold=10
red-max-threshold=50 red-burst=20 red-avg-packet=1000

4 name=“hotspot-default” kind=sfq sfq-perturb=5 sfq-allot=1514

5 name=“hs1-unauth-up” kind=pcq pcq-rate=256k pcq-limit=50
pcq-classifier=dst-address pcq-total-limit=100 pcq-burst-rate=0
pcq-burst-threshold=0 pcq-burst-time=10s pcq-src-address-mask=32
pcq-dst-address-mask=32 pcq-src-address6-mask=128 pcq-dst-address6-mask=128

6 name=“hs1-unauth-down” kind=pcq pcq-rate=256k pcq-limit=50
pcq-classifier=src-address pcq-total-limit=100 pcq-burst-rate=0
pcq-burst-threshold=0 pcq-burst-time=10s pcq-src-address-mask=32
pcq-dst-address-mask=32 pcq-src-address6-mask=128 pcq-dst-address6-mask=128

7 name=“hs1-up” kind=pcq pcq-rate=756k pcq-limit=50 pcq-classifier=dst-address
pcq-total-limit=100 pcq-burst-rate=0 pcq-burst-threshold=0
pcq-burst-time=10s pcq-src-address-mask=32 pcq-dst-address-mask=32
pcq-src-address6-mask=128 pcq-dst-address6-mask=128

8 name=“hs1-down” kind=pcq pcq-rate=1800k pcq-limit=50
pcq-classifier=src-address pcq-total-limit=100 pcq-burst-rate=0
pcq-burst-threshold=0 pcq-burst-time=10s pcq-src-address-mask=32
pcq-dst-address-mask=32 pcq-src-address6-mask=128 pcq-dst-address6-mask=128

9 name=“default-small” kind=pfifo pfifo-limit=10

/ip firewall mangle> print
Flags: X - disabled, I - invalid, D - dynamic
0 chain=prerouting action=mark-packet new-packet-mark=hs1-p1-up passthrough=no
src-address-type=“” src-address-list=hs1-p1 in-interface=ether2

1 chain=postrouting action=mark-packet new-packet-mark=hs1-p1-down
passthrough=no dst-address-list=hs1-p1 out-interface=ether2

2 chain=prerouting action=mark-packet new-packet-mark=hs1-p2-up passthrough=no
src-address-list=hs1-p2 in-interface=ether2

3 chain=postrouting action=mark-packet new-packet-mark=hs1p2-down
passthrough=no dst-address-list=hs1-p2 out-interface=ether2

4 chain=prerouting action=mark-packet new-packet-mark=hs1-unauth-up
passthrough=no hotspot=!auth in-interface=ether2

5 chain=postrouting action=mark-packet new-packet-mark=hs1-unauth-down
passthrough=no hotspot=!auth out-interface=ether2

fewi · August 28, 2011, 4:31pm

Looks fine, but you’re marking packets for a profile called h1-p2 and there are no PCQ queue types or queue trees for that profile.

tchus · August 29, 2011, 7:12pm

How’s this look fewi?

/queue type> print
0 name=“default” kind=pfifo pfifo-limit=50

1 name=“ethernet-default” kind=pfifo pfifo-limit=50

2 name=“wireless-default” kind=sfq sfq-perturb=5 sfq-allot=1514

3 name=“synchronous-default” kind=red red-limit=60 red-min-threshold=10 red-max-threshold=50 red-burst=20 red-avg-packet=1000

4 name=“hotspot-default” kind=sfq sfq-perturb=5 sfq-allot=1514

5 name=“hs1-p1-down” kind=pcq pcq-rate=1800k pcq-limit=50 pcq-classifier=src-address pcq-total-limit=100 pcq-burst-rate=0 pcq-burst-threshold=0 pcq-burst-time=10s
pcq-src-address-mask=32 pcq-dst-address-mask=32 pcq-src-address6-mask=128 pcq-dst-address6-mask=128

6 name=“hs1-p1-up” kind=pcq pcq-rate=756k pcq-limit=50 pcq-classifier=dst-address pcq-total-limit=100 pcq-burst-rate=0 pcq-burst-threshold=0 pcq-burst-time=10s
pcq-src-address-mask=32 pcq-dst-address-mask=32 pcq-src-address6-mask=128 pcq-dst-address6-mask=128

7 name=“hs1-p2-down” kind=pcq pcq-rate=2M pcq-limit=50 pcq-classifier=src-address pcq-total-limit=100 pcq-burst-rate=0 pcq-burst-threshold=0 pcq-burst-time=10s
pcq-src-address-mask=32 pcq-dst-address-mask=32 pcq-src-address6-mask=64 pcq-dst-address6-mask=64

8 name=“hs1-p2-up” kind=pcq pcq-rate=1M pcq-limit=50 pcq-classifier=dst-address pcq-total-limit=100 pcq-burst-rate=0 pcq-burst-threshold=0 pcq-burst-time=10s
pcq-src-address-mask=32 pcq-dst-address-mask=32 pcq-src-address6-mask=64 pcq-dst-address6-mask=64

9 name=“default-small” kind=pfifo pfifo-limit=10

/queue tree> print
Flags: X - disabled, I - invalid
0 name=“hs1-p1-down” parent=global-out packet-mark=hs1-p1-down limit-at=0 queue=hs1-p1-down priority=8 max-limit=10M burst-limit=0 burst-threshold=0
burst-time=0s

1 name=“hs1-p1-up” parent=global-in packet-mark=hs1-p1-up limit-at=0 queue=hs1-p1-up priority=8 max-limit=3M burst-limit=0 burst-threshold=0 burst-time=0s

2 name=“queue1” parent=global-in limit-at=0 queue=default priority=8 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s

3 name=“hs1-p2-down” parent=global-out packet-mark=hs1-p2-down limit-at=0 queue=hs1-p2-down priority=8 max-limit=10M burst-limit=0 burst-threshold=0
burst-time=0s

4 name=“hs1-p2-up” parent=global-in packet-mark=hs1-p2-up limit-at=0 queue=hs1-p2-up priority=8 max-limit=3M burst-limit=0 burst-threshold=0 burst-time=0s

So, 2 profiles - 1.8M/756k - 2M/1M

So, if this is correct. How are clients getting DHCP?
I know I’m still missing a few concepts.

Do I segment the address pools in the Hotspot? e.g. 192.168.0.2 -30…192.168.0.31-60 etc…
Or static. Since in your customization document you state each profile is not assigned to a pool.
So, the address lists are created but I’m lost at that point.

fewi · August 29, 2011, 7:19pm

Looks good.

Clients would get DHCP from some DHCP server, presumably the RouterBOARD. That’s just a stock setup as per http://wiki.mikrotik.com/wiki/Manual:IP/DHCP_Server

tchus · August 29, 2011, 7:32pm

Thanks
I haven’t read the referral yet to DHCP-Server doc.
But, can’t one allocate 1 speed to 1 pool and another speed to another pool?

fewi · August 29, 2011, 7:37pm

No. How would the DHCP server know who to put on which address list if clients of both types are behind the same interface? DHCP happens before anyone logs into anything (you can’t log in until you have an IP address).

If you want more detailed help you need to post WAY more details. How are users going to log in? Are there shared credentials, or per user credentials? If the former you just attach the address list to the user profile. If it’s per user you need to use User Manager or some other RADIUS solution.

tchus · August 29, 2011, 7:49pm

Thanks, yeah that was obvious and I just got lost in the “address list” process.
I get it.

Thanks again,
You know you’re Customizing Hostpost’s really explains it all. I just learned more in 1 hr reading it than scanning through all the questions, examples, etc.. here on the forum.
That should be a “background” image ( here on the form or a Must read at least to beginners like myself that want a real jump on the game.

fewi · August 29, 2011, 7:54pm

Thanks! I appreciate that.