Prevent single IP hogging all bandwidth?

psykix · October 7, 2016, 5:41pm

I’ve always had consumer routers (Asus, Netgear etc) and have never had any issues with bandwidth.

Since switching to the RB2011, when I download a game on Steam, it has an impact on other clients, such as my IPTV or streaming video. This was never a problem previously.

So.. I did some reading and it seems that I can create queue trees, but then I need to slice and dice the available bandwidth amongst all the clients?

Seems a bit clumsy - but I’m still learning RouterOS.

Is there no simple way to prevent a single client impacting upon all the others? I have circa 70Mbps download speed and 17Mbps upload.

Not sure what the consumer routers do to achieve my end goal, but I have never had to do any special configuration on them.

I’m on the verge of switching back to a Draytek, but this Mikrotik must be able to do what that can do and more!

Cheers!

fmartinpp · October 7, 2016, 6:33pm

Hi! What you can do is to create a simple QoS!
You can use PCQ queue type, which will allow you to share bandwidth in equal ways.
Wiki article:
http://wiki.mikrotik.com/wiki/Manual:Queues_-_PCQ

I will recommend you to use pcq-rate=0 to let the router to automatically asign bandwidth to each user, if you set a greater value, you will give to every host the same bandwidth, and you are going to waste those Mbps that are free of use.

Hope it helps you.

Greetings!

magchiel · October 7, 2016, 6:41pm

http://wiki.mikrotik.com/wiki/Manual:Queue

psykix · October 7, 2016, 8:21pm

Problem with PCQ seems to be that it will divide the bandwidth equally between clients.

So for example (simplified) if I have my streaming TV going, and that uses typically 6Mbps, and a Steam download which will typically hit 70Mbps, then PCQ would assign 35Mbps to each client, so one has more than it actually needs, and the Steam client would be restricted to 35Mbps?

I’ve ordered another Draytek - I think I’ll go back to that since I can also ditch my Cisco switch which I am having to use as the Mikrotik doesn’t support IGMP snooping which I need for my IPTV!

Thanks for the replies though!

mducharme · October 7, 2016, 8:41pm

You could also use stochastic fair queueing in this case (SFQ). It might do a better job for what you want. I don’t think you will find a better solution to this issue from other products… The QoS capabilities in Mikrotik are pretty powerful compared to other solutions. For instance, Cisco afaik cannot really do PCQ etc.

And MikroTik does support IGMP proxy if that helps.

psykix · October 7, 2016, 8:48pm

Yes, it supports IGMP proxy (which I am using) but it doesn’t support IGMP snooping, so the IGMP traffic floods all ports.

I therefore have to use a little 8 port Cisco switch between the Mikrotik and the rest of my LAN which seems a bit daft when I have a load of free ports on the Mikrotik!

psykix · October 7, 2016, 8:54pm

So SFQ looks like it may well do what I want since it uses round robin.

I can’t see an example of how to implement it though?

mducharme · October 8, 2016, 12:06am

Create a queue, either simple or queue tree, and for the queue type, choose one of the queue types that uses sfq as the queue kind. By default, wireless-default and hotspot-default use sfq. Or you can go into the queue kinds tab and create your own “kind” that uses that type. For the bandwidth max limit/limit at, enter a value just below what your connection supports.

You can also set up child queues and parent queues, so that perhaps you want equal bandwidth sharing on all devices for web browsing, but if you are watching TV you want that always to have priority, etc. With parent queues and child queues, you have a huge amount of flexibility for creating queuing exactly the way you want. This is not possible with many other routers.

Also, it is possible to avoid this broadcast flood with three methods (any should work):

MikroTik switch rule with action “set new destination ports” to only forward IGMP traffic to the port you want
MikroTik bridge filter to drop multicasts from being forwarded out bridge ports that you do not want
Set up a second subnet for IPTV

Any of those should work and ‘simulate’ IGMP snooping, until MikroTik provides this feature.

mducharme · October 8, 2016, 7:10am

You can try this QoS script, I made it tonight, based on @IntrusDave’s script but with a few enhancements. It doesn’t use SFQ, it is a little more complex in that it uses the DSCP tags to determine what to prioritize. If your video is tagged as higher priority than the steam downloads, this should correct that. Edit the inbound interface, outbound interface, and inbound and outbound interface bandwidths as needed. Create a script under scripts, copy and paste it, and run. (you can easily change this to SFQ by changing the queue type in the settings afterwards for the queues that this creates)

# this is based on IntrusDave's QoS script, slightly modified
# qosClasses are largely based on Cisco QoS recommendations with a few slight modifications

#Set outbound interface here
:local outboundInterface "ether1"

#Set bandwidth of the outbound interface (just below actual bandwidth)
:local outInterfaceBandwidth 4900k

#Set inbound interface here
:local inboundInterface "bridge"

#Set bandwidth of the inbound interface (just below actual bandwidth)
:local inInterfaceBandwidth 34500k

#Set where in the chain the packets should be mangled
:local mangleChain postrouting

#Don't mess with these. They set the parameters for what is to follow
:local queueName ("QoS_" . $outboundInterface)
:local inQueueName ("QoS_" . $inboundInterface)
:local qosClasses [:toarray "Routing and Monitoring Traffic (Top Priority),Management Traffic (High Priority),Voice (Medium-High Priority),Interactive Video (Medium Priority),Critical Data or Call Signaling (Medium-Low Priority),Best Effort (Low Priority),Bulk Data (Slightly Below Best Effort),Scavenger (Lowest Priority)"]
:local priorityToIpPrecedenceMappings [:toarray "7,6,5,4,3,0,2,1"]

/ip firewall mangle add action=set-priority \
   chain=postrouting new-priority=from-dscp-high-3-bits \
   passthrough=yes comment="Respect DSCP tagging"
/ip firewall mangle add action=set-priority \
   chain=postrouting new-priority=6 packet-size=0-123 \
   passthrough=yes protocol=tcp tcp-flags=ack comment="Prioritize ACKs"
/ip firewall mangle add action=passthrough \
   chain=postrouting priority=0 dscp=0 \
   comment="Dummy rule for display of untagged traffic"


:for indexA from 1 to 7 do={
    /ip firewall mangle add action=mark-packet chain=$mangleChain comment=("ip_precedence_" . $indexA) \
         disabled=no priority=($indexA) new-packet-mark=("ip_precedence_" . $indexA) passthrough=no
}

/queue tree add max-limit=$outInterfaceBandwidth name=$queueName parent=$outboundInterface comment="Uplink QoS"
:for queuePriority from=1 to=8 do={
   :local qosIndex ($queuePriority-1)
   :local subClass ([:pick $qosClasses $qosIndex] )
   :local ipPrecedence ([:pick $priorityToIpPrecedenceMappings $qosIndex])
   :local ipPrecedenceMark ("ip_precedence_" . $ipPrecedence)
   :if ($ipPrecedence = "0") do={ :set ipPrecedenceMark ("no-mark") }
   /queue tree add \ 
      name=("IP Precedence " . $ipPrecedence . ". " . $subClass . " - " . $outboundInterface ) \
      parent=$queueName \
      priority=($queuePriority) \
      queue=ethernet-default \
      packet-mark=$ipPrecedenceMark \
      comment=("Queue Priority " . $queuePriority)
}

/queue tree add max-limit=$inInterfaceBandwidth name=$inQueueName parent=$inboundInterface comment="Downlink QoS"
:for queuePriority from=1 to=8 do={
   :local qosIndex ($queuePriority-1)
   :local subClass ([:pick $qosClasses $qosIndex] )
   :local ipPrecedence ([:pick $priorityToIpPrecedenceMappings $qosIndex])
   :local ipPrecedenceMark ("ip_precedence_" . $ipPrecedence)
   :if ($ipPrecedence = "0") do={ :set ipPrecedenceMark ("no-mark") }
   /queue tree add \ 
      name=("IP Precedence " . $ipPrecedence . ". " . $subClass . " - " . $inboundInterface ) \
      parent=$inQueueName \
      priority=($queuePriority) \
      queue=ethernet-default \
      packet-mark=$ipPrecedenceMark \
      comment=("Queue Priority " . $queuePriority)
}

freemannnn · October 8, 2016, 7:16am

or try this one with sfq as suggested. change 800k/7500k to your bandwidth limits and target=192.168.88.0/24 to your lan ip range.

/queue simple
add max-limit=800k/7500k name=main queue=hotspot-default/hotspot-default
target=192.168.88.0/24 total-queue=default

mducharme · October 8, 2016, 7:29am

Yeah, this can work as a simple solution, as long as he is not using fasttrack connection. If using fasttrack, you need to use interface attached queue trees, simple queues will have no effect.

mducharme · October 8, 2016, 8:56pm

Another update,

It now uses SFQ by default for the queues, and has IPv6 support in addition to V4:

# this is based on IntrusDave's QoS script, slightly modified
# qosClasses are largely based on Cisco QoS recommendations with a few slight modifications

#Set outbound interface here
:local outboundInterface "ether1"

#Set bandwidth of the outbound interface
:local outInterfaceBandwidth 4900k

#Set inbound interface here
:local inboundInterface "bridge"

#Set bandwidth of the outbound interface
:local inInterfaceBandwidth 34500k

#Set type of queue here
:local queueType wireless-default

#Set where in the chain the packets should be mangled
:local mangleChain postrouting

#Don't mess with these. They set the parameters for what is to follow
:local queueName ("QoS_" . $outboundInterface)
:local inQueueName ("QoS_" . $inboundInterface)
# qosClasses from highest to lowest priority
:local qosClasses [:toarray "Routing and Monitoring Traffic (Top Priority),Management Traffic (High Priority),Voice (Medium-High Priority),Interactive Video (Medium Priority),Critical Data or Call Signaling (Medium-Low Priority),Best Effort (Low Priority),Bulk Data (Very Low Priority),Scavenger (Bottom Priority)"]
# maps queue priorities from highest to lowest to IP precedence values
:local priorityToIpPrecedenceMappings [:toarray "7,6,5,4,3,0,2,1"]
# queue priority used for best effort traffic (IP precedence 0)
:local beQueuePriority 6

/ip firewall mangle add action=set-priority \
   chain=postrouting new-priority=from-dscp-high-3-bits \
   passthrough=yes comment="Respect DSCP tagging"
/ip firewall mangle add action=set-priority \
   chain=postrouting new-priority=6 packet-size=0-123 \
   passthrough=yes protocol=tcp tcp-flags=ack comment="Prioritize ACKs"
/ip firewall mangle add action=accept \
   chain=postrouting priority=0 dscp=0 \
   comment="IP Precedence (Packet Priority) 0 - Best Effort (Low Priority) (default)"


:for indexA from 1 to 7 do={
    :local qosIndex (7-$indexA)
    # skip best effort in list
    :if ($indexA <= (8-$beQueuePriority)) do={ :set qosIndex (8-$indexA) }
    :local subClass ([:pick $qosClasses $qosIndex] )
    /ip firewall mangle add action=mark-packet chain=$mangleChain comment=("IP Precedence (aka Packet Priority) " . $indexA . " - " . $subClass . " (apply packet mark ip_precedence_" . $indexA . ")") \
         disabled=no priority=($indexA) new-packet-mark=("ip_precedence_" . $indexA) passthrough=no
}

:for dscpValue from 0 to 7 do={
/ipv6 firewall mangle add action=accept \
   chain=postrouting dscp=$dscpValue \
   comment="IP Precedence 0 (DSCP $dscpValue) - Best Effort (Low Priority) (default)"
}

:for indexA from 1 to 7 do={
    :local qosIndex (7-$indexA)
    # skip best effort in list
    :if ($indexA <= (8-$beQueuePriority)) do={ :set qosIndex (8-$indexA) }
    :local subClass ([:pick $qosClasses $qosIndex] )
    :for dscpValue from ($indexA*8) to (($indexA*8)+7) do={
    /ipv6 firewall mangle add action=mark-packet chain=$mangleChain comment=("IP Precedence " . $indexA . " (DSCP " . $dscpValue . ") - " . $subClass . " (apply packet mark ip_precedence_" . $indexA . ")") \
         disabled=no dscp=$dscpValue new-packet-mark=("ip_precedence_" . $indexA) passthrough=no
    }
}


/queue tree add max-limit=$outInterfaceBandwidth name=$queueName parent=$outboundInterface comment="Uplink QoS" queue=$queueType
:for queuePriority from=1 to=8 do={
   :local qosIndex ($queuePriority-1)
   :local subClass ([:pick $qosClasses $qosIndex] )
   :local ipPrecedence ([:pick $priorityToIpPrecedenceMappings $qosIndex])
   :local ipPrecedenceMark ("ip_precedence_" . $ipPrecedence)
   :if ($ipPrecedence = "0") do={ :set ipPrecedenceMark ("no-mark") }
   /queue tree add \ 
      name=("IP Precedence " . $ipPrecedence . ". " . $subClass . " - " . $outboundInterface ) \
      parent=$queueName \
      priority=($queuePriority) \
      queue=$queueType \
      packet-mark=$ipPrecedenceMark \
      comment=("Queue Priority " . $queuePriority)
}

/queue tree add max-limit=$inInterfaceBandwidth name=$inQueueName parent=$inboundInterface comment="Downlink QoS" queue=$queueType
:for queuePriority from=1 to=8 do={
   :local qosIndex ($queuePriority-1)
   :local subClass ([:pick $qosClasses $qosIndex] )
   :local ipPrecedence ([:pick $priorityToIpPrecedenceMappings $qosIndex])
   :local ipPrecedenceMark ("ip_precedence_" . $ipPrecedence)
   :if ($ipPrecedence = "0") do={ :set ipPrecedenceMark ("no-mark") }
   /queue tree add \ 
      name=("IP Precedence " . $ipPrecedence . ". " . $subClass . " - " . $inboundInterface ) \
      parent=$inQueueName \
      priority=($queuePriority) \
      queue=$queueType \
      packet-mark=$ipPrecedenceMark \
      comment=("Queue Priority " . $queuePriority)
}

For optimal use, I would recommend additional mangle rules before these ones to apply desired DSCP tags to traffic. This way you can prioritize Netflix, IPTV, etc. over other background traffic. For instance, here is an IPv4 firewall rule to prioritize SIP by marking it EF before it hits the rest of the rules:

/ip firewall mangle add chain=prerouting action=change-dscp passthrough=yes protocol=udp port=5060,5061 new-dscp=46

psykix · October 9, 2016, 3:02pm

Thanks for all the replies!

Are the scripts RouterOS version specific? I’m running the latest RC.

I tried running the last one from terminal and it gave a few errors, and some mangle rules were created, but no queues.

It also complained about something not being an integer.

Sorry for the vague errors! I backed up before I ran it, and restored back after the script failed to completely run.

psykix · October 9, 2016, 3:11pm

I also tried this.. but it made no difference. Not sure how to check if I am running fasttrack!

I have no fasttrack rules in my Firewall filter rules that I can see,

mducharme · October 9, 2016, 5:01pm

For my script, you need to go into System->Scripts, click the + button to create a new script, paste the script contents, apply to save, and then run the script. (you might need to change the first few settings as well to match your interface names, and probably will need to change the upload and download maximums for your connection, the values must be slightly lower than your maximum)

BrasDeutscher · October 9, 2016, 5:35pm

I’ve find out a very simple way to Qos my network config, I’ve only a very slow (700k download) bandwidth and only 400 Mhz Router cpu, but it works very well, I can open 6 YouTube Videos on Mozilla and Simultany navegate my Facebook or each other Site on Chrome !!!
My settings are based on the digital basis, 0 + 1 + 0 + 1 + 1 + 1, yes or no, cold or hot, good or bad, prioritized or no prioritized, very simple but effective !!

Step, run this to create schedule rule, to edit any go to schedule and edit

/system scheduler
add comment=“Dns to Fw and Queue Tree” interval=1m name=
“Dns to Fw and Queue Tree” on-event=“## Dns to Fw and Queue Tree ##\r
\n## Testet under RouterOS 6.38rc8 ##\r
\n## Written by BrasDeutscher,PA,Brazil ##\r
\n{\r
\n## Set the list name here ##\r
\n:global ln "Limited"\r
\n\r
\n## Set the list timeout here ##\r
\n:global ttl "1h"\r
\n\r
\n/ip firewall address-list remove [find where address=0.0.0.0 ];\r
\n/ip firewall address-list remove [find where ! dynamic list="$ln" ];
\r
\n\r
\n## Set the content here ##\r
\n:global cont1 "video"\r
\n:foreach d1 in=[/ip dns cache find where (name~"$cont1") type=A ] do=
{\r
\n:if ([:len [/ip dns cache get $d1 address ]] < 16 ) do={\r
\n:local ip1 [/ip dns cache get $d1 address ];\r
\n:local dnsn1 [/ip dns cache get $d1 name ];\r
\n:if ([/ip firewall address-list find where address=$ip1 ] = "" ) do={
\r
\n/ip firewall address-list add list="$ln" address=$ip1 timeout="$tt
l" comment="$dnsn1";\r
\n}}\r
\n}}” policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive
start-time=startup

Step setup Layer7

/ip firewall layer7-protocol
add comment=EXE name=EXE regexp=“\.(exe)”
add comment=RAR name=RAR regexp=“\.(rar)”
add comment=ZIP name=ZIP regexp=“\.(zip)”
add comment=7z name=7z regexp=“\.(7z)”
add comment=CAB name=CAB regexp=“\.(cab)”
add comment=ASF name=ASF regexp=“\.(asf)”
add comment=MOV name=MOV regexp=“\.(mov)”
add comment=WMV name=WMV regexp=“\.(wmv)”
add comment=MPG name=MPG regexp=“\.(mpg)”
add comment=MKV name=MKV regexp=“\.(mkv)”
add comment=AVI name=AVI regexp=“\.(avi)”
add comment=FLV name=FLV regexp=“\.(flv)”
add comment=WAV name=WAV regexp=“\.(wav)”
add comment=RM name=RM regexp=“\.(rm)”
add comment=M4A name=M4A regexp=“\.(m4a)”
add comment=MP3 name=MP3 regexp=“\.(mp3)”
add comment=MP4 name=MP4 regexp=“\.(mp4)”
add comment=RAM name=RAM regexp=“\.(ram)”
add comment=RMVB name=RMVB regexp=“\.(rmvb)”
add comment=DAT name=DAT regexp=“\.(dat)”
add comment=DAA name=DAA regexp=“\.(daa)”
add comment=ISO name=ISO regexp=“\.(iso)”
add comment=NRG name=NRG regexp=“\.(nrg)”
add comment=BIN name=BIN regexp=“\.(bin)”
add comment=VCD name=VCD regexp=“\.(vcd)”
add comment=WMA name=WMA regexp=“\.(wma)”
add comment=JPG name=JPG regexp=“\.(jpg)”
add comment=JPEG name=JPEG regexp=“\.(jpeg)”
add comment=PNG name=PNG regexp=“\.(png)”
add comment=GIF name=GIF regexp=“\.(gif)”
add comment=WEBM name=WEBM regexp=“\.(webm)”
add comment=3GP name=3GP regexp=“\.(3gp)”
add comment=3G2 name=3G2 regexp=“\.(3g2)”
add comment=MPEG name=MPEG regexp=“\.(f4v)”
add comment=F4A name=F4A regexp=“\.(f4a)”
add comment=F4B name=F4B regexp=“\.(f4b)”
add comment=F4P name=F4P regexp=“\.(f4p)”

2. Step add adicional firewall filter rules

/ip firewall filter
add action=jump chain=forward comment=Qos jump-target=Qos layer7-protocol=3G2
add action=jump chain=forward comment=Qos jump-target=Qos layer7-protocol=EXE
add action=jump chain=forward comment=Qos jump-target=Qos layer7-protocol=3GP
add action=jump chain=forward comment=Qos jump-target=Qos layer7-protocol=F4A
add action=jump chain=forward comment=Qos jump-target=Qos layer7-protocol=F4B
add action=jump chain=forward comment=Qos jump-target=Qos layer7-protocol=F4P
add action=jump chain=forward comment=Qos jump-target=Qos layer7-protocol=
MPEG
add action=jump chain=forward comment=Qos jump-target=Qos layer7-protocol=7z
add action=jump chain=forward comment=Qos jump-target=Qos layer7-protocol=BIN
add action=jump chain=forward comment=Qos jump-target=Qos layer7-protocol=FLV
add action=jump chain=forward comment=Qos jump-target=Qos layer7-protocol=ISO
add action=jump chain=forward comment=Qos jump-target=Qos layer7-protocol=M4A
add action=jump chain=forward comment=Qos jump-target=Qos layer7-protocol=MKV
add action=jump chain=forward comment=Qos jump-target=Qos layer7-protocol=MOV
add action=jump chain=forward comment=Qos jump-target=Qos layer7-protocol=MP3
add action=jump chain=forward comment=Qos jump-target=Qos layer7-protocol=MP4
add action=jump chain=forward comment=Qos jump-target=Qos layer7-protocol=RAR
add action=jump chain=forward comment=Qos jump-target=Qos layer7-protocol=WAV
add action=jump chain=forward comment=Qos jump-target=Qos layer7-protocol=
WEBM
add action=jump chain=forward comment=Qos jump-target=Qos layer7-protocol=WMA
add action=jump chain=forward comment=Qos jump-target=Qos layer7-protocol=WMV
add action=jump chain=forward comment=Qos jump-target=Qos layer7-protocol=ZIP
add action=jump chain=forward comment=Qos content=download jump-target=Qos
add action=add-src-to-address-list address-list=Limited address-list-timeout=
1h chain=Qos comment=Qos connection-bytes=10000000-0 connection-rate=
128k-20M in-interface=e1-gateway protocol=tcp
add action=add-src-to-address-list address-list=Limited address-list-timeout=
1h chain=Qos comment=Qos connection-bytes=10000000-0 connection-rate=
128k-20M in-interface=e1-gateway protocol=udp

Step add firewall mangle rules, edit your interface-names

/ip firewall mangle
add action=mark-packet chain=prerouting comment=Upload in-interface=br1
new-packet-mark=Upload passthrough=no
add action=mark-packet chain=postrouting comment=Limited new-packet-mark=
Limited out-interface=br1 passthrough=no src-address-list=Limited
add action=mark-packet chain=postrouting comment=Unlimited new-packet-mark=
Unlimited out-interface=br1 passthrough=no src-address-list=!Limited

Step add new queue types, you must ajust the pcq dst and src-address-mask to your own network size

/queue type
add kind=pcq name=Limited pcq-burst-rate=768k pcq-burst-threshold=512k
pcq-classifier=dst-address pcq-dst-address-mask=29 pcq-rate=256k
pcq-src-address-mask=21
add kind=pcq name=Upload pcq-burst-rate=512k pcq-burst-threshold=384k
pcq-classifier=src-address pcq-dst-address-mask=29 pcq-rate=256k
pcq-src-address-mask=21
add kind=pcq name=Unlimited pcq-burst-rate=1M pcq-burst-threshold=768k
pcq-classifier=dst-address pcq-dst-address-mask=29 pcq-rate=512k
pcq-src-address-mask=21

Step add queue-tree rules

/queue tree
add comment=Upload name=Upload packet-mark=Upload parent=global queue=Upload
add comment=Limited name=Limited packet-mark=Limited parent=global queue=
Limited
add comment=Unlimited name=Unlimited packet-mark=Unlimited parent=global
priority=2 queue=Unlimited

Step, if you need diferent bandwidth for night and day run this in new terminal

/system scheduler
add comment=“Daytime - 1” interval=1d name=“Daytime - 1” on-event=“## Daytim
e ##\r
\n{\r
\n:global ref "512k"\r
\n:global pref [:pick $ref 0 3 ];\r
\n:global x [/queue type get [find where name=Unlimited ] pcq-rate ];\r
\n:global xx [:pick $x 0 3 ];\r
\n:if ($pref != $xx) do={\r
\n:log warning ("Bandwidth change to Daytime");\r
\n/queue type set [find name=Unlimited ] pcq-rate="$ref" pcq-burst-rate
=1M pcq-burst-threshold=768k \\r
\n pcq-dst-address-mask=29 pcq-src-address-mask=21; \r
\n/queue type set [find name=Limited ] pcq-rate=256k pcq-burst-rate=768k p
cq-burst-threshold=512k \\r
\n pcq-dst-address-mask=29 pcq-src-address-mask=21;\r
\n/queue type set [find name=Upload ] pcq-rate=256k pcq-burst-rate=512k pc
q-burst-threshold=384k \\r
\n pcq-dst-address-mask=29 pcq-src-address-mask=21; \r
\n}}” policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive
start-date=oct/08/2016 start-time=07:00:00
add comment=“Daytime - 2” interval=1d name=“Daytime - 2” on-event=“## Daytim
e ##\r
\n{\r
\n:global ref "512k"\r
\n:global pref [:pick $ref 0 3 ];\r
\n:global x [/queue type get [find where name=Unlimited ] pcq-rate ];\r
\n:global xx [:pick $x 0 3 ];\r
\n:if ($pref != $xx) do={\r
\n:log warning ("Bandwidth change to Daytime");\r
\n/queue type set [find name=Unlimited ] pcq-rate="$ref" pcq-burst-rate
=1M pcq-burst-threshold=768k \\r
\n pcq-dst-address-mask=29 pcq-src-address-mask=21; \r
\n/queue type set [find name=Limited ] pcq-rate=256k pcq-burst-rate=768k p
cq-burst-threshold=512k \\r
\n pcq-dst-address-mask=29 pcq-src-address-mask=21;\r
\n/queue type set [find name=Upload ] pcq-rate=256k pcq-burst-rate=512k pc
q-burst-threshold=384k \\r
\n pcq-dst-address-mask=29 pcq-src-address-mask=21; \r
\n}}” policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive
start-date=oct/08/2016 start-time=17:00:00
add comment=“Nighttime - 1” interval=1d name=“Nighttime - 1” on-event=“## Nigh
ttime ##\r
\n{\r
\n:global ref "1024k"\r
\n:global pref [:pick $ref 0 3 ];\r
\n:global x [/queue type get [find where name=Unlimited ] pcq-rate ];\r
\n:global xx [:pick $x 0 3 ];\r
\n:if ($pref != $xx) do={\r
\n:log warning ("Bandwidth change to Nighttime");\r
\n/queue type set [find name=Unlimited ] pcq-rate="$ref" pcq-burst-rate
=2M pcq-burst-threshold=1536k \\r
\n pcq-dst-address-mask=29 pcq-src-address-mask=21;\r
\n/queue type set [find name=Limited ] pcq-rate=512k pcq-burst-rate=1536k
pcq-burst-threshold=1M \\r
\n pcq-dst-address-mask=29 pcq-src-address-mask=21;\r
\n/queue type set [find name=Upload ] pcq-rate=512k pcq-burst-rate=1M pcq-
burst-threshold=768k \\r
\n pcq-dst-address-mask=29 pcq-src-address-mask=21; \r
\n}}” policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive
start-date=oct/08/2016 start-time=00:00:01
add comment=“Nighttime - 2” interval=1d name=“Nighttime - 2” on-event=“## Nigh
ttime ##\r
\n{\r
\n:global ref "1024k"\r
\n:global pref [:pick $ref 0 3 ];\r
\n:global x [/queue type get [find where name=Unlimited ] pcq-rate ];\r
\n:global xx [:pick $x 0 3 ];\r
\n:if ($pref != $xx) do={\r
\n:log warning ("Bandwidth change to Nighttime");\r
\n/queue type set [find name=Unlimited ] pcq-rate="$ref" pcq-burst-rate
=2M pcq-burst-threshold=1536k \\r
\n pcq-dst-address-mask=29 pcq-src-address-mask=21;\r
\n/queue type set [find name=Limited ] pcq-rate=512k pcq-burst-rate=1536k
pcq-burst-threshold=1M \\r
\n pcq-dst-address-mask=29 pcq-src-address-mask=21;\r
\n/queue type set [find name=Upload ] pcq-rate=512k pcq-burst-rate=1M pcq-
burst-threshold=768k \\r
\n pcq-dst-address-mask=29 pcq-src-address-mask=21; \r
\n}}” policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive
start-date=oct/08/2016 start-time=04:00:01

mducharme · October 9, 2016, 6:46pm

All that layer 7-based matching probably works fine with your download bandwidth, but with higher bandwidth, I would be worried about the CPU utilization…

Also, with those settings, you are limiting the maximum speed for any given computer to 512k with a 1Mbps burst. This is way too conservative for people with connections much faster than yours.

BrasDeutscher · October 9, 2016, 8:21pm

I only use this things to get more experience with mikrotik, you edit all tou other Bandwidth purposes etc, basicly the setup for me works very fine, I can open 6 YouTube Videos on Mozilla and the same time I can navegate my Facebook or each other Site without any Problems, when you have more Users and other Bandwidth and more Cpu only edit the especific vars. When I disable all and open two YouTube Videos I can not navegate on chrome, load times a very slow, this proves for me the basic Idea is O.K. My secret is only devide in yes or no, in mangles srs-addresses,
src-address-list=Limited or src-address-list=!Limited, It is logig !!! To work without problems I do not use any configuration which creates other address-lists !!!
Attachments: http://forum.mikrotik.com/t/qos-simple-but-very-effectiv-setup/102349/1
Look the Attachments 1=Client clicks to download vlc.exe, bandwidth is high rate, 2=downloaded data comes over 10 Mib my config creates address-list and client go emidiatley to category 2 slow bandwidth, 3= look client downloads and the same time access in fast category!!
I will personalize the script to your bandwidth and then post, you must only change your interface names, you can test it and then rate O.K. !!

psykix · October 9, 2016, 9:51pm

mducharme:

psykix:

Thanks for all the replies!

Are the scripts RouterOS version specific? I’m running the latest RC.

I tried running the last one from terminal and it gave a few errors, and some mangle rules were created, but no queues.

It also complained about something not being an integer.

Sorry for the vague errors! I backed up before I ran it, and restored back after the script failed to completely run.

For my script, you need to go into System->Scripts, click the + button to create a new script, paste the script contents, apply to save, and then run the script. (you might need to change the first few settings as well to match your interface names, and probably will need to change the upload and download maximums for your connection, the values must be slightly lower than your maximum)

Ah… of course, my interface names will be different - especially since I am using sfp1 for my wan connection!

I’ll have another bash at it tomorrow - thanks for the extra pointers!

BrasDeutscher · October 9, 2016, 10:29pm

Install and test it !! I recomend to not use any other scripts creating address-lists, it’s possibel to have any type of Loop !!!

Step, run this to create schedule rule, to edit any go to schedule and edit

/system scheduler
add comment=“Dns to Fw and Queue Tree” interval=1m name=
“Dns to Fw and Queue Tree” on-event=“## Dns to Fw and Queue Tree ##\r
\n## Testet under RouterOS 6.38rc8 ##\r
\n## Written by BrasDeutscher,PA,Brazil ##\r
\n{\r
\n## Set the list name here ##\r
\n:global ln "Limited"\r
\n\r
\n## Set the list timeout here ##\r
\n:global ttl "1h"\r
\n\r
\n/ip firewall address-list remove [find where address=0.0.0.0 ];\r
\n/ip firewall address-list remove [find where ! dynamic list="$ln" ];
\r
\n\r
\n## Set the content here ##\r
\n:global cont1 "video"\r
\n:foreach d1 in=[/ip dns cache find where (name~"$cont1") type=A ] do=
{\r
\n:if ([:len [/ip dns cache get $d1 address ]] < 16 ) do={\r
\n:local ip1 [/ip dns cache get $d1 address ];\r
\n:local dnsn1 [/ip dns cache get $d1 name ];\r
\n:if ([/ip firewall address-list find where address=$ip1 ] = "" ) do={
\r
\n/ip firewall address-list add list="$ln" address=$ip1 timeout="$tt
l" comment="$dnsn1";\r
\n}}\r
\n}}” policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive
start-time=startup

Step setup Layer7

/ip firewall layer7-protocol
add comment=EXE name=EXE regexp=“\.(exe)”
add comment=RAR name=RAR regexp=“\.(rar)”
add comment=ZIP name=ZIP regexp=“\.(zip)”
add comment=7z name=7z regexp=“\.(7z)”
add comment=CAB name=CAB regexp=“\.(cab)”
add comment=ASF name=ASF regexp=“\.(asf)”
add comment=MOV name=MOV regexp=“\.(mov)”
add comment=WMV name=WMV regexp=“\.(wmv)”
add comment=MPG name=MPG regexp=“\.(mpg)”
add comment=MKV name=MKV regexp=“\.(mkv)”
add comment=AVI name=AVI regexp=“\.(avi)”
add comment=FLV name=FLV regexp=“\.(flv)”
add comment=WAV name=WAV regexp=“\.(wav)”
add comment=RM name=RM regexp=“\.(rm)”
add comment=M4A name=M4A regexp=“\.(m4a)”
add comment=MP3 name=MP3 regexp=“\.(mp3)”
add comment=MP4 name=MP4 regexp=“\.(mp4)”
add comment=RAM name=RAM regexp=“\.(ram)”
add comment=RMVB name=RMVB regexp=“\.(rmvb)”
add comment=DAT name=DAT regexp=“\.(dat)”
add comment=DAA name=DAA regexp=“\.(daa)”
add comment=ISO name=ISO regexp=“\.(iso)”
add comment=NRG name=NRG regexp=“\.(nrg)”
add comment=BIN name=BIN regexp=“\.(bin)”
add comment=VCD name=VCD regexp=“\.(vcd)”
add comment=WMA name=WMA regexp=“\.(wma)”
add comment=JPG name=JPG regexp=“\.(jpg)”
add comment=JPEG name=JPEG regexp=“\.(jpeg)”
add comment=PNG name=PNG regexp=“\.(png)”
add comment=GIF name=GIF regexp=“\.(gif)”
add comment=WEBM name=WEBM regexp=“\.(webm)”
add comment=3GP name=3GP regexp=“\.(3gp)”
add comment=3G2 name=3G2 regexp=“\.(3g2)”
add comment=MPEG name=MPEG regexp=“\.(f4v)”
add comment=F4A name=F4A regexp=“\.(f4a)”
add comment=F4B name=F4B regexp=“\.(f4b)”
add comment=F4P name=F4P regexp=“\.(f4p)”

2. Step add adicional firewall filter rules

Set here your Wan Interface Neme

:global int “your-wan-interface”

Set here address list timeout, if value is to high you can get high Cpu usage

:global t “1h”

Set here your trigger speed number, ex. 256, + k for kb/ps or M for Mb/ps, up to this speed the rule activate

:global ts “256”
:global tsx “K”

Set here up to how much data the rule activate, default is 10 Mib

:global b “10”
:global bt ($b * 10485760)
/ip firewall filter
add action=jump chain=forward comment=Qos jump-target=Qos layer7-protocol=3G2
add action=jump chain=forward comment=Qos jump-target=Qos layer7-protocol=EXE
add action=jump chain=forward comment=Qos jump-target=Qos layer7-protocol=3GP
add action=jump chain=forward comment=Qos jump-target=Qos layer7-protocol=F4A
add action=jump chain=forward comment=Qos jump-target=Qos layer7-protocol=F4B
add action=jump chain=forward comment=Qos jump-target=Qos layer7-protocol=F4P
add action=jump chain=forward comment=Qos jump-target=Qos layer7-protocol=
MPEG
add action=jump chain=forward comment=Qos jump-target=Qos layer7-protocol=7z
add action=jump chain=forward comment=Qos jump-target=Qos layer7-protocol=BIN
add action=jump chain=forward comment=Qos jump-target=Qos layer7-protocol=FLV
add action=jump chain=forward comment=Qos jump-target=Qos layer7-protocol=ISO
add action=jump chain=forward comment=Qos jump-target=Qos layer7-protocol=M4A
add action=jump chain=forward comment=Qos jump-target=Qos layer7-protocol=MKV
add action=jump chain=forward comment=Qos jump-target=Qos layer7-protocol=MOV
add action=jump chain=forward comment=Qos jump-target=Qos layer7-protocol=MP3
add action=jump chain=forward comment=Qos jump-target=Qos layer7-protocol=MP4
add action=jump chain=forward comment=Qos jump-target=Qos layer7-protocol=RAR
add action=jump chain=forward comment=Qos jump-target=Qos layer7-protocol=WAV
add action=jump chain=forward comment=Qos jump-target=Qos layer7-protocol=
WEBM
add action=jump chain=forward comment=Qos jump-target=Qos layer7-protocol=WMA
add action=jump chain=forward comment=Qos jump-target=Qos layer7-protocol=WMV
add action=jump chain=forward comment=Qos jump-target=Qos layer7-protocol=ZIP
add action=jump chain=forward comment=Qos content=download jump-target=Qos
add action=add-src-to-address-list address-list=Limited address-list-timeout=“$t”
chain=Qos comment=Qos connection-bytes=(“$bt” . “-0”) connection-rate=(“$ts” . “$tsx” . “-” . “70M”)
in-interface=“$int” protocol=tcp
add action=add-src-to-address-list address-list=Limited address-list-timeout=“$t”
chain=Qos comment=Qos connection-bytes=(“$bt” . “-0”) connection-rate=(“$ts” . “$tsx” . “-” . “70M”)
in-interface=“$int” protocol=udp

3. Step add firewall mangle rules, edit your interface-names

set your Lan Interface here, if you use bridge set bridge

:global int1 “your-in-nterface”
/ip firewall mangle
add action=mark-packet chain=prerouting comment=Upload in-interface=“$int1”
new-packet-mark=Upload passthrough=no
add action=mark-packet chain=postrouting comment=Limited new-packet-mark=
Limited out-interface=“$int1” passthrough=no src-address-list=Limited
add action=mark-packet chain=postrouting comment=Unlimited new-packet-mark=
Unlimited out-interface=“$int1” passthrough=no src-address-list=!Limited

4. Step add new queue types, you must ajust the pcq dst and src-address-mask to your own network size

!!-- Important is to understand pcq divide all streams in = streams, that means 40 Mb/ps Bandwidth --!!

!!-- for 1 user, user can use all Band, for 20 user, each user can use 2 Mb/ps --!!

/queue type
add kind=pcq name=Upload pcq-burst-rate=17M pcq-burst-threshold=15M pcq-rate=13M
pcq-classifier=src-address pcq-dst-address-mask=32 pcq-src-address-mask=32;

add kind=pcq name=Unlimited pcq-burst-rate=40M pcq-burst-threshold=35M pcq-rate=30M
pcq-classifier=dst-address pcq-dst-address-mask=32 pcq-src-address-mask=32;

add kind=pcq name=Limited pcq-burst-rate=30M pcq-burst-threshold=25M pcq-rate=20M
pcq-classifier=dst-address pcq-dst-address-mask=32 pcq-src-address-mask=32;

5. Step add queue-tree rules

/queue tree
add comment=Upload name=Upload packet-mark=Upload parent=global queue=Upload
add comment=Limited name=Limited packet-mark=Limited parent=global queue=Limited
add comment=Unlimited name=Unlimited packet-mark=Unlimited parent=global
priority=2 queue=Unlimited