Queue tree bandwidth management by VLAN

calvofede · July 26, 2016, 12:28pm

Hi,

I need manage bandwidth by WLAN and AP.
Currently I have a RB2011 with Ubiquiti APs and I do WLAN bandwidth management by WLAN VLAN, for example Visitors WLAN VLAN100 and I create a DHCP server to assign a range of IP so that I can mark that packets. After I have that packets of that WLAN “Visitors” I can set the queue tree.

My question is, how can I do bandwidth management by AP. Maybe creating a VLAN with Eth that its connected to that AP? Or creating a custom WLAN VLAN for that AP?

So I’t would be nice to have for example:

Queue Tree
Global Download---------10M
Visitors (VLAN100) ----- max-limit 5M
AP 1 (VLAN 101) ---- limit-at 3M - max-limit 5M
AP 2 (VLAN 102) ---- limit-at 2M - max-limit 5M
Staff (VLAN120) ------ max-limit 5M
AP 1 (VLAN 121) ---- limit-at 1M - max-limit 5M
AP 2 (VLAN 122) ---- limit-at 4M - max-limit 5M

So this way I can control AP bandwidth congestion.
With Ubiquiti software I can assign a custom VLAN for that WLAN in that AP but I don’t know if there is a better way.

Thanks in advance

[ltr][color=#3e3e3e][size=100][font=Consolas, Courier New, Courier, monospace]/ip dhcp-server
add address-pool=UniFi authoritative=yes bootp-lease-time=lease-time \
    bootp-support=dynamic disabled=no interface=UniFi lease-time=30m name=UniFi
add address-pool="UniFi vlan100" authoritative=yes bootp-lease-time=lease-time \
    bootp-support=dynamic disabled=no interface=vlan100-UniFi lease-time=30m \
    name="vlan100 UniFi .33"
add address-pool="UniFi vlan200" authoritative=yes bootp-lease-time=lease-time \
    bootp-support=dynamic disabled=no interface=vlan200-UniFi lease-time=30m \
    name="vlan200 UniFi .34"

/queue tree
add max-limit=15M name="Descarga global" parent=global queue=default
add max-limit=15M name="Subida global" parent=global queue=default
add limit-at=4M max-limit=5M name="UniFi .32 - Bajada" packet-mark=\
    "UniFi .32 - Bajada" parent="Descarga global" priority=6 queue=\
    pcq-download-default
add limit-at=4M max-limit=5M name="UniFi .32 - Subida" packet-mark=\
    "UniFi .32 - Subida" parent="Subida global" priority=6 queue=\
    pcq-upload-default

/ip firewall mangle
add action=mark-packet chain=prerouting log-prefix="" new-packet-mark=\
    "UniFi .32 - Subida" passthrough=yes src-address-list="UniFi .32"
add action=mark-packet chain=postrouting dst-address-list="UniFi .32" \
    log-prefix="" new-packet-mark="UniFi .32 - Bajada" passthrough=yes

/interface vlan
add comment="TX(bajada)" interface=UniFi name=vlan100-UniFi vlan-id=100
add comment="TX(bajada)" interface=UniFi name=vlan200-UniFi vlan-id=200

/ip address
add address=192.168.32.1/24 comment="UniFi Bridge" interface=UniFi network=\
    192.168.32.0
   
    /interface bridge port
add bridge=UniFi interface=ether2
add bridge=UniFi interface=ether3
add bridge=UniFi interface=ether4
add bridge=UniFi interface=ether5
add bridge=UniFi interface=ether6
add bridge=UniFi interface=ether7
add bridge=UniFi interface=ether8
add bridge=UniFi interface=ether9
add bridge=UniFi interface=ether13_vlan32

/interface bridge
add mtu=1500 name=UniFi priority=0xAAAA
/interface ethernet
set [ find default-name=ether1 ] comment="Internet -TX(subida)" mac-address=\
    4x:xx:xx:xx:xx:xx
set [ find default-name=ether2 ] comment="Servidor UniFi"
set [ find default-name=ether3 ] comment="AP Pro-Barra -TX(bajada)"
set [ find default-name=ether4 ] comment="AP Outdoor+ Cont.Vidriado"
set [ find default-name=ether5 ] comment="AP Outdoor+ Cont.Cocina"
set [ find default-name=ether6 ] comment="AP Outdoor+ Indep.Vidriado"
set [ find default-name=ether7 ] comment="AP Outdoor+ Indep.Tablero"
set [ find default-name=ether8 ] comment="AP Pro Metro1-Entrada"
set [ find default-name=ether9 ] comment="AP Outdoor+ Metro1 Av.Lamas"
set [ find default-name=ether10 ] comment="Switch Oficina"
set [ find default-name=ether13 ] comment="Enlace M2"[/font][/size][/color][/ltr]

pe1chl · July 26, 2016, 1:51pm

Yes, you can do what you describe there, using a queue tree.
What is your question?

calvofede · July 26, 2016, 2:00pm

Currently I’m marking packets by Source-Destination IP address list.
But I don’t know how to mark packets to separate that traffic (by AP traffic) from global WLAN VLAN (several AP).
I mean, currently I can manage traffic by markPackets_IP_pool_vlan100 (DHCP Server → VLAN100 → IP_pool_vlan100) but I need to separate to a child AP queue tree. I need a way to mark that packets.

pe1chl · July 26, 2016, 2:33pm

You can add queue tree directly to a VLAN, when that is visible in the router where you do the limiting.
When not, you should know the routing further down the path so it should be possible to know that to match (if not VLAN).

calvofede · July 26, 2016, 3:55pm

Can you tell me an example, how can you do that you’re saying?
AFAIK every packets that leaves a Eth with a VLAN remains “marked” with that VLAN_id.
I’m using 2 RB2011 and 2 switch HP JG350a (supports VLAN) but in only one RB2011 I will do all the DHCP server for the VLAN.

kujo · July 26, 2016, 8:55pm

Attach scheme of your site. Why you want control AP traffic directly? Maybe use shaping of clients or services? If you want separate AP traffic to queue you need QinQ vlans.

Have a good day!

calvofede · July 27, 2016, 12:16am

[ltr][color=#3e3e3e][size=100][font=Consolas, Courier New, Courier, monospace]/ip dhcp-server
add address-pool=UniFi authoritative=yes bootp-lease-time=lease-time \
    bootp-support=dynamic disabled=no interface=UniFi lease-time=30m name=UniFi
add address-pool="UniFi vlan100" authoritative=yes bootp-lease-time=lease-time \
    bootp-support=dynamic disabled=no interface=vlan100-UniFi lease-time=30m \
    name="vlan100 UniFi .33"
add address-pool="UniFi vlan200" authoritative=yes bootp-lease-time=lease-time \
    bootp-support=dynamic disabled=no interface=vlan200-UniFi lease-time=30m \
    name="vlan200 UniFi .34"

/queue tree
add max-limit=15M name="Descarga global" parent=global queue=default
add max-limit=15M name="Subida global" parent=global queue=default
add limit-at=4M max-limit=5M name="UniFi .32 - Bajada" packet-mark=\
    "UniFi .32 - Bajada" parent="Descarga global" priority=6 queue=\
    pcq-download-default
add limit-at=4M max-limit=5M name="UniFi .32 - Subida" packet-mark=\
    "UniFi .32 - Subida" parent="Subida global" priority=6 queue=\
    pcq-upload-default

/ip firewall mangle
add action=mark-packet chain=prerouting log-prefix="" new-packet-mark=\
    "UniFi .32 - Subida" passthrough=yes src-address-list="UniFi .32"
add action=mark-packet chain=postrouting dst-address-list="UniFi .32" \
    log-prefix="" new-packet-mark="UniFi .32 - Bajada" passthrough=yes

/interface vlan
add comment="TX(bajada)" interface=UniFi name=vlan100-UniFi vlan-id=100
add comment="TX(bajada)" interface=UniFi name=vlan200-UniFi vlan-id=200

/ip address
add address=192.168.32.1/24 comment="UniFi Bridge" interface=UniFi network=\
    192.168.32.0
   
    /interface bridge port
add bridge=UniFi interface=ether2
add bridge=UniFi interface=ether3
add bridge=UniFi interface=ether4
add bridge=UniFi interface=ether5
add bridge=UniFi interface=ether6
add bridge=UniFi interface=ether7
add bridge=UniFi interface=ether8
add bridge=UniFi interface=ether9
add bridge=UniFi interface=ether13_vlan32

/interface bridge
add mtu=1500 name=UniFi priority=0xAAAA
/interface ethernet
set [ find default-name=ether1 ] comment="Internet -TX(subida)" mac-address=\
    4x:xx:xx:xx:xx:xx
set [ find default-name=ether2 ] comment="Servidor UniFi"
set [ find default-name=ether3 ] comment="AP Pro-Barra -TX(bajada)"
set [ find default-name=ether4 ] comment="AP Outdoor+ Cont.Vidriado"
set [ find default-name=ether5 ] comment="AP Outdoor+ Cont.Cocina"
set [ find default-name=ether6 ] comment="AP Outdoor+ Indep.Vidriado"
set [ find default-name=ether7 ] comment="AP Outdoor+ Indep.Tablero"
set [ find default-name=ether8 ] comment="AP Pro Metro1-Entrada"
set [ find default-name=ether9 ] comment="AP Outdoor+ Metro1 Av.Lamas"
set [ find default-name=ether10 ] comment="Switch Oficina"
set [ find default-name=ether13 ] comment="Enlace M2"[/font][/size][/color][/ltr]

Currently this config is working perfect. Depending on the WLAN VLAN id the mikrotik assign an Ip address and with that I mark packets to create the Queue tree by WLAN.
Since Ubiquiti AP doesn’t support the max number of clients in a hard way I was thinking in a method to control the amount of users per WLAN per AP that I have. But the problemis how I distinguish this traffic in the firewall mangle mark packets.
For example in Eth11 I need to connect a HP switch that supports VLAN and in this switch connect a VLAN for WLAN, another for LAN, and so on. How can I do this config in mirkotik since Eth11 gets multiple VLANs.

mjsabri · July 27, 2016, 6:50am

yes. you do. you can manage it with packet mark

calvofede · July 27, 2016, 11:57am

Yes, the thing is how to do it. Packet mark by Ip address list?
I need to use hotspot per WLAN so this is another problem.
I will need to create a hotspot server per AP VLAN?

mjsabri · July 27, 2016, 5:26pm

you should packet mark per ip address then manage it

calvofede · July 29, 2016, 3:59pm

Thanks.
I need to create a DHCP server per VLAN interface, right? So this I can control what IP has each Access Point and mark it in firewall → mangle.

mjsabri · July 30, 2016, 10:37am

Hello
yes.you say true