I have recently upgraded from RB3011 running RouterOS 6.x to a RB5009 running RouterOS 7.x
Basically copied the required sections of the configuration using terminal export - loaded into NotePad++ to tweak and narrow down only the required IP addresses, filter rules, NAT, mangle, address lists, queue tree, etc., then paste into new terminal - done!
The queue tree is pretty simple..
At the moment of taking that screen shot I’m pushing over 300 Mbps of archive data to Google Drive, but the Bulk Up in the queue tree shows almost nothing..
The Bulk Down and Bulk Up queues used to do what I expected on the RB3011 and capped anything without a packet mark at the set rate depending on the direction of traffic.
The RB5009 is completely differently - Bulk Down seems to work as expected but not Bulk Up.
I did some digging around and found suggestions that FastTrack was the cause, but it was enabled and working on the RB3011 and the Queue Tree functioned as expected.
Any insight into what I am missing here?
When working with (simple?) queues, fasttrack should be disabled. Can you share the config (or at least the /queue and /ip firewall filter)?
I read somewhere (I think in another post on this forum from memory) that queue trees with only interfaces set as parents is compatible with fasttrack - and thus the bulk queues with bridge (LAN) and SFP (WAN) as parents, and as mentioned it seemed to work as I expected it too on the RB3011.
If I test disabling fasttrack on the RB5009 then both bulk queues are seemingly ignored - when fasttrack is enabled the Bulk Down works again.
I've been working with Mikrotik gear for a while now, but classify myself somewhat of a newbie still - there is a LOT to learn so please excuse any ignorance of the system and OS.
Configuration as follows..
/ip firewall mangle add action=mark-packet chain=postrouting comment=ACK new-packet-mark=ACK packet-size=0-123 passthrough=no protocol=tcp tcp-flags=ack
/ip firewall mangle add action=mark-packet chain=prerouting new-packet-mark=ACK packet-size=0-123 passthrough=no protocol=tcp tcp-flags=ack
/ip firewall mangle add action=mark-connection chain=prerouting comment=DNS connection-state=new new-connection-mark=DNS passthrough=yes port=53 protocol=udp
/ip firewall mangle add action=mark-packet chain=prerouting connection-mark=DNS new-packet-mark=DNS passthrough=no
/ip firewall mangle add action=mark-connection chain=postrouting connection-state=new new-connection-mark=DNS passthrough=yes port=53 protocol=udp
/ip firewall mangle add action=mark-packet chain=postrouting connection-mark=DNS new-packet-mark=DNS passthrough=no
/ip firewall mangle add action=mark-connection chain=prerouting comment=ICMP connection-state=new new-connection-mark=ICMP passthrough=yes protocol=icmp
/ip firewall mangle add action=mark-packet chain=prerouting connection-mark=ICMP new-packet-mark=ICMP passthrough=no
/ip firewall mangle add action=mark-connection chain=postrouting connection-state=new new-connection-mark=ICMP passthrough=yes protocol=icmp
/ip firewall mangle add action=mark-packet chain=postrouting connection-mark=ICMP new-packet-mark=ICMP passthrough=no
/ip firewall mangle add action=mark-connection chain=prerouting comment=VOIP new-connection-mark=VOIP passthrough=yes port=5060 protocol=udp
/ip firewall mangle add action=mark-connection chain=prerouting new-connection-mark=VOIP passthrough=yes port=5061 protocol=udp
/ip firewall mangle add action=mark-connection chain=prerouting new-connection-mark=VOIP passthrough=yes port=10000-20000 protocol=udp
/ip firewall mangle add action=mark-packet chain=prerouting connection-mark=VOIP new-packet-mark=VOIP passthrough=no
/ip firewall mangle add action=mark-connection chain=prerouting comment=HTTP connection-mark=!HTTP_BIG connection-state=new new-connection-mark=HTTP passthrough=yes port=80 protocol=tcp
/ip firewall mangle add action=mark-connection chain=prerouting connection-mark=!HTTP_BIG connection-state=new new-connection-mark=HTTP passthrough=yes port=443 protocol=tcp
/ip firewall mangle add action=mark-connection chain=prerouting connection-bytes=500000-0 connection-mark=HTTP connection-rate=150k-100M new-connection-mark=HTTP_BIG passthrough=yes protocol=tcp
/ip firewall mangle add action=mark-packet chain=prerouting connection-mark=HTTP_BIG new-packet-mark=HTTP_BIG passthrough=no
/ip firewall mangle add action=mark-packet chain=prerouting connection-mark=HTTP new-packet-mark=HTTP passthrough=no
/ip firewall mangle add action=mark-connection chain=prerouting comment=MyRemote connection-state=new new-connection-mark=MyRemote passthrough=yes port=42388-42389 protocol=tcp src-address-list=aFP
/ip firewall mangle add action=mark-packet chain=prerouting connection-mark=MyRemote new-packet-mark=MyRemote passthrough=no
/ip firewall mangle add action=mark-connection chain=prerouting comment=eMail connection-state=new new-connection-mark=eMail passthrough=yes port=25 protocol=tcp
/ip firewall mangle add action=mark-connection chain=prerouting connection-state=new new-connection-mark=eMail passthrough=yes port=110 protocol=tcp
/ip firewall mangle add action=mark-connection chain=prerouting connection-state=new new-connection-mark=eMail passthrough=yes port=143 protocol=tcp
/ip firewall mangle add action=mark-connection chain=prerouting connection-state=new new-connection-mark=eMail passthrough=yes port=465 protocol=tcp
/ip firewall mangle add action=mark-connection chain=prerouting connection-state=new new-connection-mark=eMail passthrough=yes port=587 protocol=tcp
/ip firewall mangle add action=mark-connection chain=prerouting connection-state=new new-connection-mark=eMail passthrough=yes port=993 protocol=tcp
/ip firewall mangle add action=mark-connection chain=prerouting connection-state=new new-connection-mark=eMail passthrough=yes port=995 protocol=tcp
/ip firewall mangle add action=mark-packet chain=prerouting connection-mark=eMail new-packet-mark=eMail passthrough=no
/ip firewall mangle add action=mark-connection chain=prerouting comment=FTP connection-state=new new-connection-mark=FTP passthrough=yes port=21 protocol=tcp
/ip firewall mangle add action=mark-connection chain=prerouting connection-state=established,new new-connection-mark=FTP passthrough=yes port=42100-42200 protocol=tcp
/ip firewall mangle add action=mark-connection chain=prerouting connection-state=established,related,new new-connection-mark=FTP passthrough=yes port=44945-44946 protocol=tcp
/ip firewall mangle add action=mark-connection chain=prerouting connection-state=established,related,new new-connection-mark=FTP passthrough=yes port=44945-44946 protocol=udp
/ip firewall mangle add action=mark-packet chain=prerouting connection-mark=FTP new-packet-mark=FTP passthrough=no
/queue tree add comment="High Priority Down" name="A.High Priority Down" parent=bridge priority=1 queue=default
/queue tree add comment="High Priority Up" name="A.High Priority Up" parent=sfp-sfpplus1 priority=1 queue=default
/queue tree add comment="Medium Priority Down" max-limit=550M name="B.Medium Priority Down" parent=bridge priority=3 queue=default
/queue tree add comment="Medium Priority Up" max-limit=200M name="B.Medium Priority Up" parent=sfp-sfpplus1 priority=3 queue=default
/queue tree add comment="Low Priority Down" max-limit=550M name="C.Low Priority Down" parent=bridge priority=5 queue=default
/queue tree add comment="Low Priority Up" max-limit=200M name="C.Low Priority Up" parent=sfp-sfpplus1 priority=5 queue=default
/queue tree add name="VOIP Down" packet-mark=VOIP parent="A.High Priority Down" priority=1 queue=default
/queue tree add name="ACK Down" packet-mark=ACK parent="A.High Priority Down" priority=2 queue=default
/queue tree add name="DNS Down" packet-mark=DNS parent="A.High Priority Down" priority=2 queue=default
/queue tree add name="ICMP Down" packet-mark=ICMP parent="A.High Priority Down" priority=2 queue=default
/queue tree add name="HTTP Down" packet-mark=HTTP parent="A.High Priority Down" priority=3 queue=default
/queue tree add name="VOIP Up" packet-mark=VOIP parent="A.High Priority Up" priority=1 queue=default
/queue tree add name="ACK Up" packet-mark=ACK parent="A.High Priority Up" priority=2 queue=default
/queue tree add name="DNS Up" packet-mark=DNS parent="A.High Priority Up" priority=2 queue=default
/queue tree add name="ICMP Up" packet-mark=ICMP parent="A.High Priority Up" priority=2 queue=default
/queue tree add name="HTTP Up" packet-mark=HTTP parent="A.High Priority Up" priority=3 queue=default
/queue tree add name="HTTP Big Down" packet-mark=HTTP_BIG parent="B.Medium Priority Down" priority=5 queue=default
/queue tree add name="MyRemote Down" packet-mark=MyRemote parent="B.Medium Priority Down" priority=4 queue=default
/queue tree add name="HTTP Big Up" packet-mark=HTTP_BIG parent="B.Medium Priority Up" priority=5 queue=default
/queue tree add name="MyRemote Up" packet-mark=MyRemote parent="B.Medium Priority Up" priority=4 queue=default
/queue tree add name="eMail Down" packet-mark=eMail parent="C.Low Priority Down" priority=6 queue=default
/queue tree add name="FTP Down" packet-mark=FTP parent="C.Low Priority Down" queue=default
/queue tree add name="eMail Up" packet-mark=eMail parent="C.Low Priority Up" priority=6 queue=default
/queue tree add name="FTP Up" packet-mark=FTP parent="C.Low Priority Up" queue=default
/queue tree add comment="Bulk Down" max-limit=550M name="D.Bulk Down" packet-mark=no-mark parent=bridge queue=default
/queue tree add comment="Bulk Up" max-limit=200M name="D.Bulk Up" packet-mark=no-mark parent=sfp-sfpplus1 queue=default
/ip firewall filter add action=drop chain=input comment=AutoBlockWAN1 disabled=yes in-interface=sfp-sfpplus1
/ip firewall filter add action=drop chain=forward comment=AutoBlockWAN2 disabled=yes in-interface=sfp-sfpplus1
/ip firewall filter add action=accept chain=forward comment="ALLOW Home Brew - Monitor" dst-address=192.168.50.35 dst-port=80 in-interface=sfp-sfpplus1 protocol=tcp
/ip firewall filter add action=drop chain=input comment="DENY ping from WAN" in-interface=sfp-sfpplus1 protocol=icmp
/ip firewall filter add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
/ip firewall filter add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
/ip firewall filter add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
/ip firewall filter add action=accept chain=input comment="defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
/ip firewall filter add action=drop chain=input comment="defconf: drop all not coming from LAN" in-interface-list=!LAN
/ip firewall filter add action=accept chain=forward comment="defconf: accept in ipsec policy" ipsec-policy=in,ipsec
/ip firewall filter add action=accept chain=forward comment="defconf: accept out ipsec policy" ipsec-policy=out,ipsec
/ip firewall filter add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related
/ip firewall filter add action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=established,related,untracked
/ip firewall filter add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
/ip firewall filter add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new in-interface-list=WAN
/ip firewall filter add action=accept chain=input comment="ALLOW LAN access to router and Internet" connection-state=new in-interface=bridge
/ip firewall filter add action=accept chain=forward connection-state=new in-interface=bridge
/ip firewall filter add action=drop chain=input comment="DENY anything from anywhere on any interface"
/ip firewall filter add action=drop chain=forward
The idea of the bulk queues is to make sure that even if something (like archiving a heap of data to Google Drive) is flogging the available bandwidth it can't have it all, there is always some left for any other connection (like general internet access) - so the limits set for those queues is about 85% of total bandwidth from the ISP.
There may be a better way to achieve the same result?
