Queue with 1 WAN and 2 LAN interfaces

cheesewright · May 9, 2011, 9:33pm

I’m following the Mikrotik wiki (http://wiki.mikrotik.com/wiki/Queue_Tree_with_more_than_two_interfaces) to prioritize server traffic over user traffic with PCQ trees. My router has three interfaces:

WAN - PPPoE to ISP (6M down, 4M up)
LAN - 172.16.0.0/16 (private subnet, masqueraded out WAN using single public IP)
SERVERS - 64.126.168.192/28 (public ip range, no masquerading)

Servers and LAN share the WAN connection. The Mikrotik also routes traffic between the LAN and SERVER interfaces- only traffic exiting via the WAN connection should be queued!

THE PROBLEM: Server upload traffic is counted twice and queues under both upload and download queue trees! This effectively cuts my bandwidth in half.

Below are my mangle rules:

0   chain=forward action=mark-connection new-connection-mark=user-conn passthrough=yes src-address=172.16.0.0/16 out-interface=WAN
 1   chain=forward action=mark-packet new-packet-mark=user passthrough=yes connection-mark=user-conn 
 2   chain=forward action=mark-connection new-connection-mark=server-conn passthrough=yes in-interface=SERVERS out-interface=WAN
 3   chain=forward action=mark-packet new-packet-mark=server passthrough=yes connection-mark=server-conn

Here is the Queue Tree:

 0   name="Download" parent=global-out limit-at=0 priority=1 max-limit=6M burst-limit=0 burst-threshold=0 burst-time=0s 
 1   name="user-down" parent=Download packet-mark=user limit-at=3M queue=pcq-down priority=5 max-limit=6M burst-limit=0 
     burst-threshold=0 burst-time=0s 
 2   name="server-down" parent=Download packet-mark=server limit-at=3M queue=pcq-down priority=3 max-limit=6M burst-limit=0 
     burst-threshold=0 burst-time=0s 
 3   name="Upload" parent=pppoe-fsr limit-at=0 priority=1 max-limit=4M burst-limit=0 burst-threshold=0 burst-time=0s 
 4   name="user-up" parent=Upload packet-mark=user limit-at=1M queue=pcq-up priority=5 max-limit=4M burst-limit=0 burst-threshold=0 
     burst-time=0s 
 5   name="server-up" parent=Upload packet-mark=server limit-at=3M queue=pcq-up priority=3 max-limit=4M burst-limit=0 burst-threshold=0 
     burst-time=0s

How can I properly queue traffic for two LAN interfaces sharing a WAN connection without upload traffic from the servers being counted under the download category? Constraints are: 1) LAN interface is masqueraded and SERVERS isn’t 2) Only traffic going out WAN interface should be queued (not traffic between LAN and SERVERS).

cheesewright · May 10, 2011, 5:31pm

I found the solution was not to mark the server connections in mangle. Queues attached to global-out get confused when used with connection marking on interfaces without NAT. I simply created two packet mark rules in mangle:

 4   chain=forward action=mark-packet new-packet-mark=server-up passthrough=no in-interface=SERVER out-interface=WAN
 5   chain=forward action=mark-packet new-packet-mark=server-down passthrough=no in-interface=WAN out-interface=SERVER

Set the up/down server queues to use these marks, and it works as expected. The wiki should advise not to use connection marks in combination with global-out queues unless NAT is also used.