Hi,
I am having a queueing problem. I’m using nat on src with masquerading. I’ve setup firewall mangle to mark “all” packets and “p2p” packets. I have two queue trees, both pcq, one applied to global-in and one applied to global-out. They are limited to 1.544Mb each to reflect the fact that they are connected to a T1 circuit, so these server as my “Master” in/out queues. These work fine. I tried using simple queues, but they tend to not be as accurate, leaving 10-20% of the bandwidth unused.
Then I have 5 simple queues, one for each of the five Class C nat’ed networks I have inside the MT. Each one uses the p2p mark from firewall mangle to limit p2p traffic to 128k down and 64k up.
The problem is, the 5 simple queues don’t work when the 2 in/out queue trees are enabled. P2P traffic sails by the simple queues up to the limit of the queue trees. When I temporarily disable the queue trees, the simple queues kick in and start limiting the p2p traffic properly.
Is there any way to enforce the max limit of the T1 line for all traffic, while limiting the p2p traffic the way I’ve intended? I’ve included the parts of my config that relate to my problem.
Thanks in advance.
/ ip address
add address=192.168.2.200/24 network=192.168.2.0 broadcast=192.168.2.255
interface=ether1 comment=“” disabled=no
add address=10.0.40.1/24 network=10.0.40.0 broadcast=10.0.40.255
interface=ether2 comment=“” disabled=no
add address=10.0.43.1/24 network=10.0.43.0 broadcast=10.0.43.255
interface=ether3 comment=“” disabled=no
add address=10.0.44.1/24 network=10.0.44.0 broadcast=10.0.44.255
interface=wlan1 comment=“” disabled=no
/ ip firewall mangle
add chain=prerouting action=mark-packet new-packet-mark=p2p passthrough=yes
comment=“” disabled=no
add chain=prerouting action=mark-packet new-packet-mark=all passthrough=yes
comment=“” disabled=no
/ ip firewall nat
add chain=srcnat out-interface=ether1 action=masquerade comment=“” disabled=no
/ ip firewall connection tracking
set enabled=yes tcp-syn-sent-timeout=1m tcp-syn-received-timeout=1m
tcp-established-timeout=1d tcp-fin-wait-timeout=10s
tcp-close-wait-timeout=10s tcp-last-ack-timeout=10s
tcp-time-wait-timeout=10s tcp-close-timeout=10s udp-timeout=10s
udp-stream-timeout=3m icmp-timeout=10s generic-timeout=10m
/ ip firewall service-port
/ queue type
set default name=“default” kind=pfifo pfifo-limit=50
set ethernet-default name=“ethernet-default” kind=pfifo pfifo-limit=50
set wireless-default name=“wireless-default” kind=sfq sfq-perturb=5
sfq-allot=1514
set synchronous-default name=“synchronous-default” kind=red red-limit=60
red-min-threshold=10 red-max-threshold=50 red-burst=20 red-avg-packet=1000
set hotspot-default name=“hotspot-default” kind=sfq sfq-perturb=5
sfq-allot=1514
add name=“wireless-pcq” kind=pcq pcq-rate=0 pcq-limit=50 pcq-classifier=“”
pcq-total-limit=2000
add name=“default-small” kind=pfifo pfifo-limit=10
/ queue simple
add name=“p2p 10.0.40.0 Class” dst-address=10.0.40.0/24 interface=all
parent=none direction=both priority=8 queue=default-small/default-small
limit-at=64000/64000 max-limit=64000/128000 total-queue=default-small
p2p=all-p2p disabled=no
add name=“p2p 10.0.41.0 Class” dst-address=10.0.41.0/24 interface=all
parent=none direction=both priority=8 queue=default-small/default-small
limit-at=64000/64000 max-limit=64000/128000 total-queue=default-small
p2p=all-p2p disabled=no
add name=“p2p 10.0.42.0 Class” dst-address=10.0.42.0/24 interface=all
parent=none direction=both priority=8 queue=default-small/default-small
limit-at=64000/64000 max-limit=64000/128000 total-queue=default-small
p2p=all-p2p disabled=no
add name=“p2p 10.0.43.0 Class” dst-address=10.0.43.0/24 interface=all
parent=none direction=both priority=8 queue=default-small/default-small
limit-at=64000/64000 max-limit=64000/128000 total-queue=default-small
p2p=all-p2p disabled=no
add name=“p2p 10.0.44.0 Class” dst-address=10.0.44.0/24 interface=all
parent=none direction=both priority=8 queue=default-small/default-small
limit-at=64000/64000 max-limit=64000/128000 total-queue=default-small
p2p=all-p2p disabled=no
/ queue tree
add name=“Master Queue In 1.544Mb” parent=global-in packet-mark=all
limit-at=1048576 queue=wireless-pcq priority=8 max-limit=1619001
burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
add name=“Master Queue Out 1.544Mb” parent=global-out packet-mark=all
limit-at=1048576 queue=wireless-pcq priority=8 max-limit=1619001
burst-limit=0 burst-threshold=0 burst-time=0s disabled=no