I have been studying the examples, posts, wiki’s and whitepapers and am so far unable to achoeve what I need to control my users bandwidth usage.
Initially it was simple queues, the list grew too long hurting overall routing performance.
I am attempting to use pcq queues to classify data combined with queue trees to prioritize and limit the users throughput. unfortunately I am missing something in that when I apply a limit to the queue in the tree, it limits the entire class of users to the speed I want to enforce on every user. In other words. while i want any and all of my users to get 800k downloads even if all are downloading at the same time, what I am ending up with is the sum of all users downloads being limited to 800k. Pretty useless. Here is how I amd attempting to do this.
First I created an address list containing the three address groups for my three different classes of service.
ip firewall address-list
add address=10.1.97.0/24 disabled=no list=AddyStd
add address=10.11.97.0/24 disabled=no list=AddyPlus
add address=10.21.97.0/24 disabled=no list=AddyElite
I created a set of mangle rules to tag the packets according to the address list entries for traffic
destined for the users on the local acess point.
/ip firewall mangle
add action=mark-connection chain=forward comment=“Mark Standard inbound connections” disabled=no dst-address-list=AddyStd new-connection-mark=std_client_conn passthrough=yes
add action=mark-packet chain=forward connection-mark=std_client_conn disabled=no new-packet-mark=std_client_traffic passthrough=no
add action=mark-connection chain=forward comment=“Mark Plus clients Connections” disabled=no dst-address-list=AddyPlus new-connection-mark=plus_client_conn passthrough=yes
add action=mark-packet chain=forward connection-mark=plus_client_conn disabled=no new-packet-mark=plus_client_traffic passthrough=no
add action=mark-connection chain=forward comment=“Mark Elite clients Connections” disabled=no dst-address-list=AddyElite new-connection-mark=elite_client_conn passthrough=yes
add action=mark-packet chain=forward connection-mark=elite_client_conn disabled=no new-packet-mark=elite_client_traffic passthrough=no
I defined the PCQ’s with the overall cap that I want to put on traffic in this particular class.
/queue type
add kind=pcq name=PCQ_down_Standard pcq-burst-rate=0 pcq-burst-threshold=0 pcq-burst-time=10s pcq-classifier=dst-address pcq-dst-address-mask=32 pcq-dst-address6-mask=128 pcq-limit=50
pcq-rate=4M pcq-src-address-mask=32 pcq-src-address6-mask=128 pcq-total-limit=2000
add kind=pcq name=PCQ_down_Plus pcq-burst-rate=0 pcq-burst-threshold=0 pcq-burst-time=10s pcq-classifier=dst-address pcq-dst-address-mask=32 pcq-dst-address6-mask=128 pcq-limit=50
pcq-rate=8M pcq-src-address-mask=32 pcq-src-address6-mask=128 pcq-total-limit=2000
add kind=pcq name=PCQ_down_Elite pcq-burst-rate=0 pcq-burst-threshold=0 pcq-burst-time=10s pcq-classifier=dst-address pcq-dst-address-mask=32 pcq-dst-address6-mask=128 pcq-limit=50
pcq-rate=10M pcq-src-address-mask=32 pcq-src-address6-mask=128 pcq-total-limit=2000
Lastly I defined a queue tree that takes packets marked by the mangle rules and runs them through the PCQ entries defined above. The overall parent is the ethernet interface facing the local AP. There are three subqueues that are intended to place a per user cap on throughput.
/queue tree
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=Total_Download parent=ether2_AP priority=8
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=800k name=std_client_download packet-mark=std_client_traffic parent=Total_Download priority=8 queue=PCQ_down_Standard
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=1600k name=plus_client_download packet-mark=plus_client_traffic parent=Total_Download priority=6 queue=PCQ_down_Plus
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=2100k name=elite_client_download packet-mark=elite_client_traffic parent=Total_Download priority=4 queue=PCQ_down_Elite
So, I could certainly use the help of someone who has done this before and can find the fault in the above configuration..