RouterOS version for Traffic Shapper

RouterOS General
1

Hi

I just want to build a transparent traffic shaper based on RouterOS, which will operate in bridge mode and will shape around 200 MB. What I’m interested is which RouterOS version should I use, I know that the latest is always the best, but I’m wondering is there a version which used to perform almost perfect and bug free for this kind of configuration. I will customize it just for traffic shaping only the necessary packages I intend to install, and also I’m wondering what hardware to use for that amount of traffic.

Regards

Faton

2

The latest version is better. Even if you will find any problems with the latest version, you can report the problem, we will try to fix it.
It is not possible to invent any fixes to the older versions anyway.

3

I’m experiencing some problem with mangle and queue tree, the rules below doesn’t match at all in version 3.14 and 3.15

/ ip firewall mangle
add chain=forward connection-bytes=6000000-4294967295 action=mark-connection new-connection-mark=InfiniteBytes-conn passthrough=yes comment=“” disabled=no
add chain=forward connection-mark=InfiniteBytes-conn action=mark-packet new-packet-mark=Infinite-Bytes passthrough=yes comment=“” disabled=no
add chain=forward connection-bytes=3000000-6000000 action=mark-connection new-connection-mark=6Mbyte-conn passthrough=yes comment=“” disabled=no
add chain=forward connection-mark=6Mbyte-conn action=mark-packet new-packet-mark=6Mbyte passthrough=yes comment=“” disabled=no
add chain=forward connection-bytes=1000000-3000000 action=mark-connection new-connection-mark=3Mbyte-conn passthrough=yes comment=“” disabled=no
add chain=forward connection-mark=3Mbyte-conn action=mark-packet new-packet-mark=3Mbyte passthrough=yes comment=“” disabled=no
add chain=forward connection-bytes=512000-1000000 action=mark-connection new-connection-mark=1Mbytes-conn passthrough=yes comment=“” disabled=no
add chain=forward connection-mark=1Mbytes-conn action=mark-packet new-packet-mark=1Mbyte passthrough=yes comment=“” disabled=no
add chain=forward connection-bytes=0-512000 action=mark-connection new-connection-mark=0bytes-conn passthrough=yes comment=“” disabled=no
add chain=forward connection-mark=0bytes-conn action=mark-packet new-packet-mark=0bytes passthrough=yes comment=“” disabled=no
add chain=forward protocol=tcp dst-port=443 action=mark-connection new-connection-mark=ssl-conn passthrough=yes comment=“” disabled=no
add chain=forward connection-mark=ssl-conn action=mark-packet new-packet-mark=ssl passthrough=yes comment=“” disabled=no
add chain=forward protocol=udp action=mark-connection new-connection-mark=udp-conn passthrough=yes comment=“” disabled=no
add chain=forward connection-mark=udp-conn action=mark-packet new-packet-mark=udp passthrough=yes comment=“” disabled=no
add chain=forward protocol=icmp action=mark-connection new-connection-mark=icmp-conn passthrough=yes comment=“” disabled=no
add chain=forward protocol=icmp connection-mark=icmp-conn action=mark-packet new-packet-mark=icmp passthrough=yes comment=“” disabled=no
add chain=forward protocol=tcp dst-port=110 action=mark-connection new-connection-mark=pop3-conn passthrough=yes comment=“” disabled=no
add chain=forward connection-mark=pop3-conn action=mark-packet new-packet-mark=pop3 passthrough=yes comment=“” disabled=no
add chain=forward protocol=tcp dst-port=25 action=mark-connection new-connection-mark=smtp-conn passthrough=yes comment=“” disabled=no
add chain=forward connection-mark=smtp-conn action=mark-packet new-packet-mark=smtp passthrough=yes comment=“” disabled=no
add chain=forward protocol=tcp dst-port=143 action=mark-connection new-connection-mark=imap-conn passthrough=yes comment=“” disabled=no
add chain=forward connection-mark=imap-conn action=mark-packet new-packet-mark=imap passthrough=yes comment=“” disabled=no
add chain=forward protocol=tcp dst-port=80 action=mark-connection new-connection-mark=http-conn passthrough=yes comment=“” disabled=no
add chain=forward connection-mark=http-conn action=mark-packet new-packet-mark=http passthrough=yes comment=“” disabled=no
add chain=forward src-address=80.80.160.0/20 action=mark-connection new-connection-mark=ipko80 passthrough=yes comment=“” disabled=no
add chain=forward connection-mark=ipko80 action=mark-packet new-packet-mark=ipko80packet passthrough=yes comment=“” disabled=no
add chain=forward dst-address=80.80.160.0/20 action=mark-connection new-connection-mark=ipko180 passthrough=yes comment=“” disabled=no
add chain=forward connection-mark=ipko180 action=mark-packet new-packet-mark=ipko180packet passthrough=yes comment=“” disabled=no
add chain=forward src-address=91.187.96.0/19 action=mark-connection new-connection-mark=ipko91 passthrough=yes comment=“” disabled=no
add chain=forward connection-mark=ipko91 action=mark-packet new-packet-mark=ipko91packet passthrough=yes comment=“” disabled=no
add chain=forward dst-address=91.187.96.0/19 action=mark-connection new-connection-mark=ipko191 passthrough=yes comment=“” disabled=no
add chain=forward connection-mark=ipko191 action=mark-packet new-packet-mark=ipko191packet passthrough=yes comment=“” disabled=no
add chain=forward protocol=tcp dst-port=1863 action=mark-connection new-connection-mark=msm-messenger-conn passthrough=yes comment=“” disabled=no
add chain=forward connection-mark=msm-messenger-conn action=mark-packet new-packet-mark=msn-messenger passthrough=yes comment=“” disabled=no
add chain=forward protocol=gre action=mark-connection new-connection-mark=gre-conn passthrough=yes comment=“” disabled=no
add chain=forward connection-mark=gre-conn action=mark-packet new-packet-mark=gre passthrough=yes comment=“” disabled=no
add chain=forward protocol=ipsec-esp action=mark-connection new-connection-mark=ipsec-esp-conn passthrough=yes comment=“” disabled=no
add chain=forward connection-mark=ipsec-esp-conn action=mark-packet new-packet-mark=ipsec-esp passthrough=yes comment=“” disabled=no
add chain=forward protocol=ipsec-ah action=mark-connection new-connection-mark=ipsec-ah-conn passthrough=yes comment=“” disabled=no
add chain=forward connection-mark=ipsec-ah-conn action=mark-packet new-packet-mark=ipsec-ah passthrough=yes comment=“” disabled=no
add chain=forward protocol=ipip action=mark-connection new-connection-mark=ipip-conn passthrough=yes comment=“” disabled=no
add chain=forward connection-mark=ipip-conn action=mark-packet new-packet-mark=ipip passthrough=yes comment=“” disabled=no
add chain=forward protocol=ipencap action=mark-connection new-connection-mark=ipencap-conn passthrough=yes comment=“” disabled=no
add chain=forward connection-mark=ipencap-conn action=mark-packet new-packet-mark=ipencap passthrough=yes comment=“” disabled=no

/ queue tree
add name=“OVERALL” parent=global-out packet-mark=“” limit-at=256000 queue=default priority=8 max-limit=256000 burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
add name=“IPKO80” parent=OVERALL packet-mark=ipko80packet limit-at=0 queue=default priority=1 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
add name=“IPKO180” parent=OVERALL packet-mark=ipko180packet limit-at=0 queue=default priority=1 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
add name=“IPKO91” parent=OVERALL packet-mark=ipko91packet limit-at=0 queue=default priority=1 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
add name=“IPKO191” parent=OVERALL packet-mark=ipko191packet limit-at=0 queue=default priority=1 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
add name=“HTTP” parent=OVERALL packet-mark=http limit-at=0 queue=default priority=1 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
add name=“SSL” parent=OVERALL packet-mark=ssl limit-at=0 queue=default priority=1 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
add name=“UDP” parent=OVERALL packet-mark=udp limit-at=0 queue=default priority=1 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
add name=“ICMP” parent=OVERALL packet-mark=icmp limit-at=0 queue=default priority=1 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
add name=“POP3” parent=OVERALL packet-mark=pop3 limit-at=0 queue=default priority=1 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
add name=“SMTP” parent=OVERALL packet-mark=smtp limit-at=0 queue=default priority=1 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
add name=“IMAP” parent=OVERALL packet-mark=imap limit-at=0 queue=default priority=1 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
add name=“0-512” parent=OVERALL packet-mark=0bytes limit-at=0 queue=default priority=1 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
add name=“1Mbyte” parent=OVERALL packet-mark=1Mbyte limit-at=0 queue=default priority=2 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
add name=“3Mbyte” parent=OVERALL packet-mark=3Mbyte limit-at=0 queue=default priority=4 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
add name=“6Mbyte” parent=OVERALL packet-mark=6Mbyte limit-at=0 queue=default priority=6 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
add name=“Infinite” parent=OVERALL packet-mark=Infinite-Bytes limit-at=0 queue=default priority=8 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
add name=“MSN-MESSENGER” parent=OVERALL packet-mark=msn-messenger limit-at=0 queue=default priority=1 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
add name=“GRE” parent=OVERALL packet-mark=gre limit-at=0 queue=default priority=8 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
add name=“IPSEC-ESP” parent=OVERALL packet-mark=ipsec-esp limit-at=0 queue=default priority=8 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
add name=“IPSEC-AH” parent=OVERALL packet-mark=ipsec-ah limit-at=0 queue=default priority=8 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
add name=“IPIP” parent=OVERALL packet-mark=ipip limit-at=0 queue=default priority=8 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
add name=“IPENCAP” parent=OVERALL packet-mark=ipencap limit-at=0 queue=default priority=8 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s disabled=no

Regards

Faton

4

If you have bridge on the router,
make sure you set

interface bridge settings set use-ip-firewall=yes