Script implementing Active Congestion Control

sebastia · January 5, 2018, 3:09am

Hi

Updated: to v0.5 (11/01/18)

I’ve implemented Active Congestion Control, based on the info from https://www.gargoyle-router.com/wiki/doku.php?id=qos. I’m using it for my wan connections.

Usage:

meant to control buffering at ISP
needs QoS on upload to be implemented for reliable detection
will measure latency for ping (to selected target, over selected interface “intfP”), and depending on outcome adjust download rate
outcome can be (timings can be changed in script):
** response < 25ms → increase rate by 1/10 of range (max rate - min rate)
** 25 <= response < xxx → decrease rate by “floor(response / 50) * 1/10 of range”
** loss of response => response time will default to 100ms
expects a queue tree on egress route with a max-limit set, interface “intfQ”
should be scheduled with interval execution for continuous monitoring
logging is reduced to minimal, but can be enabled at will (#:log … → :log …)

I thought it might be useful to others.

First time actions:

import functions, can be done as part of script run on startup
enable some logs to verify correct functioning (and reimport)
execute command from terminal
validate log entries
disable unwanted logs, reimport & define scheduled task

Note: any changes to functions (in a script) must be followed by execution of that script to reimport updated code

To invoke:

$applyACC target=8.8.8.8 intfP=ether1 minRt=120 maxRt=190 intfQ=ether5

Example scheduler entry:

:global applyACC do={
# v0.4

#	variables set:
#	target ping target
#	intfP ping interface
#	minRt minimal rate, in Megabits
#	maxRt maximal rate, in Megabits
#	intfQ queue interface
#:log info "ACC: target: $target, intfP: $intfP, minRt: $minRt, maxRt: $maxRt, intfQ: $intfQ"

	:local adj 0
	:local pcount 1
# safe timeout for ping, if exceeded will be interpreted as packet loss
	:local ptimeout .2
	:local mil 1000000

	:local rateStep (($maxRt-$minRt)/10)
	:if ($rateStep = 0) do={
		:log warn "Error: rate increment < 1, defaulting to 1"
		:set rateStep 1;
	}
#:log info "ACC: rate increment=$rateInc"

# Delay limits
# <25ms increment rate ceiling
	:local incMs 25
# <50ms keep rate ceiling
	:local keepMs 50

	:if ($keepMs <= $incMs) do={
		:log error "Error: timings incorrect, ensure $incMs < $keepMs"
		:error "Error: timings incorrect"
	}

	:global getRTT;
	:global setRate;
	:local rtt [$getRTT target=$target intf=$intfP count=$pcount timeout=$ptimeout]
	:if ([:typeof $rtt]="nil") do={
#		:log info "Packet loss, defaulting to 100"
		:set rtt 100
	}
# FOR TESTING :set rtt 49
#:log info "ACC: rtt: $rtt"

	:if ($rtt < $incMs) do={
# 1-step increment
		:set adj 1
	} else={
# n-step decrement
		:set adj (-$rtt / $keepMs)
	}

#	:log info "ACC: rate adjustment $adj"
	$setRate minRt=($minRt*$mil) maxRt=($maxRt*$mil) intf=$intfQ adjRt=($adj*$rateStep*$mil)
}

:global setRate do={

#	variables set:
#	minRt minimal rate
#	adjRt adjustment to rate
#	maxRt maximum
#	intf interface
#:log info "setRate: minRt: $minRt, adjRt: $adjRt, maxRt: $maxRt, intf=$intf"

	:local currRt [/queue tree get [find parent=$intf] max-limit ];
#:log info "setRate: current rate: $currRt"
	:local nextRt ($currRt + $adjRt)

	:if ($minRt > $nextRt) do={ :set nextRt $minRt}
	:if ($maxRt < $nextRt) do={ :set nextRt $maxRt}

	:if ($currRt != $nextRt) do={
:log info "setRate: adjusting $intf max-limit to $nextRt"
		/queue tree set [find parent=$intf] max-limit=$nextRt;
	}
}

:global getRTT do={

#	variables set:
#	target ping target
#	intf ping interface
#	count ping count
#	timeout ping timeout
#:log info "getRTT: target: $target, intf: $intf, count: $count, timeout: $timeout"

	:local tm [/system clock get time]
	:set tm ([:pick $tm 0 2] . [:pick $tm 3 5] . [:pick $tm 6 8])
	:local pgfl "ping-$target-$tm.txt"
	:execute script="{ping count=$count interface=$intf interval=$timeout $target}" file=$pgfl
	:delay ([:totime $timeout] * $count)
	:do {
		:delay .2
#		:put "...ping wait"
	} while=([:len [:file find name=$pgfl ]] = 0 || ([:find [:file get $pgfl contents] "sent="] < 0 ))
	:local resp [:file get $pgfl contents]
	:local rttpos [:find $resp "avg-rtt"]
	:set resp [:pick $resp ($rttpos + 8) ($rttpos + 15)]
	:set resp [:pick $resp 0 [:find $resp "ms"]]
	/file remove $pgfl
	:return [:tonum $resp]
}

frank333 · January 5, 2018, 1:28pm

sebastia,
thank you for the script is just what I was looking for.
I tried to launch it on rb3011 but it doesn’t seem to start.
1)I ask you, can you paste an example of QoS on upload? (I use the dscp for the voip implemented with this script http://forum.mikrotik.com/t/dscp-mangle-and-queue-trees/100297/1)
2) The line ($applyACC target=8.8.8.8 intfP=…) should be inserted in the script so?

sebastia · January 5, 2018, 2:03pm

these function need to imported first, suggest you put them in a script and execute that script. Then you can call on them from terminal.
For “first time” use, try running from terminal, once confirmed as working, you can schedule it, say every minute or so.
i’ve class-based HTB on the outgoing interface, and pings go into class “20”. I would suggest to ensure pings are prioritised, to ensure consistent latency.

Logging is currently setup to minimize “log noise”, to validate you can enable some log entries AND reimport functions.
#:log … → :log …

frank333 · January 6, 2018, 12:26am

sebastia, just bear with us ,are really noob
My ISP gives me a 30megabits download/3megabits upload connection

frank.

sebastia · January 6, 2018, 1:20am

About that 30/3, I would suggest to do a speed test on a good day. The numbers reported can then be used as basis for your max upload (on ether1-WAN), download (on ??? ether2-LAN ???) and best case ping latency.

Regarding the intfQ: it’s the interface facing your LAN, on which there should be a HTB attached. By rate limiting that interface, one can control buffering at ISP.
QoS connection classes (=“connection mark”) as defined for upload, should be also used to mark packets (mangling of packet mark) coming from ISP. Meaning also that you could duplicate your queues from upload.

The queues you have listed are ISP facing and relevant for upload QoS. → “ether1-WAN” should be your intfP, for pinging the internet

ACC manages only download, so the minRt & maxRt apply to your download rates. Max as mentioned above should come from a speedtest.

frank333 · January 6, 2018, 2:20pm

Throw in the towel. too complicated.

frank

sebastia · January 6, 2018, 7:34pm

In solutions such as “gargoyle-router” a lot of plumbing is done already for you. With Mikrotik, you get much more control and possibilities but it also means doing it yourself and having some knowledge.

Script is here, if you want to give it a try in future.

frank333 · January 6, 2018, 10:03pm

sebastia, thanks,
I tried it but I have too many problems I list you,

I don’t know how to write the rules correctly in mangle firewall, I added them to the bottom of those that have 2 classes 20 and 30 but what chain I use, and the other parameters how should they be configured?

In queue tree I added to the bottom as per your schema, but the parameters as Priority as they are to be compiled.?

I have a minRt of 28M and a maxRt of 31M and the script marks an error.

I experimented but reading the log info, and at each step the limit rate moves down to reach the minRt and stops them.
is very difficult.
frank

frank333 · January 8, 2018, 11:54am

question for mikrotik administrators, you could insert this script in the next edition of ros, simplifying the procedure even noobs could use it, what do you think?

sebastia · January 8, 2018, 10:43pm

“In queue tree I added to the bottom as per your schema, but the parameters as Priority as they are to be compiled.?”
→ don’t replicate my schema, you would need my mangling too… Maybe best go for the easy solution below.

“I have a minRt of 28M and a maxRt of 31M and the script marks an error.”
→ what error do you get?

“…limit rate moves down to reach the minRt…”
→ if you try pinging the ping server from firewall what timeings do you get? Maybe you get RTT of >=50ms.
→ what is the output of “:ping count=3 interface=ether1_WAN 8.8.8.8”

You have two options:

the easy way
the consistent/smart priority way

The easy way:

no need for packet marking
using SFQ or PCQ to distribute download bandwidth over running connections
use etherX as your intfQ interface

/queue tree
add max-limit=30M name=Download parent=etherX packet-mark=no-mark queue=hotspot-default

The consistent way
To mark packets based on your existing connection classificaiton, add that in your “postroute” chain of mangle table.

/ip firewall mangle
add action=mark-packet chain=postrouting comment="PMark: ???" connection-mark=??? new-packet-mark=??? passthrough=no

with ??? being your existing connection marks (created/defined on upload mangle)

With these same mangle marks, you can create same queues on “download interface.”

frank333 · January 9, 2018, 1:39am

“I have a minRt of 28M and a maxRt of 31M and the script marks an error.”
→ what error do you get?

“…limit rate moves down to reach the minRt…”
→ if you try pinging the ping server from firewall what timeings do you get? Maybe you get RTT of >=50ms.
→ what is the output of “:ping count=3 interface=ether1_WAN 8.8.8.8”
$ ping 8.8.8.8
PING 8.8.8.8 (8.8.8. 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=61 time=13.3 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=61 time=14.4 ms
64 bytes from 8.8.8.8: icmp_seq=3 ttl=61 time=12.8 ms
64 bytes from 8.8.8.8: icmp_seq=4 ttl=61 time=15.8 ms
64 bytes from 8.8.8.8: icmp_seq=5 ttl=61 time=13.4 ms
64 bytes from 8.8.8.8: icmp_seq=6 ttl=61 time=16.5 ms
64 bytes from 8.8.8.8: icmp_seq=7 ttl=61 time=13.6 ms
64 bytes from 8.8.8.8: icmp_seq=8 ttl=61 time=14.0 ms
^C
— 8.8.8.8 ping statistics —
8 packets transmitted, 8 received, 0% packet loss, time 7010ms
rtt min/avg/max/mdev = 12.862/14.274/16.530/1.217 ms

my conf

# jan/09/2018 01:58:09 by RouterOS 6.41
# software id = 
#
# model = RouterBOARD 3011UiAS
# serial number = 780E073
/interface bridge
add admin-mac=xxxxx auto-mac=no comment=defconf name=bridge
/interface ethernet
set [ find default-name=ether1 ] bandwidth=30720k/3072k mac-address=\
    xxxxxxxxx name=ether1-WAN
set [ find default-name=ether2 ] name=ether2-LOCOM2
set [ find default-name=ether3 ] name=ether3-TV
set [ find default-name=ether4 ] name=ether4-SERVER
set [ find default-name=ether5 ] disabled=yes
set [ find default-name=ether6 ] disabled=yes
set [ find default-name=ether7 ] disabled=yes
set [ find default-name=ether8 ] disabled=yes
set [ find default-name=ether9 ] name=ether9-ROCKET
set [ find default-name=ether10 ] name=ether10-M900
set [ find default-name=sfp1 ] disabled=yes
/interface pppoe-client
add add-default-route=yes disabled=no interface=ether1-WAN name=pppoe-out1 \
    password=xxxxx use-peer-dns=yes user=xxxxx
/interface vlan
add interface=bridge name=vlan10 vlan-id=10
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
add exclude=dynamic name=discover
add name=mactel
add name=mac-winbox
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip dhcp-server option
add code=6 name=dnsantipub1 value="'xxx''xxxxx'"
add code=252 name=autoproxy value="'http://10.0.0.202/wpad.dat'"
/ip dhcp-server option sets
add name=wpad_dnsstop options=autoproxy,dnsantipub1
/ip firewall layer7-protocol
add comment="Siti bloccati" name=sitibloccati regexp="^.+(twitter.com|facebook\
    .com|skype.com|whatsapp.com|messenger.com|hangouts.google.com).*\$"
/ip pool
add name=dhcp ranges=10.0.0.100-10.0.0.254
add name=pool_vlan10 ranges=172.16.10.100-172.16.10.254
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge lease-time=12h10m name=\
    defconf
    
    
/queue tree
add max-limit=2900k name=DSCP_ether1-WAN parent=ether1-WAN priority=1
add name="1. Network Control (ether1-WAN)" parent=DSCP_ether1-WAN priority=1 \
    queue=ethernet-default
add comment=dscp_63 name="Network Control (ether1-WAN) (Pri: 1)" packet-mark=\
    dscp_63 parent="1. Network Control (ether1-WAN)" priority=1 queue=\
    ethernet-default
add comment=dscp_62 name="Network Control (ether1-WAN) (Pri: 2)" packet-mark=\
    dscp_62 parent="1. Network Control (ether1-WAN)" priority=2 queue=\
    ethernet-default
add comment=dscp_61 name="Network Control (ether1-WAN) (Pri: 3)" packet-mark=\
    dscp_61 parent="1. Network Control (ether1-WAN)" priority=3 queue=\
    ethernet-default
add comment=dscp_60 name="Network Control (ether1-WAN) (Pri: 4)" packet-mark=\
    dscp_60 parent="1. Network Control (ether1-WAN)" priority=4 queue=\
    ethernet-default
add comment=dscp_59 name="Network Control (ether1-WAN) (Pri: 5)" packet-mark=\
    dscp_59 parent="1. Network Control (ether1-WAN)" priority=5 queue=\
    ethernet-default
add comment=dscp_58 name="Network Control (ether1-WAN) (Pri: 6)" packet-mark=\
    dscp_58 parent="1. Network Control (ether1-WAN)" priority=6 queue=\
    ethernet-default
add comment=dscp_57 name="Network Control (ether1-WAN) (Pri: 7)" packet-mark=\
    dscp_57 parent="1. Network Control (ether1-WAN)" priority=7 queue=\
    ethernet-default
add comment=dscp_56 name="Network Control (ether1-WAN) (Pri: 8)" packet-mark=\
    dscp_56 parent="1. Network Control (ether1-WAN)" queue=ethernet-default
add name="2. Internetwork Control (ether1-WAN)" parent=DSCP_ether1-WAN \
    priority=2 queue=ethernet-default
add comment=dscp_55 name="Internetwork Control (ether1-WAN) (Pri: 1)" \
    packet-mark=dscp_55 parent="2. Internetwork Control (ether1-WAN)" \
    priority=1 queue=ethernet-default
add comment=dscp_54 name="Internetwork Control (ether1-WAN) (Pri: 2)" \
    packet-mark=dscp_54 parent="2. Internetwork Control (ether1-WAN)" \
    priority=2 queue=ethernet-default
add comment=dscp_53 name="Internetwork Control (ether1-WAN) (Pri: 3)" \
    packet-mark=dscp_53 parent="2. Internetwork Control (ether1-WAN)" \
    priority=3 queue=ethernet-default
add comment=dscp_52 name="Internetwork Control (ether1-WAN) (Pri: 4)" \
    packet-mark=dscp_52 parent="2. Internetwork Control (ether1-WAN)" \
    priority=4 queue=ethernet-default
add comment=dscp_51 name="Internetwork Control (ether1-WAN) (Pri: 5)" \
    packet-mark=dscp_51 parent="2. Internetwork Control (ether1-WAN)" \
    priority=5 queue=ethernet-default
add comment=dscp_50 name="Internetwork Control (ether1-WAN) (Pri: 6)" \
    packet-mark=dscp_50 parent="2. Internetwork Control (ether1-WAN)" \
    priority=6 queue=ethernet-default
add comment=dscp_49 name="Internetwork Control (ether1-WAN) (Pri: 7)" \
    packet-mark=dscp_49 parent="2. Internetwork Control (ether1-WAN)" \
    priority=7 queue=ethernet-default
add comment=dscp_48 name="Internetwork Control (ether1-WAN) (Pri: 8)" \
    packet-mark=dscp_48 parent="2. Internetwork Control (ether1-WAN)" queue=\
    ethernet-default
add name="3. Critical (ether1-WAN)" parent=DSCP_ether1-WAN priority=3 queue=\
    ethernet-default
add comment=dscp_47 name="Critical (ether1-WAN) (Pri: 1)" packet-mark=dscp_47 \
    parent="3. Critical (ether1-WAN)" priority=1 queue=ethernet-default
add comment=dscp_46 name="Critical (ether1-WAN) (Pri: 2)" packet-mark=dscp_46 \
    parent="3. Critical (ether1-WAN)" priority=2 queue=ethernet-default
add comment=dscp_45 name="Critical (ether1-WAN) (Pri: 3)" packet-mark=dscp_45 \
    parent="3. Critical (ether1-WAN)" priority=3 queue=ethernet-default
add comment=dscp_44 name="Critical (ether1-WAN) (Pri: 4)" packet-mark=dscp_44 \
    parent="3. Critical (ether1-WAN)" priority=4 queue=ethernet-default
add comment=dscp_43 name="Critical (ether1-WAN) (Pri: 5)" packet-mark=dscp_43 \
    parent="3. Critical (ether1-WAN)" priority=5 queue=ethernet-default
add comment=dscp_42 name="Critical (ether1-WAN) (Pri: 6)" packet-mark=dscp_42 \
    parent="3. Critical (ether1-WAN)" priority=6 queue=ethernet-default
add comment=dscp_41 name="Critical (ether1-WAN) (Pri: 7)" packet-mark=dscp_41 \
    parent="3. Critical (ether1-WAN)" priority=7 queue=ethernet-default
add comment=dscp_40 name="Critical (ether1-WAN) (Pri: 8)" packet-mark=dscp_40 \
    parent="3. Critical (ether1-WAN)" queue=ethernet-default
add name="4. Flash Override (ether1-WAN)" parent=DSCP_ether1-WAN priority=4 \
    queue=ethernet-default
add comment=dscp_39 name="Flash Override (ether1-WAN) (Pri: 1)" packet-mark=\
    dscp_39 parent="4. Flash Override (ether1-WAN)" priority=1 queue=\
    ethernet-default
add comment=dscp_38 name="Flash Override (ether1-WAN) (Pri: 2)" packet-mark=\
    dscp_38 parent="4. Flash Override (ether1-WAN)" priority=2 queue=\
    ethernet-default
add comment=dscp_37 name="Flash Override (ether1-WAN) (Pri: 3)" packet-mark=\
    dscp_37 parent="4. Flash Override (ether1-WAN)" priority=3 queue=\
    ethernet-default
add comment=dscp_36 name="Flash Override (ether1-WAN) (Pri: 4)" packet-mark=\
    dscp_36 parent="4. Flash Override (ether1-WAN)" priority=4 queue=\
    ethernet-default
add comment=dscp_35 name="Flash Override (ether1-WAN) (Pri: 5)" packet-mark=\
    dscp_35 parent="4. Flash Override (ether1-WAN)" priority=5 queue=\
    ethernet-default
add comment=dscp_34 name="Flash Override (ether1-WAN) (Pri: 6)" packet-mark=\
    dscp_34 parent="4. Flash Override (ether1-WAN)" priority=6 queue=\
    ethernet-default
add comment=dscp_33 name="Flash Override (ether1-WAN) (Pri: 7)" packet-mark=\
    dscp_33 parent="4. Flash Override (ether1-WAN)" priority=7 queue=\
    ethernet-default
add comment=dscp_32 name="Flash Override (ether1-WAN) (Pri: 8)" packet-mark=\
    dscp_32 parent="4. Flash Override (ether1-WAN)" queue=ethernet-default
add name="5. Flash (ether1-WAN)" parent=DSCP_ether1-WAN priority=5 queue=\
    ethernet-default
add comment=dscp_31 name="Flash (ether1-WAN) (Pri: 1)" packet-mark=dscp_31 \
    parent="5. Flash (ether1-WAN)" priority=1 queue=ethernet-default
add comment=dscp_30 name="Flash (ether1-WAN) (Pri: 2)" packet-mark=dscp_30 \
    parent="5. Flash (ether1-WAN)" priority=2 queue=ethernet-default
add comment=dscp_29 name="Flash (ether1-WAN) (Pri: 3)" packet-mark=dscp_29 \
    parent="5. Flash (ether1-WAN)" priority=3 queue=ethernet-default
add comment=dscp_28 name="Flash (ether1-WAN) (Pri: 4)" packet-mark=dscp_28 \
    parent="5. Flash (ether1-WAN)" priority=4 queue=ethernet-default
add comment=dscp_27 name="Flash (ether1-WAN) (Pri: 5)" packet-mark=dscp_27 \
    parent="5. Flash (ether1-WAN)" priority=5 queue=ethernet-default
add comment=dscp_26 name="Flash (ether1-WAN) (Pri: 6)" packet-mark=dscp_26 \
    parent="5. Flash (ether1-WAN)" priority=6 queue=ethernet-default
add comment=dscp_25 name="Flash (ether1-WAN) (Pri: 7)" packet-mark=dscp_25 \
    parent="5. Flash (ether1-WAN)" priority=7 queue=ethernet-default
add comment=dscp_24 name="Flash (ether1-WAN) (Pri: 8)" packet-mark=dscp_24 \
    parent="5. Flash (ether1-WAN)" queue=ethernet-default
add name="6. Immedate (ether1-WAN)" parent=DSCP_ether1-WAN priority=6 queue=\
    ethernet-default
add comment=dscp_23 name="Immedate (ether1-WAN) (Pri: 1)" packet-mark=dscp_23 \
    parent="6. Immedate (ether1-WAN)" priority=1 queue=ethernet-default
add comment=dscp_22 name="Immedate (ether1-WAN) (Pri: 2)" packet-mark=dscp_22 \
    parent="6. Immedate (ether1-WAN)" priority=2 queue=ethernet-default
add comment=dscp_21 name="Immedate (ether1-WAN) (Pri: 3)" packet-mark=dscp_21 \
    parent="6. Immedate (ether1-WAN)" priority=3 queue=ethernet-default
add comment=dscp_20 name="Immedate (ether1-WAN) (Pri: 4)" packet-mark=dscp_20 \
    parent="6. Immedate (ether1-WAN)" priority=4 queue=ethernet-default
add comment=dscp_19 name="Immedate (ether1-WAN) (Pri: 5)" packet-mark=dscp_19 \
    parent="6. Immedate (ether1-WAN)" priority=5 queue=ethernet-default
add comment=dscp_18 name="Immedate (ether1-WAN) (Pri: 6)" packet-mark=dscp_18 \
    parent="6. Immedate (ether1-WAN)" priority=6 queue=ethernet-default
add comment=dscp_17 name="Immedate (ether1-WAN) (Pri: 7)" packet-mark=dscp_17 \
    parent="6. Immedate (ether1-WAN)" priority=7 queue=ethernet-default
add comment=dscp_16 name="Immedate (ether1-WAN) (Pri: 8)" packet-mark=dscp_16 \
    parent="6. Immedate (ether1-WAN)" queue=ethernet-default
add name="7. Priority (ether1-WAN)" parent=DSCP_ether1-WAN priority=7 queue=\
    ethernet-default
add comment=dscp_15 name="Priority (ether1-WAN) (Pri: 1)" packet-mark=dscp_15 \
    parent="7. Priority (ether1-WAN)" priority=1 queue=ethernet-default
add comment=dscp_14 name="Priority (ether1-WAN) (Pri: 2)" packet-mark=dscp_14 \
    parent="7. Priority (ether1-WAN)" priority=2 queue=ethernet-default
add comment=dscp_13 name="Priority (ether1-WAN) (Pri: 3)" packet-mark=dscp_13 \
    parent="7. Priority (ether1-WAN)" priority=3 queue=ethernet-default
add comment=dscp_12 name="Priority (ether1-WAN) (Pri: 4)" packet-mark=dscp_12 \
    parent="7. Priority (ether1-WAN)" priority=4 queue=ethernet-default
add comment=dscp_11 name="Priority (ether1-WAN) (Pri: 5)" packet-mark=dscp_11 \
    parent="7. Priority (ether1-WAN)" priority=5 queue=ethernet-default
add comment=dscp_10 name="Priority (ether1-WAN) (Pri: 6)" packet-mark=dscp_10 \
    parent="7. Priority (ether1-WAN)" priority=6 queue=ethernet-default
add comment=dscp_9 name="Priority (ether1-WAN) (Pri: 7)" packet-mark=dscp_9 \
    parent="7. Priority (ether1-WAN)" priority=7 queue=ethernet-default
add comment=dscp_8 name="Priority (ether1-WAN) (Pri: 8)" packet-mark=dscp_8 \
    parent="7. Priority (ether1-WAN)" queue=ethernet-default
add name="8. Routine (ether1-WAN)" parent=DSCP_ether1-WAN queue=\
    ethernet-default
add comment=dscp_7 name="Routine (ether1-WAN) (Pri: 1)" packet-mark=dscp_7 \
    parent="8. Routine (ether1-WAN)" priority=1 queue=ethernet-default
add comment=dscp_6 name="Routine (ether1-WAN) (Pri: 2)" packet-mark=dscp_6 \
    parent="8. Routine (ether1-WAN)" priority=2 queue=ethernet-default
add comment=dscp_5 name="Routine (ether1-WAN) (Pri: 3)" packet-mark=dscp_5 \
    parent="8. Routine (ether1-WAN)" priority=3 queue=ethernet-default
add comment=dscp_4 name="Routine (ether1-WAN) (Pri: 4)" packet-mark=dscp_4 \
    parent="8. Routine (ether1-WAN)" priority=4 queue=ethernet-default
add comment=dscp_3 name="Routine (ether1-WAN) (Pri: 5)" packet-mark=dscp_3 \
    parent="8. Routine (ether1-WAN)" priority=5 queue=ethernet-default
add comment=dscp_2 name="Routine (ether1-WAN) (Pri: 6)" packet-mark=dscp_2 \
    parent="8. Routine (ether1-WAN)" priority=6 queue=ethernet-default
add comment=dscp_1 name="Routine (ether1-WAN) (Pri: 7)" packet-mark=dscp_1 \
    parent="8. Routine (ether1-WAN)" priority=7 queue=ethernet-default
add comment=dscp_0 name="Routine (ether1-WAN) (Pri: 8)" packet-mark=dscp_0 \
    parent="8. Routine (ether1-WAN)" queue=ethernet-default
add max-limit=30M name=Download packet-mark=no-mark parent=bridge queue=\
    hotspot-default
/system logging action
set 0 memory-lines=100

/interface bridge port
add bridge=bridge comment=defconf interface=ether2-LOCOM2
add bridge=bridge comment=defconf interface=ether6
add bridge=bridge comment=defconf hw=no interface=sfp1
add bridge=bridge interface=ether3-TV
add bridge=bridge interface=ether4-SERVER
add bridge=bridge interface=ether5
add bridge=bridge interface=ether7
add bridge=bridge interface=ether8
add bridge=bridge interface=ether9-ROCKET
add bridge=bridge interface=ether10-M900
/ip neighbor discovery-settings
set discover-interface-list=discover
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1-WAN list=WAN
add interface=ether2-LOCOM2 list=discover
add interface=ether3-TV list=discover
add interface=ether4-SERVER list=discover
add interface=ether5 list=discover
add interface=sfp1 list=discover
add interface=ether6 list=discover
add interface=ether7 list=discover
add interface=ether8 list=discover
add interface=ether9-ROCKET list=discover
add interface=ether10-M900 list=discover
add interface=bridge list=discover
add interface=pppoe-out1 list=discover
add interface=vlan10 list=discover
add interface=bridge list=mactel
add interface=bridge list=mac-winbox
/ip address
add address=10.0.0.1/24 comment=defconf interface=ether2-LOCOM2 network=\
    10.0.0.0
add address=172.16.10.1/24 comment=vlan10 interface=vlan10 network=\
    172.16.10.0
/ip dhcp-client
add dhcp-options=hostname,clientid interface=ether1-WAN

/ip dhcp-server network
add address=10.0.0.0/24 comment=defconf gateway=10.0.0.1 netmask=24
/ip dns
set allow-remote-requests=yes
/ip firewall filter
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
    ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
    ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
    connection-state=established,related
add action=accept chain=forward comment=\
    "defconf: accept established,related, untracked" connection-state=\
    established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
    connection-state=invalid
add action=drop chain=forward comment=\
    "defconf:  drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
    connection-state=new in-interface-list=WAN
add action=accept chain=input protocol=icmp
add action=accept chain=input connection-state=established
add action=accept chain=input connection-state=related
add action=drop chain=input in-interface=pppoe-out1
add action=reject chain=forward comment="siti bloccati" disabled=yes \
    layer7-protocol=sitibloccati reject-with=icmp-network-unreachable

/ip firewall mangle
add action=mark-packet chain=postrouting comment=dscp_63 dscp=63 \
    new-packet-mark=dscp_63 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_62 dscp=62 \
    new-packet-mark=dscp_62 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_61 dscp=61 \
    new-packet-mark=dscp_61 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_60 dscp=60 \
    new-packet-mark=dscp_60 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_59 dscp=59 \
    new-packet-mark=dscp_59 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_58 dscp=58 \
    new-packet-mark=dscp_58 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_57 dscp=57 \
    new-packet-mark=dscp_57 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_56 dscp=56 \
    new-packet-mark=dscp_56 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_55 dscp=55 \
    new-packet-mark=dscp_55 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_54 dscp=54 \
    new-packet-mark=dscp_54 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_53 dscp=53 \
    new-packet-mark=dscp_53 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_52 dscp=52 \
    new-packet-mark=dscp_52 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_51 dscp=51 \
    new-packet-mark=dscp_51 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_50 dscp=50 \
    new-packet-mark=dscp_50 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_49 dscp=49 \
    new-packet-mark=dscp_49 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_48 dscp=48 \
    new-packet-mark=dscp_48 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_47 dscp=47 \
    new-packet-mark=dscp_47 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_46 dscp=46 \
    new-packet-mark=dscp_46 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_45 dscp=45 \
    new-packet-mark=dscp_45 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_44 dscp=44 \
    new-packet-mark=dscp_44 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_43 dscp=43 \
    new-packet-mark=dscp_43 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_42 dscp=42 \
    new-packet-mark=dscp_42 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_41 dscp=41 \
    new-packet-mark=dscp_41 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_40 dscp=40 \
    new-packet-mark=dscp_40 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_39 dscp=39 \
    new-packet-mark=dscp_39 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_38 dscp=38 \
    new-packet-mark=dscp_38 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_37 dscp=37 \
    new-packet-mark=dscp_37 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_36 dscp=36 \
    new-packet-mark=dscp_36 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_35 dscp=35 \
    new-packet-mark=dscp_35 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_34 dscp=34 \
    new-packet-mark=dscp_34 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_33 dscp=33 \
    new-packet-mark=dscp_33 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_32 dscp=32 \
    new-packet-mark=dscp_32 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_31 dscp=31 \
    new-packet-mark=dscp_31 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_30 dscp=30 \
    new-packet-mark=dscp_30 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_29 dscp=29 \
    new-packet-mark=dscp_29 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_28 dscp=28 \
    new-packet-mark=dscp_28 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_27 dscp=27 \
    new-packet-mark=dscp_27 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_26 dscp=26 \
    new-packet-mark=dscp_26 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_25 dscp=25 \
    new-packet-mark=dscp_25 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_24 dscp=24 \
    new-packet-mark=dscp_24 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_23 dscp=23 \
    new-packet-mark=dscp_23 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_22 dscp=22 \
    new-packet-mark=dscp_22 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_21 dscp=21 \
    new-packet-mark=dscp_21 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_20 dscp=20 \
    new-packet-mark=dscp_20 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_19 dscp=19 \
    new-packet-mark=dscp_19 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_18 dscp=18 \
    new-packet-mark=dscp_18 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_17 dscp=17 \
    new-packet-mark=dscp_17 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_16 dscp=16 \
    new-packet-mark=dscp_16 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_15 dscp=15 \
    new-packet-mark=dscp_15 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_14 dscp=14 \
    new-packet-mark=dscp_14 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_13 dscp=13 \
    new-packet-mark=dscp_13 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_12 dscp=12 \
    new-packet-mark=dscp_12 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_11 dscp=11 \
    new-packet-mark=dscp_11 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_10 dscp=10 \
    new-packet-mark=dscp_10 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_9 dscp=9 \
    new-packet-mark=dscp_9 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_8 dscp=8 \
    new-packet-mark=dscp_8 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_7 dscp=7 \
    new-packet-mark=dscp_7 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_6 dscp=6 \
    new-packet-mark=dscp_6 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_5 dscp=5 \
    new-packet-mark=dscp_5 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_4 dscp=4 \
    new-packet-mark=dscp_4 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_3 dscp=3 \
    new-packet-mark=dscp_3 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_2 dscp=2 \
    new-packet-mark=dscp_2 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_1 dscp=1 \
    new-packet-mark=dscp_1 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_0 dscp=0 \
    new-packet-mark=dscp_0 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_63 dscp=63 \
    new-packet-mark=dscp_63 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_62 dscp=62 \
    new-packet-mark=dscp_62 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_61 dscp=61 \
    new-packet-mark=dscp_61 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_60 dscp=60 \
    new-packet-mark=dscp_60 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_59 dscp=59 \
    new-packet-mark=dscp_59 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_58 dscp=58 \
    new-packet-mark=dscp_58 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_57 dscp=57 \
    new-packet-mark=dscp_57 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_56 dscp=56 \
    new-packet-mark=dscp_56 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_55 dscp=55 \
    new-packet-mark=dscp_55 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_54 dscp=54 \
    new-packet-mark=dscp_54 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_53 dscp=53 \
    new-packet-mark=dscp_53 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_52 dscp=52 \
    new-packet-mark=dscp_52 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_51 dscp=51 \
    new-packet-mark=dscp_51 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_50 dscp=50 \
    new-packet-mark=dscp_50 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_49 dscp=49 \
    new-packet-mark=dscp_49 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_48 dscp=48 \
    new-packet-mark=dscp_48 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_47 dscp=47 \
    new-packet-mark=dscp_47 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_46 dscp=46 \
    new-packet-mark=dscp_46 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_45 dscp=45 \
    new-packet-mark=dscp_45 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_44 dscp=44 \
    new-packet-mark=dscp_44 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_43 dscp=43 \
    new-packet-mark=dscp_43 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_42 dscp=42 \
    new-packet-mark=dscp_42 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_41 dscp=41 \
    new-packet-mark=dscp_41 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_40 dscp=40 \
    new-packet-mark=dscp_40 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_39 dscp=39 \
    new-packet-mark=dscp_39 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_38 dscp=38 \
    new-packet-mark=dscp_38 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_37 dscp=37 \
    new-packet-mark=dscp_37 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_36 dscp=36 \
    new-packet-mark=dscp_36 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_35 dscp=35 \
    new-packet-mark=dscp_35 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_34 dscp=34 \
    new-packet-mark=dscp_34 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_33 dscp=33 \
    new-packet-mark=dscp_33 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_32 dscp=32 \
    new-packet-mark=dscp_32 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_31 dscp=31 \
    new-packet-mark=dscp_31 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_30 dscp=30 \
    new-packet-mark=dscp_30 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_29 dscp=29 \
    new-packet-mark=dscp_29 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_28 dscp=28 \
    new-packet-mark=dscp_28 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_27 dscp=27 \
    new-packet-mark=dscp_27 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_26 dscp=26 \
    new-packet-mark=dscp_26 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_25 dscp=25 \
    new-packet-mark=dscp_25 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_24 dscp=24 \
    new-packet-mark=dscp_24 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_23 dscp=23 \
    new-packet-mark=dscp_23 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_22 dscp=22 \
    new-packet-mark=dscp_22 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_21 dscp=21 \
    new-packet-mark=dscp_21 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_20 dscp=20 \
    new-packet-mark=dscp_20 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_19 dscp=19 \
    new-packet-mark=dscp_19 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_18 dscp=18 \
    new-packet-mark=dscp_18 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_17 dscp=17 \
    new-packet-mark=dscp_17 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_16 dscp=16 \
    new-packet-mark=dscp_16 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_15 dscp=15 \
    new-packet-mark=dscp_15 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_14 dscp=14 \
    new-packet-mark=dscp_14 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_13 dscp=13 \
    new-packet-mark=dscp_13 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_12 dscp=12 \
    new-packet-mark=dscp_12 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_11 dscp=11 \
    new-packet-mark=dscp_11 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_10 dscp=10 \
    new-packet-mark=dscp_10 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_9 dscp=9 \
    new-packet-mark=dscp_9 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_8 dscp=8 \
    new-packet-mark=dscp_8 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_7 dscp=7 \
    new-packet-mark=dscp_7 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_6 dscp=6 \
    new-packet-mark=dscp_6 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_5 dscp=5 \
    new-packet-mark=dscp_5 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_4 dscp=4 \
    new-packet-mark=dscp_4 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_3 dscp=3 \
    new-packet-mark=dscp_3 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_2 dscp=2 \
    new-packet-mark=dscp_2 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_1 dscp=1 \
    new-packet-mark=dscp_1 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_0 dscp=0 \
    new-packet-mark=dscp_0 passthrough=no
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" \
    ipsec-policy=out,none out-interface-list=WAN
add action=masquerade chain=srcnat out-interface=pppoe-out1
add action=redirect chain=dstnat comment=redirectwebproxy disabled=yes \
    dst-port=80 protocol=tcp src-address=10.0.0.0/24 to-ports=8080
/ip proxy
set anonymous=yes parent-proxy=0.0.0.0 src-address=10.0.0.1

sebastia · January 10, 2018, 1:34am

your (maxRt - minRt)/10 is <1 and gets translated to 0
10 being the current fixed number of steps in script
→ suggest you adjust your limits to 20 -30 OR 24-30 and change

:local rateStep (($maxRt-$minRt)/10)
to
:local rateStep (($maxRt-$minRt)/5)

But basically if you limit the range from 28 to 31 only, and you say you have spotty connection, there won’t be much (if anything) that could be done.

Also not sure how you can have “rate increment = 0” and rating moving down to 28. If rate step is 0, then rate shouldn’t change: script would exit with the error you saw or would increase / decrease rate by 0 => no change.

On another note: the router configuration is inconsistent…

you have pppoe → that’s your external interface
you have bridge → that’s your internal interface (and vlan10 actually too)

your outbound tree is attached to ether1-WAN, but that is not the external interface → should be pppoe-out1

seems like your mangling rules are duplicated (but only run once thanks to passthrouth=no)

for the QoS to function you need to “sacrifice” some bandwidth, anywhere from 5 to 20%

frank333 · January 10, 2018, 7:47pm

As for downloading is concerned, your script works very well !! as you can see from the video the latency is always low.
https://www.videosprout.com/mediaFile.jsp?id=5c8d16a2-4217-4ef9-a656-404cebae619b&cache=false&type=webm

As for uploads, however, the latency is always very high as you can solve it?
https://www.videosprout.com/mediaFile.jsp?id=fab59e0c-3573-4c49-8247-fac39afb3feb&cache=false&type=webm

Can you take a look at my configuration now that I have changed it?
Outgoing queue queue (DSCP_pppoe-out1) has a queue-type=default-small and subordinates have queue-type=ethernet-default.
Is ping prioritized? How do I set it?

Do I have to create incoming queues (Downloads) by copying all outgoing queue and copying 64 additional rules to the firewall mangle?

# jan/10/2018 17:23:02 by RouterOS 6.41
# software id = 
#
# model = RouterBOARD 3011UiAS
# serial number = 
/interface bridge
add admin-mac=xxxxxxxx auto-mac=no comment=defconf name=bridge
/interface ethernet
set [ find default-name=ether1 ] bandwidth=30720k/3072k mac-address=\
    xxxxxxx name=ether1-WAN
set [ find default-name=ether2 ] name=ether2-LOCOM2
set [ find default-name=ether3 ] name=ether3-TV
set [ find default-name=ether4 ] name=ether4-SERVER
set [ find default-name=ether5 ] disabled=yes
set [ find default-name=ether6 ] disabled=yes
set [ find default-name=ether7 ] disabled=yes
set [ find default-name=ether8 ] disabled=yes
set [ find default-name=ether9 ] name=ether9-ROCKET
set [ find default-name=ether10 ] name=ether10-M900
set [ find default-name=sfp1 ] disabled=yes
/interface pppoe-client
add add-default-route=yes disabled=no interface=ether1-WAN name=pppoe-out1 \
    password= use-peer-dns=yes user=
/interface vlan
add interface=bridge name=vlan10 vlan-id=10
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
add exclude=dynamic name=discover
add name=mactel
add name=mac-winbox
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip dhcp-server option
add code=6 name=dnsantipub1 value="xxxx
add code=252 name=autoproxy value="'http://10.0.0.202/wpad.dat'"
/ip dhcp-server option sets
add name=wpad_dnsstop options=autoproxy,dnsantipub1
/ip firewall layer7-protocol
add comment="Siti bloccati" name=sitibloccati regexp="^.+(twitter.com|facebook\
    .com|skype.com|whatsapp.com|messenger.com|hangouts.google.com).*\$"
/ip pool
add name=dhcp ranges=10.0.0.100-10.0.0.254
add name=pool_vlan10 ranges=172.16.10.100-172.16.10.254
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge lease-time=12h10m name=\
    defconf
    
    
    
/queue tree
add max-limit=3M name=DSCP_pppoe-out1 parent=pppoe-out1 priority=1
add name="1. Network Control (pppoe-out1)" parent=DSCP_pppoe-out1 priority=1 \
    queue=ethernet-default
add comment=dscp_63 name="Network Control (pppoe-out1) (Pri: 1)" packet-mark=\
    dscp_63 parent="1. Network Control (pppoe-out1)" priority=1 queue=\
    ethernet-default
add comment=dscp_62 name="Network Control (pppoe-out1) (Pri: 2)" packet-mark=\
    dscp_62 parent="1. Network Control (pppoe-out1)" priority=2 queue=\
    ethernet-default
add comment=dscp_61 name="Network Control (pppoe-out1) (Pri: 3)" packet-mark=\
    dscp_61 parent="1. Network Control (pppoe-out1)" priority=3 queue=\
    ethernet-default
add comment=dscp_60 name="Network Control (pppoe-out1) (Pri: 4)" packet-mark=\
    dscp_60 parent="1. Network Control (pppoe-out1)" priority=4 queue=\
    ethernet-default
add comment=dscp_59 name="Network Control (pppoe-out1) (Pri: 5)" packet-mark=\
    dscp_59 parent="1. Network Control (pppoe-out1)" priority=5 queue=\
    ethernet-default
add comment=dscp_58 name="Network Control (pppoe-out1) (Pri: 6)" packet-mark=\
    dscp_58 parent="1. Network Control (pppoe-out1)" priority=6 queue=\
    ethernet-default
add comment=dscp_57 name="Network Control (pppoe-out1) (Pri: 7)" packet-mark=\
    dscp_57 parent="1. Network Control (pppoe-out1)" priority=7 queue=\
    ethernet-default
add comment=dscp_56 name="Network Control (pppoe-out1) (Pri: 8)" packet-mark=\
    dscp_56 parent="1. Network Control (pppoe-out1)" queue=ethernet-default
add name="2. Internetwork Control (pppoe-out1)" parent=DSCP_pppoe-out1 \
    priority=2 queue=ethernet-default
add comment=dscp_55 name="Internetwork Control (pppoe-out1) (Pri: 1)" \
    packet-mark=dscp_55 parent="2. Internetwork Control (pppoe-out1)" \
    priority=1 queue=ethernet-default
add comment=dscp_54 name="Internetwork Control (pppoe-out1) (Pri: 2)" \
    packet-mark=dscp_54 parent="2. Internetwork Control (pppoe-out1)" \
    priority=2 queue=ethernet-default
add comment=dscp_53 name="Internetwork Control (pppoe-out1) (Pri: 3)" \
    packet-mark=dscp_53 parent="2. Internetwork Control (pppoe-out1)" \
    priority=3 queue=ethernet-default
add comment=dscp_52 name="Internetwork Control (pppoe-out1) (Pri: 4)" \
    packet-mark=dscp_52 parent="2. Internetwork Control (pppoe-out1)" \
    priority=4 queue=ethernet-default
add comment=dscp_51 name="Internetwork Control (pppoe-out1) (Pri: 5)" \
    packet-mark=dscp_51 parent="2. Internetwork Control (pppoe-out1)" \
    priority=5 queue=ethernet-default
add comment=dscp_50 name="Internetwork Control (pppoe-out1) (Pri: 6)" \
    packet-mark=dscp_50 parent="2. Internetwork Control (pppoe-out1)" \
    priority=6 queue=ethernet-default
add comment=dscp_49 name="Internetwork Control (pppoe-out1) (Pri: 7)" \
    packet-mark=dscp_49 parent="2. Internetwork Control (pppoe-out1)" \
    priority=7 queue=ethernet-default
add comment=dscp_48 name="Internetwork Control (pppoe-out1) (Pri: 8)" \
    packet-mark=dscp_48 parent="2. Internetwork Control (pppoe-out1)" queue=\
    ethernet-default
add name="3. Critical (pppoe-out1)" parent=DSCP_pppoe-out1 priority=3 queue=\
    ethernet-default
add comment=dscp_47 name="Critical (pppoe-out1) (Pri: 1)" packet-mark=dscp_47 \
    parent="3. Critical (pppoe-out1)" priority=1 queue=ethernet-default
add comment=dscp_46 name="Critical (pppoe-out1) (Pri: 2)" packet-mark=dscp_46 \
    parent="3. Critical (pppoe-out1)" priority=2 queue=ethernet-default
add comment=dscp_45 name="Critical (pppoe-out1) (Pri: 3)" packet-mark=dscp_45 \
    parent="3. Critical (pppoe-out1)" priority=3 queue=ethernet-default
add comment=dscp_44 name="Critical (pppoe-out1) (Pri: 4)" packet-mark=dscp_44 \
    parent="3. Critical (pppoe-out1)" priority=4 queue=ethernet-default
add comment=dscp_43 name="Critical (pppoe-out1) (Pri: 5)" packet-mark=dscp_43 \
    parent="3. Critical (pppoe-out1)" priority=5 queue=ethernet-default
add comment=dscp_42 name="Critical (pppoe-out1) (Pri: 6)" packet-mark=dscp_42 \
    parent="3. Critical (pppoe-out1)" priority=6 queue=ethernet-default
add comment=dscp_41 name="Critical (pppoe-out1) (Pri: 7)" packet-mark=dscp_41 \
    parent="3. Critical (pppoe-out1)" priority=7 queue=ethernet-default
add comment=dscp_40 name="Critical (pppoe-out1) (Pri: 8)" packet-mark=dscp_40 \
    parent="3. Critical (pppoe-out1)" queue=ethernet-default
add name="4. Flash Override (pppoe-out1)" parent=DSCP_pppoe-out1 priority=4 \
    queue=ethernet-default
add comment=dscp_39 name="Flash Override (pppoe-out1) (Pri: 1)" packet-mark=\
    dscp_39 parent="4. Flash Override (pppoe-out1)" priority=1 queue=\
    ethernet-default
add comment=dscp_38 name="Flash Override (pppoe-out1) (Pri: 2)" packet-mark=\
    dscp_38 parent="4. Flash Override (pppoe-out1)" priority=2 queue=\
    ethernet-default
add comment=dscp_37 name="Flash Override (pppoe-out1) (Pri: 3)" packet-mark=\
    dscp_37 parent="4. Flash Override (pppoe-out1)" priority=3 queue=\
    ethernet-default
add comment=dscp_36 name="Flash Override (pppoe-out1) (Pri: 4)" packet-mark=\
    dscp_36 parent="4. Flash Override (pppoe-out1)" priority=4 queue=\
    ethernet-default
add comment=dscp_35 name="Flash Override (pppoe-out1) (Pri: 5)" packet-mark=\
    dscp_35 parent="4. Flash Override (pppoe-out1)" priority=5 queue=\
    ethernet-default
add comment=dscp_34 name="Flash Override (pppoe-out1) (Pri: 6)" packet-mark=\
    dscp_34 parent="4. Flash Override (pppoe-out1)" priority=6 queue=\
    ethernet-default
add comment=dscp_33 name="Flash Override (pppoe-out1) (Pri: 7)" packet-mark=\
    dscp_33 parent="4. Flash Override (pppoe-out1)" priority=7 queue=\
    ethernet-default
add comment=dscp_32 name="Flash Override (pppoe-out1) (Pri: 8)" packet-mark=\
    dscp_32 parent="4. Flash Override (pppoe-out1)" queue=ethernet-default
add name="5. Flash (pppoe-out1)" parent=DSCP_pppoe-out1 priority=5 queue=\
    ethernet-default
add comment=dscp_31 name="Flash (pppoe-out1) (Pri: 1)" packet-mark=dscp_31 \
    parent="5. Flash (pppoe-out1)" priority=1 queue=ethernet-default
add comment=dscp_30 name="Flash (pppoe-out1) (Pri: 2)" packet-mark=dscp_30 \
    parent="5. Flash (pppoe-out1)" priority=2 queue=ethernet-default
add comment=dscp_29 name="Flash (pppoe-out1) (Pri: 3)" packet-mark=dscp_29 \
    parent="5. Flash (pppoe-out1)" priority=3 queue=ethernet-default
add comment=dscp_28 name="Flash (pppoe-out1) (Pri: 4)" packet-mark=dscp_28 \
    parent="5. Flash (pppoe-out1)" priority=4 queue=ethernet-default
add comment=dscp_27 name="Flash (pppoe-out1) (Pri: 5)" packet-mark=dscp_27 \
    parent="5. Flash (pppoe-out1)" priority=5 queue=ethernet-default
add comment=dscp_26 name="Flash (pppoe-out1) (Pri: 6)" packet-mark=dscp_26 \
    parent="5. Flash (pppoe-out1)" priority=6 queue=ethernet-default
add comment=dscp_25 name="Flash (pppoe-out1) (Pri: 7)" packet-mark=dscp_25 \
    parent="5. Flash (pppoe-out1)" priority=7 queue=ethernet-default
add comment=dscp_24 name="Flash (pppoe-out1) (Pri: 8)" packet-mark=dscp_24 \
    parent="5. Flash (pppoe-out1)" queue=ethernet-default
add name="6. Immedate (pppoe-out1)" parent=DSCP_pppoe-out1 priority=6 queue=\
    ethernet-default
add comment=dscp_23 name="Immedate (pppoe-out1) (Pri: 1)" packet-mark=dscp_23 \
    parent="6. Immedate (pppoe-out1)" priority=1 queue=ethernet-default
add comment=dscp_22 name="Immedate (pppoe-out1) (Pri: 2)" packet-mark=dscp_22 \
    parent="6. Immedate (pppoe-out1)" priority=2 queue=ethernet-default
add comment=dscp_21 name="Immedate (pppoe-out1) (Pri: 3)" packet-mark=dscp_21 \
    parent="6. Immedate (pppoe-out1)" priority=3 queue=ethernet-default
add comment=dscp_20 name="Immedate (pppoe-out1) (Pri: 4)" packet-mark=dscp_20 \
    parent="6. Immedate (pppoe-out1)" priority=4 queue=ethernet-default
add comment=dscp_19 name="Immedate (pppoe-out1) (Pri: 5)" packet-mark=dscp_19 \
    parent="6. Immedate (pppoe-out1)" priority=5 queue=ethernet-default
add comment=dscp_18 name="Immedate (pppoe-out1) (Pri: 6)" packet-mark=dscp_18 \
    parent="6. Immedate (pppoe-out1)" priority=6 queue=ethernet-default
add comment=dscp_17 name="Immedate (pppoe-out1) (Pri: 7)" packet-mark=dscp_17 \
    parent="6. Immedate (pppoe-out1)" priority=7 queue=ethernet-default
add comment=dscp_16 name="Immedate (pppoe-out1) (Pri: 8)" packet-mark=dscp_16 \
    parent="6. Immedate (pppoe-out1)" queue=ethernet-default
add name="7. Priority (pppoe-out1)" parent=DSCP_pppoe-out1 priority=7 queue=\
    ethernet-default
add comment=dscp_15 name="Priority (pppoe-out1) (Pri: 1)" packet-mark=dscp_15 \
    parent="7. Priority (pppoe-out1)" priority=1 queue=ethernet-default
add comment=dscp_14 name="Priority (pppoe-out1) (Pri: 2)" packet-mark=dscp_14 \
    parent="7. Priority (pppoe-out1)" priority=2 queue=ethernet-default
add comment=dscp_13 name="Priority (pppoe-out1) (Pri: 3)" packet-mark=dscp_13 \
    parent="7. Priority (pppoe-out1)" priority=3 queue=ethernet-default
add comment=dscp_12 name="Priority (pppoe-out1) (Pri: 4)" packet-mark=dscp_12 \
    parent="7. Priority (pppoe-out1)" priority=4 queue=ethernet-default
add comment=dscp_11 name="Priority (pppoe-out1) (Pri: 5)" packet-mark=dscp_11 \
    parent="7. Priority (pppoe-out1)" priority=5 queue=ethernet-default
add comment=dscp_10 name="Priority (pppoe-out1) (Pri: 6)" packet-mark=dscp_10 \
    parent="7. Priority (pppoe-out1)" priority=6 queue=ethernet-default
add comment=dscp_9 name="Priority (pppoe-out1) (Pri: 7)" packet-mark=dscp_9 \
    parent="7. Priority (pppoe-out1)" priority=7 queue=ethernet-default
add comment=dscp_8 name="Priority (pppoe-out1) (Pri: 8)" packet-mark=dscp_8 \
    parent="7. Priority (pppoe-out1)" queue=ethernet-default
add name="8. Routine (pppoe-out1)" parent=DSCP_pppoe-out1 queue=\
    ethernet-default
add comment=dscp_7 name="Routine (pppoe-out1) (Pri: 1)" packet-mark=dscp_7 \
    parent="8. Routine (pppoe-out1)" priority=1 queue=ethernet-default
add comment=dscp_6 name="Routine (pppoe-out1) (Pri: 2)" packet-mark=dscp_6 \
    parent="8. Routine (pppoe-out1)" priority=2 queue=ethernet-default
add comment=dscp_5 name="Routine (pppoe-out1) (Pri: 3)" packet-mark=dscp_5 \
    parent="8. Routine (pppoe-out1)" priority=3 queue=ethernet-default
add comment=dscp_4 name="Routine (pppoe-out1) (Pri: 4)" packet-mark=dscp_4 \
    parent="8. Routine (pppoe-out1)" priority=4 queue=ethernet-default
add comment=dscp_3 name="Routine (pppoe-out1) (Pri: 5)" packet-mark=dscp_3 \
    parent="8. Routine (pppoe-out1)" priority=5 queue=ethernet-default
add comment=dscp_2 name="Routine (pppoe-out1) (Pri: 6)" packet-mark=dscp_2 \
    parent="8. Routine (pppoe-out1)" priority=6 queue=ethernet-default
add comment=dscp_1 name="Routine (pppoe-out1) (Pri: 7)" packet-mark=dscp_1 \
    parent="8. Routine (pppoe-out1)" priority=7 queue=ethernet-default
add comment=dscp_0 name="Routine (pppoe-out1) (Pri: 8)" packet-mark=dscp_0 \
    parent="8. Routine (pppoe-out1)" queue=ethernet-default
add max-limit=30M name=Download packet-mark=no-mark parent=bridge queue=\
    hotspot-default
/system logging action
set 0 memory-lines=100
set 3 remote=


/interface bridge port
add bridge=bridge comment=defconf interface=ether2-LOCOM2
add bridge=bridge comment=defconf interface=ether6
add bridge=bridge comment=defconf hw=no interface=sfp1
add bridge=bridge interface=ether3-TV
add bridge=bridge interface=ether4-SERVER
add bridge=bridge interface=ether5
add bridge=bridge interface=ether7
add bridge=bridge interface=ether8
add bridge=bridge interface=ether9-ROCKET
add bridge=bridge interface=ether10-M900
/ip neighbor discovery-settings
set discover-interface-list=discover
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1-WAN list=WAN
add interface=ether2-LOCOM2 list=discover
add interface=ether3-TV list=discover
add interface=ether4-SERVER list=discover
add interface=ether5 list=discover
add interface=sfp1 list=discover
add interface=ether6 list=discover
add interface=ether7 list=discover
add interface=ether8 list=discover
add interface=ether9-ROCKET list=discover
add interface=ether10-M900 list=discover
add interface=bridge list=discover
add interface=pppoe-out1 list=discover
add interface=vlan10 list=discover
add interface=bridge list=mactel
add interface=bridge list=mac-winbox
/ip address
add address=10.0.0.1/24 comment=defconf interface=ether2-LOCOM2 network=\
    10.0.0.0
add address=172.16.10.1/24 comment=vlan10 interface=vlan10 network=\
    172.16.10.0
/ip dhcp-client
add dhcp-options=hostname,clientid interface=ether1-WAN
/ip dhcp-server alert

/ip dhcp-server network
add address=10.0.0.0/24 comment=defconf gateway=10.0.0.1 netmask=24
/ip dns
set allow-remote-requests=yes





/ip firewall filter
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
    ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
    ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
    connection-state=established,related
add action=accept chain=forward comment=\
    "defconf: accept established,related, untracked" connection-state=\
    established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
    connection-state=invalid
add action=drop chain=forward comment=\
    "defconf:  drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
    connection-state=new in-interface-list=WAN
add action=accept chain=input protocol=icmp
add action=accept chain=input connection-state=established
add action=accept chain=input connection-state=related
add action=drop chain=input in-interface=pppoe-out1
add action=reject chain=forward comment="siti bloccati" disabled=yes \
    layer7-protocol=sitibloccati reject-with=icmp-network-unreachable




/ip firewall mangle
add action=mark-packet chain=postrouting comment=dscp_63 dscp=63 \
    new-packet-mark=dscp_63 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_62 dscp=62 \
    new-packet-mark=dscp_62 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_61 dscp=61 \
    new-packet-mark=dscp_61 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_60 dscp=60 \
    new-packet-mark=dscp_60 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_59 dscp=59 \
    new-packet-mark=dscp_59 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_58 dscp=58 \
    new-packet-mark=dscp_58 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_57 dscp=57 \
    new-packet-mark=dscp_57 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_56 dscp=56 \
    new-packet-mark=dscp_56 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_55 dscp=55 \
    new-packet-mark=dscp_55 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_54 dscp=54 \
    new-packet-mark=dscp_54 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_53 dscp=53 \
    new-packet-mark=dscp_53 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_52 dscp=52 \
    new-packet-mark=dscp_52 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_51 dscp=51 \
    new-packet-mark=dscp_51 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_50 dscp=50 \
    new-packet-mark=dscp_50 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_49 dscp=49 \
    new-packet-mark=dscp_49 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_48 dscp=48 \
    new-packet-mark=dscp_48 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_47 dscp=47 \
    new-packet-mark=dscp_47 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_46 dscp=46 \
    new-packet-mark=dscp_46 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_45 dscp=45 \
    new-packet-mark=dscp_45 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_44 dscp=44 \
    new-packet-mark=dscp_44 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_43 dscp=43 \
    new-packet-mark=dscp_43 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_42 dscp=42 \
    new-packet-mark=dscp_42 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_41 dscp=41 \
    new-packet-mark=dscp_41 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_40 dscp=40 \
    new-packet-mark=dscp_40 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_39 dscp=39 \
    new-packet-mark=dscp_39 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_38 dscp=38 \
    new-packet-mark=dscp_38 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_37 dscp=37 \
    new-packet-mark=dscp_37 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_36 dscp=36 \
    new-packet-mark=dscp_36 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_35 dscp=35 \
    new-packet-mark=dscp_35 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_34 dscp=34 \
    new-packet-mark=dscp_34 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_33 dscp=33 \
    new-packet-mark=dscp_33 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_32 dscp=32 \
    new-packet-mark=dscp_32 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_31 dscp=31 \
    new-packet-mark=dscp_31 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_30 dscp=30 \
    new-packet-mark=dscp_30 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_29 dscp=29 \
    new-packet-mark=dscp_29 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_28 dscp=28 \
    new-packet-mark=dscp_28 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_27 dscp=27 \
    new-packet-mark=dscp_27 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_26 dscp=26 \
    new-packet-mark=dscp_26 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_25 dscp=25 \
    new-packet-mark=dscp_25 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_24 dscp=24 \
    new-packet-mark=dscp_24 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_23 dscp=23 \
    new-packet-mark=dscp_23 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_22 dscp=22 \
    new-packet-mark=dscp_22 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_21 dscp=21 \
    new-packet-mark=dscp_21 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_20 dscp=20 \
    new-packet-mark=dscp_20 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_19 dscp=19 \
    new-packet-mark=dscp_19 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_18 dscp=18 \
    new-packet-mark=dscp_18 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_17 dscp=17 \
    new-packet-mark=dscp_17 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_16 dscp=16 \
    new-packet-mark=dscp_16 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_15 dscp=15 \
    new-packet-mark=dscp_15 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_14 dscp=14 \
    new-packet-mark=dscp_14 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_13 dscp=13 \
    new-packet-mark=dscp_13 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_12 dscp=12 \
    new-packet-mark=dscp_12 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_11 dscp=11 \
    new-packet-mark=dscp_11 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_10 dscp=10 \
    new-packet-mark=dscp_10 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_9 dscp=9 \
    new-packet-mark=dscp_9 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_8 dscp=8 \
    new-packet-mark=dscp_8 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_7 dscp=7 \
    new-packet-mark=dscp_7 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_6 dscp=6 \
    new-packet-mark=dscp_6 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_5 dscp=5 \
    new-packet-mark=dscp_5 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_4 dscp=4 \
    new-packet-mark=dscp_4 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_3 dscp=3 \
    new-packet-mark=dscp_3 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_2 dscp=2 \
    new-packet-mark=dscp_2 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_1 dscp=1 \
    new-packet-mark=dscp_1 passthrough=no
add action=mark-packet chain=postrouting comment=dscp_0 dscp=0 \
    new-packet-mark=dscp_0 passthrough=no



/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" \
    ipsec-policy=out,none out-interface-list=WAN
add action=masquerade chain=srcnat out-interface=pppoe-out1
add action=redirect chain=dstnat comment=redirectwebproxy disabled=yes \
    dst-port=80 protocol=tcp src-address=10.0.0.0/24 to-ports=8080
/ip proxy
set anonymous=yes parent-proxy=0.0.0.0 src-address=10.0.0.1



/system scheduler
add interval=10h name=backup on-event="system backup save name=today.backup" \
    policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
    start-date=jan/01/1970 start-time=00:00:00
add interval=1d name=e-mail-backup on-event=e-mail-backup policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
    start-date=jan/01/1970 start-time=00:00:00
add interval=15s name=ACCscheduled on-event="\$applyACC target=8.8.8.8 intfP=p\
    ppoe-out1 minRt=15 maxRt=30 intfQ=bridge" policy=\
    ftp,reboot,read,write,policy,test start-date=jan/05/2018 start-time=\
    21:39:38

.

=========>version v0.4 not start !.<=============
Schermata del 2018-01-11 19.58.40.png

pcunite · January 11, 2018, 3:42am

Interesting … may give this a look when I get time.

frank333 · January 11, 2018, 10:26am

pcunite, thank you for commenting, I also read your post on Qos, and it was of great help to me, I understood from your scripts some rules for compiling queue files especially in the management of HTB.
Your explanations are very clear and simple even for complicated things!
Thanks again!!

sebastia · January 11, 2018, 8:24pm

I’m looking into the issue with file deletion…

Update: fixed.

sebastia · January 11, 2018, 10:03pm

“As for uploads, however, the latency is always very high as you can solve it?”
wrt ping check, just make sure that ICMP traffic get high prio and it’s packets are mangled / markted to go into right priority queue

/ip firewall mangle
add action=mark-packet chain=postrouting protocol=icmp new-packet-mark=dscp_63 passthrough=no

“Outgoing queue queue (DSCP_pppoe-out1) has a queue-type=default-small and subordinates have queue-type=ethernet-default.”
only the leaf / child queue type matters, the parent one is not used.
(parent queue = any queue with queues attached to it = child queues)

“Do I have to create incoming queues…?”
I wouldn’t bother at this time. For ping check it isn’t needed, as pings will be routed to RB and will not leave over bridge. Hence these will never by shaped / dropped.

Note: your whole mangle setup is now dependent on properly set dscp flags on each packet, but to my knowledge not a lot of application actually do that. I’m guessing that right now everything is going through “default / catch all” queue right?

Further, you also have “fasttrack” enabled in forward queue. With fasttrack enabled, most forwarded packets will bypass mangling. => each fasttrack packet will have “no-mark” mark.

frank333 · January 12, 2018, 1:23am

I deleted the variables with /system script environment> remove 0,1,2,3 and the script has finally started (v0.4 v0.5?)
The script now works well in download (I downloaded a file using the whole bandwidth).
In upload instead the latency is always on 100ms (also here I did upload at maximum speed to a cloud archive) I tried to disable fasttrack but the result does not change.
Schermata del 2018-01-12 02.37.59.png
Should the rule to prioritise pinging be put in front of everyone?

sebastia · January 12, 2018, 1:03pm

Rule is being invoked: processed 487 packets. Verify that it gets in right queue. Your queues have counts too…

frank333 · January 12, 2018, 10:13pm

I also checked queue 63 and there is traffic.
fasttrack bypassed with this

/ip firewall filter add action=accept chain=forward comment="Bypass fasttrack for non-zero DSCP" connection-state=established,related dscp=!0

Are just a step away from the solution… but the latency is always very high, both up and down!!
mikrotik.txt (19.3 KB)
https://www.videosprout.com/video?id=7bf37656-c2ee-44db-a0ab-9c423122d04d
surely the problem is in Qos management, but where?