Simple mangle to give direction for a global speed limit.

Hi guys we deployed a router at a site and needed to limit speeds there to 8m/8m.

So i added the following packet marks:

0 chain=prerouting action=mark-packet new-packet-mark=download passthrough=no
in-interface=bridge

1 chain=postrouting action=mark-packet new-packet-mark=upload passthrough=no
out-interface=bridge


The way I see it, That should have been able to mark all traffic going in and out of the router with a direction, but that was not the case.
I found later that while my queue tree was showing traffic getting shaped, the total traffic getting graphed by our mrtg server far exceded my limit.

so I decided to try adding another directional marker via;

2 chain=postrouting action=mark-packet new-packet-mark=upload passthrough=no
src-address-list=local

3 chain=prerouting action=mark-packet new-packet-mark=download passthrough=no
dst-address-list=local

and it seems to have worked.

What i dont understand is why it’s working. I already marked all traffic going in and out of my bridge (customer equipment) why are the mangle rules @ #2 and 3 picking up the leftovers? There shouldnt BE any leftovers…

Did I misread the mikrotik router processing map or something?

Should I have used my wan interface instead of the bridge?

like this;

0 chain=prerouting action=mark-packet new-packet-mark=download passthrough=no
in-interface=ether1

1 chain=postrouting action=mark-packet new-packet-mark=upload passthrough=no
out-interface=ether1

I should note, when i tried this in my test environment ROS6rc9 my speedtests were right on the money with just mangle rules 0 and 1 with both ether1 and the bridge as the in/out interface. That means HTTP traffic was getting marked properly. would UDP some how be able to skip those rules and get caught in the sourceIP/destination IP rules at the bottom of my mangle list? I did see a bunch of bit torrent getting used.