Simple Queue Problem. No TX showing

RouterOS General
1

Hi, I have had a small script that I slap on our many many routerboards and it limits the speed of each interface to whatever I want. It worked like a charm with version 4.2 and 5.6. But now we have upgraded everything to 5.19 and it suddenly only limits RX.

We have a bridge named “Intercom” with all the interfaces on it. I can easily get it to limit upload but I cant get it to limit or see the download. under TX is just blank, nothing ever shows up.
I’v been messing with this all day trying to get it to do something else. I thought I had something by changing the queue type under Interface Queues but it seems to have only worked for a minute… or maybe It never was and I’m being crazy

/queue simple
add burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s direction=both \
    disabled=no interface=all limit-at=0/0 max-limit=5M/5M name=Backbone \
    parent=none priority=8 queue=default-small/default-small \
    target-addresses=0.0.0.0/0 total-queue=default-small

add burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s direction=both \
    disabled=no interface=ether1 limit-at=0/0 max-limit=512k/512k name=\
    eth1 parent=Backbone priority=8 queue=default-small/default-small \
    total-queue=default-small

add burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s direction=both \
    disabled=no interface=ether3 limit-at=0/0 max-limit=512k/512k name=\
    eth3 parent=Backbone priority=8 queue=default-small/default-small \
    total-queue=default-small

add burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s direction=both \
    disabled=no interface=2.4GHz limit-at=0/0 max-limit=512k/512k name=\
    2.4GHz parent=Backbone priority=8 queue=default-small/default-small \
    total-queue=default-small

/interface bridge settings
set use-ip-firewall=yes use-ip-firewall-for-pppoe=no \
    use-ip-firewall-for-vlan=yes

I don’t feel like i’m getting anywhere working on this on my own, so if anyone can help me out that would be great

Thanks!

2

I suggest you Mangle the packets marking upload and download packets then queue tree them. Simple Queue are not specific enough.

Example from my RB

IP Firewall Mangle
add action=mark-packet chain=forward comment=“Download Office” disabled=no dst-address=10.0.0.0/16 in-interface=Ether1-Gateway-TW new-packet-mark=“Download Office” passthrough=no
add action=mark-packet chain=forward comment=“Download Main” disabled=no dst-address=10.1.0.0/16 in-interface=Ether1-Gateway-TW new-packet-mark=“Download Main” passthrough=no
add action=mark-packet chain=forward comment=“Download Network” disabled=no dst-address=10.2.0.0/16 in-interface=Ether1-Gateway-TW new-packet-mark=“Download Network” passthrough=no
add action=mark-packet chain=forward comment=“Download Guest” disabled=no dst-address=10.3.0.0/16 in-interface=Ether1-Gateway-TW new-packet-mark=“Download Guest” passthrough=no
add action=mark-packet chain=forward comment=“Upload Office” disabled=no new-packet-mark=“Upload Office” out-interface=Ether1-Gateway-TW passthrough=no src-address=10.0.0.0/16
add action=mark-packet chain=forward comment=“Upload Main” disabled=no new-packet-mark=“Upload Main” out-interface=Ether1-Gateway-TW passthrough=no src-address=10.1.0.0/16
add action=mark-packet chain=forward comment=“Upload Network” disabled=no new-packet-mark=“Upload Network” out-interface=Ether1-Gateway-TW passthrough=no src-address=10.2.0.0/16
add action=mark-packet chain=forward comment=“Upload Guest” disabled=no new-packet-mark=“Upload Guest” out-interface=Ether1-Gateway-TW passthrough=no src-address=10.3.0.0/16

Queue Tree
add burst-limit=35M burst-threshold=29M burst-time=10m disabled=no limit-at=0 max-limit=30M name=“Core Download” packet-mark=“” parent=“Ether5-Out to Switch” priority=8
add burst-limit=6M burst-threshold=4M burst-time=10m disabled=no limit-at=0 max-limit=5M name=“Core Upload” packet-mark=“” parent=Ether1-Gateway-TW priority=8
add burst-limit=20M burst-threshold=14M burst-time=1m disabled=no limit-at=5M max-limit=15M name=“Sub-queue Download” packet-mark=“” parent=“Core Download” priority=8
add burst-limit=4M burst-threshold=2M burst-time=1m disabled=no limit-at=1M max-limit=3M name=“Sub-queue Upload” packet-mark=“” parent=“Core Upload” priority=8
add burst-limit=35M burst-threshold=29M burst-time=2m disabled=no limit-at=15M max-limit=30M name=“Shield Office Download” packet-mark=“Download Office” parent=“Core Download” priority=1 queue=
“Unlimited Down”
add burst-limit=6M burst-threshold=4M burst-time=2m disabled=no limit-at=2M max-limit=5M name=“Shield Office Upload” packet-mark=“Upload Office” parent=“Core Upload” priority=1 queue=“Unlimited Up”
add burst-limit=35M burst-threshold=29M burst-time=2m disabled=no limit-at=10M max-limit=30M name=“Shield Main Download” packet-mark=“Download Main” parent=“Core Download” priority=2 queue=
“Unlimited Down”
add burst-limit=6M burst-threshold=4M burst-time=2m disabled=no limit-at=2M max-limit=5M name=“Shield Main Upload” packet-mark=“Upload Main” parent=“Core Upload” priority=2 queue=“Unlimited Up”
add burst-limit=15M burst-threshold=10M burst-time=1m disabled=no limit-at=4M max-limit=12M name=“Shield Network Download” packet-mark=“Download Network” parent=“Sub-queue Download” priority=7
queue=“Network Down”
add burst-limit=3M burst-threshold=1M burst-time=1m disabled=no limit-at=786k max-limit=2M name=“Shield Network Upload” packet-mark=“Upload Network” parent=“Sub-queue Upload” priority=7 queue=
“Network Up”
add burst-limit=4M burst-threshold=2M burst-time=1m disabled=no limit-at=1M max-limit=3M name=“Shield Guest Download” packet-mark=“Download Guest” parent=“Sub-queue Download” priority=8 queue=
“Guest Down”
add burst-limit=2M burst-threshold=512k burst-time=1m disabled=no limit-at=256k max-limit=1M name=“Shield Guest Upload” packet-mark=“Upload Guest” parent=“Sub-queue Upload” priority=8 queue=
“Guest Up”

firewal mark packet to simple queue
Limiting a user to a given amount of traffic II
Script doesn't work after an upgrade to v4
3

I’ve noticed that when the queue is “default-small” I get no stats.

I change my queues to queue=default/default total-queue=default

Should be an easy adjustment. See if hat helps.

Rick

4

You are not doing anything wrong as far as I can tell.
I just noticed the same problem. I am going to open a ticket with Mikrotik.

5

good to know I’m not just doing something silly.

I struggled using the que tree but using mangle to add a connection mark lets me add them to simple ques again. One que for download, one for upload. They both show up as tx but hey, aslong as its working.

Thanks for the help

6

Hi,

I have the exact same problem. Not sure exactly since when exactly. Have you beeen able to find a solution ? I have no tx in simple queue when I use the 750GL as a bridge.

Thx !

7

I have downgraded my 750GL to routeros 5.7 and with the exact same config, it’s working perfectly. There must be something broken in the latest revison but I’m not sure since which version.

8

Problem still exists in 5.22.
Bug report 2012092066000612 is still open.

9

You can close it. It is not a bug.

use-ip-firewall was fixed to work correctly with firewall features around 5.6-5.8 version. Your problem is that in one direction use-ip-firewall is registering packets incoming into actual interface ether2, (that is bridge port), but on opposite direction routing don’t know anything about interfaces that are in the bridge, routing table is just saying that packets need to go to bridge interface - so for TX traffic out interface is not ether2, but bridge interface, so your simple queue in HTB global doesn’t capture this traffic by interface matches.

Simple queues are for simple setups - as soon as you enable use-ip-firewall it is not simple setup anymore. You have 2 choices.

  1. disable use-ip-firewall and use bridge interface for limiting
  2. remake your simple queues based on IP addresses not on interfaces.
10

This is a bit absurd.
You break a perfectly good feature, that has been around for years, and claim that it is “by design”?

Using a routerboard as a basic switch (by utilizing the bridge function) and limiting traffic per interface is as “simple setup” as it gets.
I realize routeros is not for idiots, but do you really have to make it so complicated to do something as basic as limiting traffic on an interface?

11

I for one expect this feature to work exactly as it is working on my other Linux boxes - affecting only bridged traffic. That has been so since that 5.6-5.8 version. And yes, i was one of the clients that asked for that fix.

I have strong suspension that RouterOS just uses Linux Kernel code 1:1 for this feature now - there is no need to reinvent wheel again and add confusion.

So stop whining and adjust your setup, to the new features. maybe start with v6.x all together - simple queues have some heavy changes there also.

12

Are you sure about this?
I just tested 5.14 and it works the way that I want.
Could it be that your change is not actually related to my problem?

13

It worked like a charm. Mikrotik has to update wiki definitions for queue types and what features it supports.

Thank you.