Community discussions

 
ntmanxp
just joined
Topic Author
Posts: 21
Joined: Fri Feb 15, 2008 9:04 pm

PPPoE Rate Limit with Radius and Traffic Priority

Tue Nov 16, 2010 10:42 pm

Hello

I am using ROS 4.11 like PPPoE Server in 5 boxes with around 800 clients each, being authenticated by Radius.
To do some Traffic Priorization, I am using Mangle and Queue Trees.
My customers come from DSL, and now the speed of the connection is controlled by the DSLAM.
Each of them use different VLANs according to geographical location, so I have around 10 PPPoE Servers listening on each enabled VLANs on each MT. Each PPPoE Server got a default Profile, without Bandwidth Control.
Got 4 Class C Public Address on each box.

To make this management easier ( have around 26 DSLAMs and 9 Speed Profiles ), I tried to control the Bandwidth with Radius.
My Objetives:
-Traffic Priorization
-Radius Controlled Speed ( per user profile as an Attribute )
-Keep Public IP Address for each user.

So tried the MT-Rate-Limit attribute. Although is received by the MT, never is enforced. The user get full DSL speed instead of the Radius specified. :shock:
But observed that the connection with this Attribute, adds a Simple Queue for this user -and as I said, no traffic shown in the traffic window, no speed control-. :?

And talking about 800 users, in case that control can be achieved, the CPU will collapse I guess. :(

So, Can some point me to a direction to achieve all-together, Traffic Priorization + Bandwidth Controll by Radius + Low CPU Usage ?
Couldn't find any example of PPP Profile + Traffic Priorization, or isn't possible/too complicated?

Regards

Andres
 
fewi
Forum Guru
Forum Guru
Posts: 7734
Joined: Tue Aug 11, 2009 3:19 am

Re: PPPoE Rate Limit with Radius and Traffic Priority

Tue Nov 16, 2010 10:50 pm

There is an undocumented RADIUS attribute 19 under the Mikrotik vendor of type string, named "Mikrotik-Address-List". User IP addresses are added to that address list on login, and removed again on logout.

Send that attribute for users and differentiate between the different service tiers you provide, and then use the address list to marks packets and build queue trees that prioritize traffic and shape it as per your requirements. Queue trees with PCQ queues (see Wiki) perform much better than a lot of simple queues. Depending on the router hardware 800 users shouldn't be a problem. I've run Hotspots with PCQ instead of simple queues with 1700+ users on RB1000s without any issue.
 
ntmanxp
just joined
Topic Author
Posts: 21
Joined: Fri Feb 15, 2008 9:04 pm

Re: PPPoE Rate Limit with Radius and Traffic Priority

Wed Nov 17, 2010 5:40 pm

Ok, Thanks Fewi!
I used this attribute, and got the User in the Address List. The user IP was added to it.
Defined the profile in PPP with the Address List, and Rate Limit.
Then marked packet and connection in mangle with this address list.
And, after all, created a queue tree with the mark.

But, the user got a simple queue again!
And it's not controlled! :?

Regards

Andres
 
fewi
Forum Guru
Forum Guru
Posts: 7734
Joined: Tue Aug 11, 2009 3:19 am

Re: PPPoE Rate Limit with Radius and Traffic Priority

Wed Nov 17, 2010 5:58 pm

As long as there's other bandwidth control (a rate limit passed via RADIUS, or enforced via a PPP profile) a dynamic simple queue will be created. Turn off the rate limit and it should stop showing.

If it still does get created, make the queue tree attached to global-in and global-out for upload and download respectively. Those get evaluated before simple queues. The simple queues will still exist, but they won't do anything because traffic gets treated by the queue tree first.
 
ntmanxp
just joined
Topic Author
Posts: 21
Joined: Fri Feb 15, 2008 9:04 pm

Re: PPPoE Rate Limit with Radius and Traffic Priority

Wed Nov 17, 2010 6:11 pm

Ok, Fewi, not treated, means not load to the CPU?
But, If no rate limit there, where to limit Per User?
Because -I maybe I do not understood it enough, my fault- PCQ will control rate, by sharing resources.
So If a user pays for 512kb, he should download in every traffic condition, at these speed, at least locally.
If sharing with PCQ, in some conditions ( crowded of users ) will get less than it.
Or I'm wrong?

Regards
 
fewi
Forum Guru
Forum Guru
Posts: 7734
Joined: Tue Aug 11, 2009 3:19 am

Re: PPPoE Rate Limit with Radius and Traffic Priority

Wed Nov 17, 2010 6:18 pm

Not treated means no CPU load, yes.

I'm not sure I understand the rest of the question. PCQ creates sub-queues on certain conditions. Rate limits are defined per sub-queue. You can create a queue of type PCQ with a PCQ classifier of src-address and a PCQ rate-limit of 64kbps. At that point each different source address seen will get a dedicated 64kbps, so effectively every user gets 64kbps upload. Then you make another queue with a classifier of dst-address and a PCQ rate-limit of 64kbps, and use it for download. At that point every user gets 64kbps download dedicated to him, because the destination address of download traffic will be unique per client and create a new sub-queue.

The wiki has a great deal of detail on PCQ and how it works. From what you've posted so far I still think it would be a good fit.
 
Digimax
just joined
Posts: 3
Joined: Wed Oct 19, 2011 7:38 am

Re: PPPoE Rate Limit with Radius and Traffic Priority

Fri Aug 09, 2013 10:15 am

Hi,
Mikrotik 5.25 + User Manager.
If somebody need answer, how to get IP address from a pool, shape traffic without creating simple queue:
Actions on NAS
1) Create pool: IP - Pool
2) Create address list: IP - Firewall - Address Lists
3) Create mangle, PCQ, tree queue

Actions on Mikrotik with User Manager
1) Create Limitation: Fill just three field "Main - Name", "Constraints - IP pool, Address list"
2) Create profile and choose limitation.
3) Assign profile to user

Good luck!

Who is online

Users browsing this forum: No registered users and 2 guests