I need a little help. I handle the networking for a client in a multi-tenant building. years ago I was asked to handle another client there and I split off a crappy Comcast connection to save them all money. flash forward and it is out of control. I have 14 clients their now and 1gb fiber with a /27. I now need to do some rate limiting and QOS but my current setup doesn't work.

my setup is simple. I have a rb1100(not x2) that for all intensive purposes are acting like a switch. I let each customer have a public IP to put on their router and then the RB has a bridge to the WAN. however, I can't port based throttle because the ports are (slave) because of the bridge. and I cant packet mark as the traffic doesn't seem to be routered, it is just switched. I tried turning on bridge firewall and everything broke.

here is my thought. I have a spare CCR-1009 and a spare ubiquity edgeswitch 48 port. I would like to do Vlans for each customer and trunk a set of connections to the edgeswitch. then assign customers a port on the edgeswitch and rate limit the VLAN. that way if they ever need a second port the VLAN will make sure they are still limited instead of getting double the bandwidth. this also should allow me to put in wireless with a grandstream gwn7600 as they support 16 SSID though VLANs and are WAVE2 compatible.

Am I on the right track? I have seen an ISP do this with routerboard before but they had some sweet setup that auto built vlans and queues. it was really cool. I just need something simple that keeps customers within their bandwidth limit. most will get 200/200mbps. right now they all have full gig and I worry that one bad customer might ruin it for everyone with a torrent server or something.

In my experience where I run 9 properties off of 1 cable connection at 150 down, and 15 up, over many long range wireless link, I find it best to leave no bandwidth controls. I do this so that everyone has access to the full speed when needed, and their use is done quicker to free up time for others. Since its an unlimited data ( YA RIGHT, at 1.6TB they haven't said anything but maybe at 2.6 they will )

In your situation 200Mbit is plenty fast so that might not be an issue. Keep in mind I monitor my network quite often so I would see any issues arise, but if this is something you will set up and not look at for a long time, then probably try, if you haven't already, Queues > Simple Queues. I am making the assumption those are static IP's on your /27? So create a simple queue to throttle the traffic for each of those Ip's or even use the target in the queue as /27 to have one rule. I would create multiple ones so that you can increase or decrease each IP as you need in the future. You can also set time of day, burst times etc...

You can do a more elaborate PCQ, per connection queuing that will throttle per connection, but this gets into an area I never ventured, particularly because my ISP's "promised" rates keep fluctuating so it was hard to do anything useful with an unknown amount of max bandwidth.

i guess things like CCR1016 would fit that scenario bit better(not sure if CCR1009 fit "1Gbps" in "real router" configuration, eg with meaningful firewall and config of router itself. recent CCR1009 update also switchless thing, which is another(and serious!)plus for and had "silent option"/model).