Community discussions

 
titius
Member
Member
Topic Author
Posts: 338
Joined: Mon Oct 17, 2005 11:43 am
Location: Titel Serbia

connection limit ( ok Im borring a little bit )

Tue Dec 19, 2006 12:21 am

Well this is my setup
7   ;;; limit konekcija
     chain=forward protocol=tcp connection-limit=5,32 action=drop 

 8   ;;; marko
     chain=forward src-address=192.168.8.10 action=accept 

 9   ;;; topic
     chain=forward src-address=192.168.8.38 action=accept 

10   ;;; milekic
     chain=forward src-address-list=milekic action=accept 

11   ;;; blade
     chain=forward src-address=192.168.8.40 action=accept 

12   ;;; nebo
     chain=forward src-address=192.168.8.36 action=accept 

13   ;;; cucic
     chain=forward src-address=192.168.8.37 action=accept 
My question is, rule no 7 is for limiting number of connections to the internet, is this rule applies 5 connection limit for all IP addresses or 5 connections limit for each IP address??
 
User avatar
tneumann
Member
Member
Posts: 394
Joined: Sat Apr 16, 2005 6:38 pm
Location: Germany

Tue Dec 19, 2006 1:28 am

As you have given 32 for the netmask the limit will apply per each individual IP address. This is in the manual, by the way...

And you should use tcp-flags=syn with that rule, so that it only applies to TCP session setup.

--Tom
 
titius
Member
Member
Topic Author
Posts: 338
Joined: Mon Oct 17, 2005 11:43 am
Location: Titel Serbia

Tue Dec 19, 2006 2:15 am

ok so to conclude this, my setup will limit connections to for example 5 connections for each IP so every one will have 5 connections??

And tnx I will add tcp syn
 
User avatar
sergejs
MikroTik Support
MikroTik Support
Posts: 6616
Joined: Thu Mar 31, 2005 3:33 pm
Location: Riga, Latvia
Contact:

Tue Dec 19, 2006 8:48 am

Yes, each IP address will not be able to open more than 5 simultaneous TCP connections. E.g. if user has reached limit and tries to open another web-page, page will not be loaded.
 
titius
Member
Member
Topic Author
Posts: 338
Joined: Mon Oct 17, 2005 11:43 am
Location: Titel Serbia

Wed Dec 20, 2006 7:14 pm

tnx :) you can place this in a WIKI page, cuz I cant register
 
User avatar
sergejs
MikroTik Support
MikroTik Support
Posts: 6616
Joined: Thu Mar 31, 2005 3:33 pm
Location: Riga, Latvia
Contact:

Thu Dec 21, 2006 11:02 am

The same configuration examples is placed on the top of the firewall documentation,
http://www.mikrotik.com/testdocs/ros/2. ... 6174599693
 
titius
Member
Member
Topic Author
Posts: 338
Joined: Mon Oct 17, 2005 11:43 am
Location: Titel Serbia

Thu Dec 21, 2006 5:35 pm

?? bonding ??
 
User avatar
sergejs
MikroTik Support
MikroTik Support
Posts: 6616
Joined: Thu Mar 31, 2005 3:33 pm
Location: Riga, Latvia
Contact:

Fri Dec 22, 2006 7:52 am

 
titius
Member
Member
Topic Author
Posts: 338
Joined: Mon Oct 17, 2005 11:43 am
Location: Titel Serbia

Fri Dec 22, 2006 7:21 pm

Thanks, mmm Ive added just one thing, dst-address List I out list of local addresses because I have Local web and direct connect server.

So is this rule works with dst address list option enabled
chain=forward protocol=tcp tcp-flags=syn connection-limit=10,32 
     dst-address-list=!bgwnsw action=drop
 
titius
Member
Member
Topic Author
Posts: 338
Joined: Mon Oct 17, 2005 11:43 am
Location: Titel Serbia

Mon Dec 25, 2006 3:57 am

well it seems that connection limiting does not work properly, still some users flood internet link with P2P and surfing the net is not possibile, only thing that helps to drop P2P is that I forward only 1-1024 ports to the internet but then I have problem of using skype and IM software :(.

It seems that when I make a rule for connection drop it affects all of the users and not just one IP address :(.
;;; limit konekcija
chain=forward src-address=192.168.8.10 protocol=tcp tcp-flags=syn
connection-limit=15,32 dst-address-list=!bgwnsw action=drop
This is not working where am I doing wrong??
 
titius
Member
Member
Topic Author
Posts: 338
Joined: Mon Oct 17, 2005 11:43 am
Location: Titel Serbia

Wed Dec 27, 2006 1:29 am

Is it possibile that no one can answer, or Im a spammer, I mean, is it possibile that MT can not detect encrypted P2P connection at all???!!!

Cuz connection limit is not limmiting some P2P software. :(
 
User avatar
mneumark
Member
Member
Posts: 375
Joined: Thu Jun 08, 2006 7:20 am
Location: Escalon, CA
Contact:

Wed Dec 27, 2006 7:43 am

Are you only wanting to limit TCP connections and not UDP packets?
 
User avatar
janisk
MikroTik Support
MikroTik Support
Posts: 6283
Joined: Tue Feb 14, 2006 9:46 am
Location: Riga, Latvia

Wed Dec 27, 2006 9:43 am

is your connection tracking enabled? and yes, why only tcp connections?
 
titius
Member
Member
Topic Author
Posts: 338
Joined: Mon Oct 17, 2005 11:43 am
Location: Titel Serbia

Wed Dec 27, 2006 6:47 pm

yes my conection tracking is on, and I dont need (want) to limit UDP conections :)
 
User avatar
mneumark
Member
Member
Posts: 375
Joined: Thu Jun 08, 2006 7:20 am
Location: Escalon, CA
Contact:

Thu Dec 28, 2006 12:49 am

Try chain=forward src-address=192.168.8.10 protocol=tcp tcp-flags=syn connection-limit=15,32 action=drop

It should work as long as you got Connection Tracking on and configured.
 
titius
Member
Member
Topic Author
Posts: 338
Joined: Mon Oct 17, 2005 11:43 am
Location: Titel Serbia

Thu Dec 28, 2006 1:42 am

well I dont want to limi connections in local area network just internet...
 
titius
Member
Member
Topic Author
Posts: 338
Joined: Mon Oct 17, 2005 11:43 am
Location: Titel Serbia

Thu Dec 28, 2006 6:45 pm

so is limiting connections work for encrypted traffic I mean I know encrypted traffic also makes a connection but I cant manage to limit users with torrent crap to 15 connections, it doesnt work
 
User avatar
janisk
MikroTik Support
MikroTik Support
Posts: 6283
Joined: Tue Feb 14, 2006 9:46 am
Location: Riga, Latvia

Fri Dec 29, 2006 1:37 pm

it had to work, even if encrypted - you see connection.
 
datawlan
newbie
Posts: 29
Joined: Mon Aug 28, 2006 11:15 pm
Contact:

Fri Dec 29, 2006 10:55 pm

Try chain=forward src-address=192.168.8.10 protocol=tcp tcp-flags=syn connection-limit=15,32 action=drop

It should work as long as you got Connection Tracking on and configured.
only net limiting:
chain=forward src-address=192.168.8.10 dst-address=!192.168.8.0/24 protocol=tcp tcp-flags=syn connection-limit=15,32 action=drop
 
titius
Member
Member
Topic Author
Posts: 338
Joined: Mon Oct 17, 2005 11:43 am
Location: Titel Serbia

Sat Dec 30, 2006 3:53 am

and this rule should limit everyones connections to 15??

So torrent users will only have 15 connections and wont choke web surfers??
 
User avatar
mneumark
Member
Member
Posts: 375
Joined: Thu Jun 08, 2006 7:20 am
Location: Escalon, CA
Contact:

Sat Dec 30, 2006 5:03 am

If you want to do that use the following:

chain=forward src-address=192.168.8.10 dst-address=!192.168.8.0/24 protocol=tcp tcp-flags=syn p2p=all-p2p connection-limit=15,32 action=drop

Otherwise if you don't specify p2p it will do it on all tcp connections.
 
datawlan
newbie
Posts: 29
Joined: Mon Aug 28, 2006 11:15 pm
Contact:

Sat Dec 30, 2006 9:33 am

yes, it is correct


Unfortunately I have a bad experience limiting P2P connections (some program simply can pass my rules :D)
 
titius
Member
Member
Topic Author
Posts: 338
Joined: Mon Oct 17, 2005 11:43 am
Location: Titel Serbia

Sat Dec 30, 2006 6:06 pm

ok mneumark, but encrypted p2p is not possibile to detect.

And I dont need to detect I want to limit user to 15 tcp connections. thanx all, but still it doesnt work I will system reset MT ROS and try from the begining.
 
titius
Member
Member
Topic Author
Posts: 338
Joined: Mon Oct 17, 2005 11:43 am
Location: Titel Serbia

Sun Dec 31, 2006 7:37 pm

nope it does not work, azureus still kills web surfing, or Firewall rule affects all ip addresses.. :(
 
User avatar
mneumark
Member
Member
Posts: 375
Joined: Thu Jun 08, 2006 7:20 am
Location: Escalon, CA
Contact:

Mon Jan 01, 2007 6:18 am

Titus,

Not sure what you might be doing but i used the same rule i supplied you and it works. You might want to do a supout.rif and send it to support@mikrotik.com they will be able to see if its a bug or not.
 
maxfava
Member Candidate
Member Candidate
Posts: 219
Joined: Mon Oct 17, 2005 12:30 am

Fri Jan 05, 2007 3:51 pm

Hi friends,
why do you want limit connections and do not bandwidth limit using the pcq limit?
I have setup both tcp connection limit to 10 and bandwidth on my setup and it works.
 
titius
Member
Member
Topic Author
Posts: 338
Joined: Mon Oct 17, 2005 11:43 am
Location: Titel Serbia

Fri Jan 05, 2007 4:39 pm

encrypted p2p can not be throtled.

And with conn limit you can acomplish that only for example 15 connections are established per IP address and I dont have to worry about slow or imposibile surfing...
 
maxfava
Member Candidate
Member Candidate
Posts: 219
Joined: Mon Oct 17, 2005 12:30 am

Fri Jan 05, 2007 6:02 pm

titius,
I use the follow metod,

firewall mangle forward with no passtrougth:
a) mark http packet
b) mark dns
.... all other protocol that you want to prioritize, such voip.
c) mark rest packet

queue
http, dns, voip ... rest of packet.

in this way I'm sure that all p2p traffic will be block by rest packet.
if customer ask for such protocol, I will create the rule on the mange.
It is no perfect honest but it's work.
the only issue I have is to shape the p2p traffic and not limit it, and I'm working to understad how since my ctm are connected via ppptp.

best regards
Max
 
User avatar
mneumark
Member
Member
Posts: 375
Joined: Thu Jun 08, 2006 7:20 am
Location: Escalon, CA
Contact:

Sat Jan 06, 2007 10:01 am

Max,

With firewall mangle forwards you can't shape encrypted p2p. Just not possible nor will mangle not catch encrypted p2p.
 
User avatar
gpienaar
newbie
Posts: 33
Joined: Sun Dec 10, 2006 2:05 pm
Location: South Africa

Sat Jan 06, 2007 11:50 am

Hi All!

I had same problem in the past! Encrypted P2P is very difficult to limit!
I also tried to limit P2P, but it just took over the network. Yes you can limit connections as explained before!

The best result I had is to mark all new packets=2000000 and after this it will turn into old packets with a lower priority (8). Setup your global in and out qeues (PCQ), new packets priority 1 and old packets priority 8 and their you go. No P2P can kill your network.

Their is an example somewhere in the forum (slow downloads or so)!
 
titius
Member
Member
Topic Author
Posts: 338
Joined: Mon Oct 17, 2005 11:43 am
Location: Titel Serbia

Sat Jan 06, 2007 12:24 pm

please can you paste your setup from MT ??
 
User avatar
gpienaar
newbie
Posts: 33
Joined: Sun Dec 10, 2006 2:05 pm
Location: South Africa

Sat Jan 06, 2007 3:08 pm

please can you paste your setup from MT ??
Please note that all my clients come in on PPPOE on previous MT's limited at 128k and their connection limits is aready being set at 100!

Main MT configuration is as follow!

Here it is!

First Mangle

16 ;;; mark all new connections
chain=prerouting protocol=tcp action=mark-connection new-connection-mark=new_conn passthrough=yes

17 ;;; mark packets
chain=prerouting protocol=tcp connection-mark=new_conn connection-bytes=0-1000000 action=mark-packet
new-packet-mark=new_packet passthrough=no

18 ;;; marking old packets
chain=prerouting protocol=tcp connection-mark=new_conn action=mark-packet new-packet-mark=old_packets
passthrough=no


Then Queue Tree


0 name="Main_Upload" parent=global-out packet-mark="" limit-at=0 queue=default priority=8 max-limit=384000
burst-limit=0 burst-threshold=0 burst-time=0s

1 name="Up First 192kbit" parent=Main_Upload packet-mark=new_packet limit-at=192000 queue=PCQ_Upload priority=1
max-limit=384000 burst-limit=0 burst-threshold=0 burst-time=0s

2 name="Up Rest kbits" parent=Main_Upload packet-mark=old_packets limit-at=64000 queue=PCQ_Upload priority=8
max-limit=384000 burst-limit=0 burst-threshold=0 burst-time=0s

3 name="Main_Download" parent=global-in packet-mark="" limit-at=0 queue=default priority=8 max-limit=1000000
burst-limit=0 burst-threshold=0 burst-time=0s

4 name="Down First 1Mbit of data" parent=Main_Download packet-mark=new_packet limit-at=800000 queue=PCQ_Download
priority=1 max-limit=1000000 burst-limit=0 burst-threshold=0 burst-time=0s

5 name="Down Rest kbits" parent=Main_Download packet-mark=old_packets limit-at=200000 queue=PCQ_Download priority=8
max-limit=1000000 burst-limit=0 burst-threshold=0 burst-time=0s

My Up load is 384kbps and Download is 1MB

Theory:

New p2p(or any other connection) connection will come in and will download at priority 1, the moment it reach 1 M bytes of data it will move down to priority 8. Same with upload!

Advantages: All p2p is always larger than 1MB, so always it will move down to priority 8

Disadvantage: You can never reach speeds faster than Global in and out for example a mail server that is connected just after MT!

Hope this helps! :wink:

Mr G

P.S. I hope other more advance users will also share their Mangle and Queue tree secrets!! :!:
 
maxfava
Member Candidate
Member Candidate
Posts: 219
Joined: Mon Oct 17, 2005 12:30 am

Sat Jan 06, 2007 6:54 pm

Max,

With firewall mangle forwards you can't shape encrypted p2p. Just not possible nor will mangle not catch encrypted p2p.
Hi thanks for the advice,
but for my logical point of view,
I put in queue rest of packet that I whink there will be all packets comprensive of P2P and encripted P2P, why this is not correct for you?

thanks
Massimo
 
User avatar
samsoft08
Long time Member
Long time Member
Posts: 617
Joined: Sat Nov 26, 2005 10:52 pm

Sat Jan 06, 2007 8:46 pm

gpienaar , you said that you have max of 1Mb download and you are marking packets = 1Mb .. ??

you have 2 types of packets , 1M max packet and >1M packet !!!!
so , if onw packet is 1M it will marked as new_packet and it will got priority of 1 .. and it will stay as new_packet ?? eating all your 1M band !!!
 
User avatar
gpienaar
newbie
Posts: 33
Joined: Sun Dec 10, 2006 2:05 pm
Location: South Africa

Sat Jan 06, 2007 10:22 pm

To sam soft08!

Clearly you dont understand!

1Mb/s speed download yes. The mangle rule will mark all packets as new connections, until total download data reach 1MB (8 megabits in 1 megabyte), then packets match rule to mark them as old packets, hence the priority is shifted down to 8!

I hope this is clear!

By the way I am not the only one that use this technique, ask Janisk! It is also known as manual burst technique!

to maxfava: You can mark the packets any way you like! Try to play with new connection =0-2000000 (2MB new packets) and bigger than 2MB old packets. This realy works for me. Fast browsing even for P2P user while downloading.

Is'nt this what you whant?

Regards

Mr G
 
User avatar
samsoft08
Long time Member
Long time Member
Posts: 617
Joined: Sat Nov 26, 2005 10:52 pm

Sat Jan 06, 2007 11:52 pm

ok i dont understand the relation between the speed and the total amount of bytes downloaded ..

you mean that we must wait a connection to reach 1Mbyte of total download to lowering its priority ??

it seems that all MT can do about speeding browsing vs big downloading .
 
titius
Member
Member
Topic Author
Posts: 338
Joined: Mon Oct 17, 2005 11:43 am
Location: Titel Serbia

Sun Jan 07, 2007 5:39 am

thanks
gpienaar, I will try this tomorow and write the results
 
User avatar
gpienaar
newbie
Posts: 33
Joined: Sun Dec 10, 2006 2:05 pm
Location: South Africa

Sun Jan 07, 2007 9:51 am

samsoft08 "ok i dont understand the relation between the speed and the total amount of bytes downloaded .. "

Please note that main download and upload make use of PCQ theirfor you need to specify max data rate otherwise PCQ will not work(MT basic training) Sorry forgot to add this in previous post! Here is the pcq setup that is being used in Queue tree:

5 name="PCQ_Upload" kind=pcq pcq-rate=0 pcq-limit=50
pcq-classifier=src-address pcq-total-limit=2000

6 name="PCQ_Download" kind=pcq pcq-rate=0 pcq-limit=50
pcq-classifier=dst-address pcq-total-limit=2000

samsoft08 "you mean that we must wait a connection to reach 1Mbyte of total download to lowering its priority ?? "

Yes! you got it! :D

Regards


Mr G
 
User avatar
samsoft08
Long time Member
Long time Member
Posts: 617
Joined: Sat Nov 26, 2005 10:52 pm

Sun Jan 07, 2007 1:21 pm

yes i got it , thank god ..
but as i said , thats all MT can do ? waiting for a connection to reach a specific limit then only lowering its priority ?
what if i have 512kbit/s only ?? all the clients must wait for some client connection to reach 1 Mbyts = 8 Mbit , then they must wait for other client to eat the band for specific time and so on .. what if they are 40 user online ?

you must be kidding ... :lol: :lol:
 
titius
Member
Member
Topic Author
Posts: 338
Joined: Mon Oct 17, 2005 11:43 am
Location: Titel Serbia

Sun Jan 07, 2007 2:01 pm

what I need to change, so I can limit each user bandwidth not PCQ??
 
User avatar
gpienaar
newbie
Posts: 33
Joined: Sun Dec 10, 2006 2:05 pm
Location: South Africa

Sun Jan 07, 2007 2:53 pm

to Samsoft!

That was only an example!

Play with the idea and modify accordingly (speeds and total data)!

512kbps/s is about 52 -55KBytes per second download in real life!

Try to implement and run it for 48 hours and see if it works for you!

samsoft - "but as i said , thats all MT can do ? waiting for a connection to reach a specific limit then only lowering its priority ? "

That will be the only way to drop encrypted P2P to lower priority, unless you know the exact ports that it is running on! Every day their is new P2P encrypted software that is comming out! Some is even using port 80, how will you stop that or limit that? According to me this is the only way, better than nothing!



It is very easy to complain and think of 10 000 reasons why it won't work!

TRY IT RUN IT AND LET ME KNOW!

to Titius, did you try it?

Try PPPOE conections for your customers! or Hotspot!

To Normis or Janisk - please jump in!!

Regards

Mr G
 
leb23m
newbie
Posts: 29
Joined: Sat Jun 10, 2006 3:18 pm

Thx for yur help

Sat Jan 13, 2007 9:27 am

hello guys

I wanna ask plz, shall I need to disable my simple queues or shall I leave it?? my simple queues are 16k/56k for each one
so shall I remove all my simple queues to have the speed of 1meg or no??
plz reply
 
titius
Member
Member
Topic Author
Posts: 338
Joined: Mon Oct 17, 2005 11:43 am
Location: Titel Serbia

Sat Jan 13, 2007 12:42 pm

If you remove simple queues evryone wil have 1Mbps so you will o=not have control over your bandwidth.

BTW this is for new thread. ;)
 
leb23m
newbie
Posts: 29
Joined: Sat Jun 10, 2006 3:18 pm

thx for yur reply

Sat Jan 13, 2007 2:53 pm

dear gpienaar

shall I remove all the simple queues or no, coz yu write that each file downloaded at 8megabits of size will be downloaded at speed of 1 meg and after the 8 meg it will be at low speed right?
 
User avatar
gpienaar
newbie
Posts: 33
Joined: Sun Dec 10, 2006 2:05 pm
Location: South Africa

Re: thx for yur reply

Sat Jan 13, 2007 5:07 pm

dear gpienaar

shall I remove all the simple queues or no, coz yu write that each file downloaded at 8megabits of size will be downloaded at speed of 1 meg and after the 8 meg it will be at low speed right?
Yes, remove simple queues!

Lets try again!

1 Customer will start download!
2. For the first 1000000 bytes of data he will download at a speed of 1Mbits/s at a priority of 1
3. The moment his file"download" reach 1000000 bytes of data his priority will shift down to 8 and still download at speed of 1Mbits/second provided that their is no other trafic!
4. the moment a new download is started, that new connection have a priority of 1, he will download at 800Kbits/s for first 1000000 bytes of data! (GUARANTEED LIMIT IS SET AT 800KBPS IN QUEUE), also depend on PCQ!
5 Old download will go down to 200Kbps/s (garanteed in queue) priority of 8!
6. The moment both downloads is on Old Packets (> as 1000000 bytes of data) both downloads will be balanced at 500Kbits/second (provided that their is no new packets!)

This is very simple! I need all of you to understand the theory behind it! Then you will be amazed on how many clients you can hook on to your network at say 128kbps/s on PPPOE and almost no one will complain! :wink:

Regards

Mr G
P.S. this is the Main purpose that Mikrotik developed ROS! I was told by Arnis Rijkstein!
 
titius
Member
Member
Topic Author
Posts: 338
Joined: Mon Oct 17, 2005 11:43 am
Location: Titel Serbia

Sun Jan 14, 2007 3:25 am

yes it is greaat!!

But can we somehow achieve for same client, when he reaches 1000000 bytes priority goes to 8, and he makes new connection ( web surfing ) will that new connection open web page quickly or or it will be choked by his download that is active ?
 
User avatar
gpienaar
newbie
Posts: 33
Joined: Sun Dec 10, 2006 2:05 pm
Location: South Africa

Sun Jan 14, 2007 12:44 pm

yes it is greaat!!

But can we somehow achieve for same client, when he reaches 1000000 bytes priority goes to 8, and he makes new connection ( web surfing ) will that new connection open web page quickly or or it will be choked by his download that is active ?
This is why it is beautifull, this is for each connection and not IP!
So yes the new connection will open web page quickly provided that his download aready reached that 1000000 (you can change this value) bytes of data which will move it down to priority 8! :wink:

Regards

Mr G
 
titius
Member
Member
Topic Author
Posts: 338
Joined: Mon Oct 17, 2005 11:43 am
Location: Titel Serbia

Sun Jan 14, 2007 2:48 pm

thanks man sincerely

Just one more thing, can we still make that every IP has for example

128kbps and yours queue rules so he downloads with speed of 128kkbps

when he reaches 1000000 his old connections go to prio 8 and new ones with

prio 1, and he downloads with 128kbps but when he asks foe a web page it

opens with prio 1 in his 128kbps queue limit. ?
 
User avatar
gpienaar
newbie
Posts: 33
Joined: Sun Dec 10, 2006 2:05 pm
Location: South Africa

Sun Jan 14, 2007 3:24 pm

Create PPPOE server, create PPPOE profile with limit of 64k up and 128k down! This should work!

Regards

Mr G
 
titius
Member
Member
Topic Author
Posts: 338
Joined: Mon Oct 17, 2005 11:43 am
Location: Titel Serbia

Sun Jan 14, 2007 6:32 pm

Create PPPOE server, create PPPOE profile with limit of 64k up and 128k down! This should work!

Regards

Mr G
along with setup your queue tree ?
 
User avatar
gpienaar
newbie
Posts: 33
Joined: Sun Dec 10, 2006 2:05 pm
Location: South Africa

Sun Jan 14, 2007 7:26 pm

On my systems I have the queue tree setup on main gateway MT and all other clients connect via tower MT's (PPPOE links). whole network is running ospf! 8)

Regards

Mr G
 
User avatar
gpienaar
newbie
Posts: 33
Joined: Sun Dec 10, 2006 2:05 pm
Location: South Africa

Sun Jan 14, 2007 10:28 pm

Try it did it work!

Like I said before, I do not currently run PPPOE and Queue tree on same unit!

But I am sure that you can play with the mangle rules to spesify your outgoing interface! therefore your PPPOE (interface on it's own) should work fine!

Try it and let me know!

Regards

Mr G
 
titius
Member
Member
Topic Author
Posts: 338
Joined: Mon Oct 17, 2005 11:43 am
Location: Titel Serbia

Mon Jan 15, 2007 12:38 am

I will try without pppoe . . .

Im not ISP it is for local wireless community

Thanks
 
User avatar
janisk
MikroTik Support
MikroTik Support
Posts: 6283
Joined: Tue Feb 14, 2006 9:46 am
Location: Riga, Latvia

Mon Jan 15, 2007 1:24 pm

http://forum.mikrotik.com/viewtopic.php?t=12870

is example when download gets old it is slowed down...

it can be easily adjusted to your needs

if no, you have to read QoS manual
 
titius
Member
Member
Topic Author
Posts: 338
Joined: Mon Oct 17, 2005 11:43 am
Location: Titel Serbia

Mon Jan 15, 2007 6:58 pm

QoS manual ok, I link ??
 
User avatar
janisk
MikroTik Support
MikroTik Support
Posts: 6283
Joined: Tue Feb 14, 2006 9:46 am
Location: Riga, Latvia

Tue Jan 16, 2007 10:44 am

 
User avatar
sidney
just joined
Posts: 24
Joined: Fri Sep 15, 2006 12:15 pm
Location: South africa - Pretoria East

Tue Jan 16, 2007 2:13 pm

Hi to all

I am buzy trying out gpienaar setup and also janisk
i see one is using forward and the other pre-routing but that would depend
on each setup or what?
ok can one do the same as you setup using tcp and then do another setup
using udp but both marked the same eg
ip firewall mangle
add chain=forward protocol=tcp action=mark-connection \
new-connection-mark=new_conn passthrough=yes comment="mark all new \
connections" disabled=no
add chain=forward protocol=tcp connection-mark=new_conn \
connection-bytes=0-2000000 action=mark-packet new-packet-mark=new_packet \
passthrough=no comment="mark packets" disabled=no
add chain=forward protocol=tcp connection-mark=new_conn action=mark-packet \
new-packet-mark=old_packets passthrough=no comment="marking old packets" \
disabled=no
add chain=forward protocol=udp action=mark-connection \
new-connection-mark=new_conn passthrough=yes comment="mark all new \
connections" disabled=no
add chain=forward protocol=udp connection-mark=new_conn \
connection-bytes=0-2000000 action=mark-packet new-packet-mark=new_packet \
passthrough=no comment="mark packets" disabled=no
add chain=forward protocol=udp connection-mark=new_conn action=mark-packet \
new-packet-mark=old_packets passthrough=no comment="marking old packets" \
disabled=no
then i am doing the same with queue trees and if i keep the simple queues as i had be for would it matter as when i tested it last night at home running as a client my old simple queues still locked me at a limmited speed at +- 500kbps witch is about 55KBs as i was downloading
a SBLive driver cd it keeped me at +- 55KBs as for wireless clients that
is more than enough although the download queue worked the upload queue stayed on zero

My setup is a RB500 with internet going in ether2 and bridged with 3 wlan to clients

Sidney 8)
 
User avatar
samsoft08
Long time Member
Long time Member
Posts: 617
Joined: Sat Nov 26, 2005 10:52 pm

Tue Jan 16, 2007 7:52 pm

does this example marking Proxy packets also ??
 
User avatar
samsoft08
Long time Member
Long time Member
Posts: 617
Joined: Sat Nov 26, 2005 10:52 pm

Sun Feb 04, 2007 10:47 pm

it doesn't mark the web-proxy packets .... :(
 
PrSliCa
newbie
Posts: 27
Joined: Sun Feb 18, 2007 2:08 pm

Single user traffic?

Sun Feb 18, 2007 2:17 pm

Hm... it looks like that applying this rules to my MT I limit total traffic not per-user traffic...

I have limited users using single queue to 350/350kbps. Setting up queue tree like above my users drop speed.

What am I doing wrong ? :)

I have few old 2.8.26 MT, is there a way to do good QoS on them ?
 
0ldman
Forum Guru
Forum Guru
Posts: 1446
Joined: Thu Jul 27, 2006 5:01 am

Re: connection limit ( ok Im borring a little bit )

Fri Sep 21, 2007 8:47 am

Please note that all my clients come in on PPPOE on previous MT's limited at 128k and their connection limits is aready being set at 100!

Main MT configuration is as follow!

Here it is!

First Mangle

16 ;;; mark all new connections
chain=prerouting protocol=tcp action=mark-connection new-connection-mark=new_conn passthrough=yes

17 ;;; mark packets
chain=prerouting protocol=tcp connection-mark=new_conn connection-bytes=0-1000000 action=mark-packet
new-packet-mark=new_packet passthrough=no

18 ;;; marking old packets
chain=prerouting protocol=tcp connection-mark=new_conn action=mark-packet new-packet-mark=old_packets
passthrough=no


Then Queue Tree


0 name="Main_Upload" parent=global-out packet-mark="" limit-at=0 queue=default priority=8 max-limit=384000
burst-limit=0 burst-threshold=0 burst-time=0s

1 name="Up First 192kbit" parent=Main_Upload packet-mark=new_packet limit-at=192000 queue=PCQ_Upload priority=1
max-limit=384000 burst-limit=0 burst-threshold=0 burst-time=0s

2 name="Up Rest kbits" parent=Main_Upload packet-mark=old_packets limit-at=64000 queue=PCQ_Upload priority=8
max-limit=384000 burst-limit=0 burst-threshold=0 burst-time=0s

3 name="Main_Download" parent=global-in packet-mark="" limit-at=0 queue=default priority=8 max-limit=1000000
burst-limit=0 burst-threshold=0 burst-time=0s

4 name="Down First 1Mbit of data" parent=Main_Download packet-mark=new_packet limit-at=800000 queue=PCQ_Download
priority=1 max-limit=1000000 burst-limit=0 burst-threshold=0 burst-time=0s

5 name="Down Rest kbits" parent=Main_Download packet-mark=old_packets limit-at=200000 queue=PCQ_Download priority=8
max-limit=1000000 burst-limit=0 burst-threshold=0 burst-time=0s

My Up load is 384kbps and Download is 1MB

Theory:

New p2p(or any other connection) connection will come in and will download at priority 1, the moment it reach 1 M bytes of data it will move down to priority 8. Same with upload!

Advantages: All p2p is always larger than 1MB, so always it will move down to priority 8

Disadvantage: You can never reach speeds faster than Global in and out for example a mail server that is connected just after MT!

Hope this helps! :wink:

Mr G

P.S. I hope other more advance users will also share their Mangle and Queue tree secrets!! :!:
When I try to add this via Winbox it won't let me set the "limit at" higher than the "max limit".
Is this in the Wiki? I haven't been able to find it.

Who is online

Users browsing this forum: No registered users and 108 guests