Community discussions

MikroTik App
  4. RouterOS
  5. General

Limiting per User Traffic with PCQ not working reliably on SXT LTE kit  [SOLVED]

Post Reply
 
Binser
newbie
Topic Author
Posts: 48
Joined: Fri Dec 28, 2018 7:50 pm

Limiting per User Traffic with PCQ not working reliably on SXT LTE kit

Wed Jan 16, 2019 7:13 pm

Hello everyone!

I am using an SXT LTE as a fallback device for our network and during peak network traffic times to lighten the load on our network in a hotel like situation. I have a total capacity of 8GB/day on 2 SIM cards.

If I don't limit traffic, the 8GB will be gone in just a couple of hours.

So I wrote these rules:
Code: Select all
/queue type
add kind=pcq name=PCQ_download pcq-burst-rate=1200k pcq-burst-threshold=650k \
    pcq-classifier=dst-address pcq-limit=100KiB pcq-rate=700k \
    pcq-total-limit=4000KiB
add kind=pcq name=PCQ_upload pcq-burst-rate=1200k pcq-burst-threshold=650k \
    pcq-classifier=src-address pcq-limit=100KiB pcq-rate=700k \
    pcq-total-limit=4000KiB
 /queue simple
add max-limit=4M/4M name=PCQ-Queue queue=PCQ_download/PCQ_upload target=\
    192.168.86.0/24
But they are not working reliably. Today f.e. one user had incoming traffic of ~4.5GB over about 5 hours, which should not have been possible, since at 700k he should only be able to use a maximum of around 300MB/hour.

How can I improve my setup? (6.44 beta 54)
Top
 
User avatar
sebastia
Forum Guru
Forum Guru
Posts: 1782
Joined: Tue Oct 12, 2010 3:23 am
Location: Antwerp, BE

Re: Limiting per User Traffic with PCQ not working reliably on SXT LTE kit

Wed Jan 16, 2019 8:27 pm

Please post your config: /export compact hide-sensitive
Top
 
Binser
newbie
Topic Author
Posts: 48
Joined: Fri Dec 28, 2018 7:50 pm

Re: Limiting per User Traffic with PCQ not working reliably on SXT LTE kit

Wed Jan 16, 2019 8:47 pm

I'll be happy to do that:
Code: Select all
# jan/17/2019 00:06:14 by RouterOS 6.44beta54
#
# model = RBSXTR
set [ find ] mac-address=AC:FF:FF:00:00:00 name=lte1 network-mode=lte
/interface bridge
add admin-mac=B8:69:F4:05:D6:15 auto-mac=no comment=defconf name=bridge
/interface ethernet
set [ find default-name=ether2 ] advertise=\
    10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface lte apn
add apn=jionet ip-type=ipv4-ipv6 ipv6-interface=lte1 name="Jio 4G"
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/ip pool
add name=dhcp ranges=192.168.86.100-192.168.86.254
/ip dhcp-server
add add-arp=yes address-pool=dhcp bootp-support=dynamic disabled=no \
    interface=bridge name=defconf
/queue type
add kind=pcq name=PCQ_download pcq-burst-rate=1200k pcq-burst-threshold=650k \
    pcq-classifier=dst-address pcq-limit=100KiB pcq-rate=700k \
    pcq-total-limit=4000KiB
add kind=pcq name=PCQ_upload pcq-burst-rate=1200k pcq-burst-threshold=650k \
    pcq-classifier=src-address pcq-limit=100KiB pcq-rate=700k \
    pcq-total-limit=4000KiB
add kind=pcq name=PCQ_upOLD1500kb pcq-classifier=src-address pcq-limit=384KiB \
    pcq-rate=1500k pcq-total-limit=4000KiB
add kind=pcq name=PCQ_downOLD1500kb pcq-classifier=dst-address pcq-limit=\
    384KiB pcq-rate=1500k pcq-total-limit=6000KiB
/queue simple
add max-limit=4M/4M name=PCQ-Queue queue=PCQ_download/PCQ_upload target=\
    192.168.86.0/24
/interface bridge port
add bridge=bridge comment=defconf interface=ether1
add bridge=bridge comment=defconf interface=ether2
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface detect-internet
set detect-interface-list=all
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=lte1 list=WAN
/ip accounting web-access
set address=192.168.84.210/32
/ip address
add address=192.168.86.1/24 comment=defconf interface=ether1 network=\
    192.168.86.0
/ip cloud
set ddns-enabled=yes
/ip dhcp-server alert
add disabled=no interface=ether1 valid-server=B8:69:F4:05:D6:15
/ip dhcp-server network
add address=192.168.86.0/24 comment=defconf dns-server=192.168.86.1,1.1.1.1 \
    gateway=192.168.86.1 netmask=24
/ip dns
set allow-remote-requests=yes servers=9.9.9.9,8.8.8.8
/ip dns static
add address=192.168.86.1 name=router.lan
/ip firewall filter
add action=accept chain=input comment="Accept Winbox" disabled=yes dst-port=\
    8291 in-interface=lte1 protocol=tcp
add action=accept chain=input comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
    invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
    in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
    ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
    ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
    connection-state=established,related disabled=yes
add action=accept chain=forward comment=\
    "defconf: accept established,related, untracked" connection-state=\
    established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
    connection-state=invalid
add action=drop chain=forward comment=\
    "defconf:  drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
    connection-state=new in-interface-list=WAN
/ip firewall mangle
add action=change-ttl chain=postrouting disabled=yes new-ttl=set:64 \
    out-interface=!all-ethernet passthrough=yes
add action=change-ttl chain=postrouting new-ttl=set:64 out-interface=lte1 \
    passthrough=yes
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" \
    ipsec-policy=out,none out-interface-list=WAN
/ip ssh
set strong-crypto=yes
/system clock
set time-zone-name=Asia/Kolkata
/system identity
set name="SXT LTE"
/system leds
# using RSRP, modem-signal-treshold ignored
set 0 interface=lte1
/system logging
add topics=lte,!raw,!info,!async
add action=disk topics=critical
add action=disk topics=error
add action=disk topics=warning
/system package update
set channel=testing
/system scheduler
add comment="StartUp with SIM B - Lower Slot" name="Start with SIM2B" \
    on-event=StartUpSimB policy=reboot,read,write,policy,test,romon \
    start-time=startup
add comment="Switch SIM 2 B LowerSlot at 12.30am" disabled=yes interval=1d \
    name=SwitchSIM2B-LowerSlot on-event=SwitchSIM2-B-Script policy=\
    reboot,read,write,policy,test,romon start-date=nov/12/2018 start-time=\
    00:30:00
add comment="Switch to SIMA by Schedule at 16:30" interval=1d name=\
    Switch2SIMA on-event=Switch2SIMA policy=reboot,read,write,policy,test \
    start-date=dec/28/2018 start-time=16:30:00
add comment="Reboot at 12.30am" interval=1d name=Reboot on-event=Reboot \
    policy=ftp,reboot,read,write,test,romon start-date=nov/12/2018 \
    start-time=00:30:00
add interval=1d name="Reset Modem" on-event="Reset Modem" policy=\
    reboot,read,write,test,romon start-date=jan/14/2019 start-time=12:00:00
/system script
add comment="NetWatch if SIM is down Switch to Other SIM" \
    dont-require-permissions=yes name=NetWatchSwitch2OtherSIMSlot owner=Bucky \
    policy=reboot,read,write,policy,test,romon source="#Needs dont-require-per\
    missions=yes since otherwise it iinherits lower permissions from NetWatch\
    \r\
    \n:global NWTries\r\
    \n:global Startup\r\
    \n:global ProvSIMA\r\
    \n:global ProvSIMB\r\
    \n:if (\$Startup=\"Finished\") do={\r\
    \n# Script checks first which SIM Slot is active, then\r\
    \n# switches from active to inactive SIM Slot\r\
    \n# Then log descriptive warning\r\
    \n:global simSlot [/system routerboard sim get sim-slot]\r\
    \n# Check which SIM slot is used\r\
    \n:set \$NWTries (\$NWTries+1)\r\
    \n:log warning message=\"NETWATCH CANNOT PING 9999  ON SIM \$simSlot RUN N\
    R. \$NWTries\"\r\
    \n:local time [/system clock get time];\r\
    \n{\r\
    \nif (\$NWTries < 4) do={\r\
    \n:if (\$simSlot=\"a\") do={\r\
    \n# If \"a\" UpperSlot, switch to \"b\"\r\
    \n/system routerboard sim set sim-slot=b\r\
    \n:log warning \"SWITCHED TO SIM B - \$ProvSIMB BY SCRIPT AT \$time\"\r\
    \n} else={\r\
    \n# If \"b\" LowerSlot, switch to \"a\" UpperSlot\r\
    \n/system routerboard sim set sim-slot=a\r\
    \n:log warning \"SWITCHED TO SIM A - \$ProvSIMA BY NETWATCH SCRIPT at \$ti\
    me\"\r\
    \n}\r\
    \n} else={:log warning \"NETWATCH LOOP >3x - MODEM RESET SIM \$simSlot - N\
    O SWITCH!!!\";\r\
    \n/interface lte at-chat lte1 input=\"AT+reset\"\r\
    \n}\r\
    \n}\r\
    \n}"
add dont-require-permissions=yes name=BackupCfg owner=Bucky policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="/\
    system backup save\r\
    \n/export compact file=([/system identity get value-name=name].\"-backup-c\
    mp-prv.rsc\")\r\
    \n/export verbose file=([/system identity get value-name=name].\"-backup-v\
    rb-prv.rsc\")\r\
    \n/export compact hide-sensitive file=([/system identity get value-name=na\
    me].\"-backup-cmp-pub.rsc\")\r\
    \n/export verbose hide-sensitive file=([/system identity get value-name=na\
    me].\"-backup-vrb-pub.rsc\")\r\
    \n\r\
    \n\r\
    \n"
add comment="Switch to Other SIM" dont-require-permissions=yes name=\
    Switch2OtherSIM owner=Bucky policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="#\
    \_Script checks first which SIM Slot is active, then\r\
    \n# switches from active to inactive SIM Slot\r\
    \n# Then log descriptive warning\r\
    \n:global simSlot [/system routerboard sim get sim-slot]\r\
    \n:local time [/system clock get time];\r\
    \n# Check which SIM slot is used\r\
    \n{\r\
    \n:foreach i in= [ /tool netwatch find ] do={ :tool netwatch disable \$i }\
    ;\r\
    \n:if (\$simSlot=\"a\") do={\r\
    \n# If \"a\" UpperSlot, switch to \"b\" LowerSlot\r\
    \n/system routerboard sim set sim-slot=b\r\
    \n:log warning \"SWITCHED TO SIM B - \$ProvSIMB BY SCRIPT at \$time\";\r\
    \n:delay 90s;\r\
    \n:foreach i in= [ /tool netwatch find ] do={ :tool netwatch enable \$i };\
    \r\
    \n} else={\r\
    \n# If \"b\" LowerSlot, switch to \"a\" UpperSlot\r\
    \n/system routerboard sim set sim-slot=a\r\
    \n:log warning \"SWITCHED TO SIM A - \$ProvSIMA BY SCRIPT at :\$time\";\r\
    \n:delay 90s;\r\
    \n:foreach i in= [ /tool netwatch find ] do={ :tool netwatch enable \$i };\
    \r\
    \n}\r\
    \n}\r\
    \n"
add comment="Reboot at 00:30" dont-require-permissions=no name=Reboot owner=\
    Bucky policy=reboot,read,write,romon source=":local datum [/system clock g\
    et date];\r\
    \n:local time [/system clock get time];\r\
    \n:log warning message=\"REBOOT BY REBOOT SCRIPT ON \$datum AT \$time\";\r\
    \n/system reboot;"
add comment="Send/Receive USSD codes for Data Balance on Airtel" \
    dont-require-permissions=no name=AirtelBalance owner=Bucky policy=read \
    source="# Run this script in Terminal like this (copy/paste next line with\
    out #:\r\
    \n# /system script run AirtelBalance\r\
    \n# Copy text from last +CUSD: 1,\" results without quotes to:\r\
    \n# http://www.unit-conversion.info/texttools/hexadecimal/#data\r\
    \n:foreach i in= [ /tool netwatch find ] do={ :tool netwatch disable \$i }\
    ;\r\
    \n/interface lte at-chat lte1 input=\"AT+CUSD=1,\\\"*121*2#\\\",15\"\r\
    \n:put \"Waiting 15 Seconds... \"\r\
    \n:delay 15s\r\
    \n/log print where message~\"CUSD:\"\r\
    \n:put \"INSTRUCTIONS: Copy text after last entry: +CUSD: 1,\"  \r\
    \n:put \"Then paste the text inside the quotes to: \"\r\
    \n:put \"http://www.unit-conversion.info/texttools/hexadecimal/#data\"\r\
    \n:put \"The number after Data: is still available, f.e. Data:266.5MB\"\r\
    \n:put \"No Data line shown means no Data left.\"\r\
    \n:delay 65s\r\
    \n:execute {:foreach i in= [ /tool netwatch find ] do={ :tool netwatch ena\
    ble \$i };}"
add comment="MUST run in New Terminal: /sys scr run IdeaData" \
    dont-require-permissions=no name=IdeaData owner=Bucky policy=read source="\
    #Disabling Netwatch so it won't disturb\r\
    \n:foreach i in= [ /tool netwatch find ] do={ :tool netwatch disable \$i }\
    ;\r\
    \n# Clearing SMS Inbox\r\
    \n/tool sms inbox remove [/tool sms inbox find]\r\
    \n# Sending USSD code *191*1#\r\
    \n/interface lte at-chat lte1 input=\"AT+CUSD=1,\\\"*191*1#\\\",15\"\r\
    \n:put \"Waiting 70 Sec for 3 SMS to arrive...\"\r\
    \n:delay 70s\r\
    \n/tool sms inbox print without-paging\r\
    \n:put \"INSTRUCTIONS: Idea has several data packages on the same SIM - Da\
    ta numbers after \\\"Bal:\\\" for all must be added up!\";\r\
    \n#Resetting to lte and then back to 3g,lte to connect as LTE again\r\
    \n/interface lte set lte1 network-mode=lte\r\
    \n:delay 15s\r\
    \n/interface lte set lte1 network-mode=3g,lte\r\
    \n:delay 20s\r\
    \n#Reenabling Netwatch\r\
    \n:execute {:foreach i in= [ /tool netwatch find ] do={ :tool netwatch ena\
    ble \$i };}\r\
    \n"
add comment="Startup Script" dont-require-permissions=no name=StartUpSimB \
    owner=Bucky policy=reboot,read,write,policy,test source=":global ProvSIMA \
    Jio\r\
    \n:global ProvSIMB Airtel\r\
    \n:global Startup 0\r\
    \n# Script checks first which SIM Slot is active, if it is\r\
    \n# \"a\" UpperSlot it will switch to \"b\" LowerSlot\r\
    \n# Then log descriptive warning\r\
    \n#At the end it will force time update and show corrected time\r\
    \n:global simSlot [/system routerboard sim get sim-slot]\r\
    \n:local datum [/system clock get date];\r\
    \n:local time [/system clock get time];\r\
    \n:log warning \"RUNNING STARTUP SCRIPT - ACTIVE SIM \$simSlot at \$time \
    \$datum\"\r\
    \n# Check which SIM slot is used\r\
    \n:if (\$simSlot=\"a\") do={\r\
    \n# If \"a\" UpperSlot, switch to \"b\" LowerSlot\r\
    \n/system routerboard sim set sim-slot=b\r\
    \n:global simSlot [/system routerboard sim get sim-slot]\r\
    \n:local BOOTtime [/system clock get time];\r\
    \n:local BOOTdatum [/system clock get date]\r\
    \n:delay 70s\r\
    \n/ip cloud force-update\r\
    \n:delay 5s\r\
    \n:global Startup Finished\r\
    \n:local time [/system clock get time];\r\
    \n:local datum [/system clock get date];\r\
    \n:global TimeUpdate (\$BOOTtime.\" > \".\$time)\r\
    \n:global DateUpdate (\$BOOTdatum.\">\".\$datum)\r\
    \n:log warning \"SWITCHED TO SIM B - \$ProvSIMB LowerSlot BY STARTUP SCRIP\
    T at \$time \$datum\"\r\
    \n:log warning \"IP-CLOUD UPDATED \$BOOTtime +75sec TO \$time + \$BOOTdatu\
    m TO \$datum\"\r\
    \n} else={\r\
    \n:log warning \"STARTUP SCRIPT FINISHED AT \$time ON \$datum - SIM B \$Pr\
    ovSIMB LowerSlot WAS ALREADY ACTIVE\"\r\
    \n:local BOOTtime [/system clock get time];\r\
    \n:local BOOTdatum [/system clock get date];\r\
    \n:delay 70s\r\
    \n/ip cloud force-update\r\
    \n:delay 5s\r\
    \n:local time [/system clock get time];\r\
    \n:local datum [/system clock get date];\r\
    \n:global TimeUpdate (\$BOOTtime.\" > \".\$time)\r\
    \n:global DateUpdate (\$BOOTdatum.\">\".\$datum)\r\
    \n:log warning \"IP-CLOUD UPDATED \$BOOTtime +75sec TO \$time + \$BOOTdatu\
    m TO \$datum\"\r\
    \n:global Startup Finished\r\
    \n}"
add dont-require-permissions=no name="Resetting Counters MTA2 #13" owner=\
    Bucky policy=read,write,policy,test,romon source="#/ip kid-control device \
    reset-counters\r\
    \n#To reset only a specific device in Kid Control, use the number  for the\
    \_device, f.e. MTA2 is 13, so this would be\r\
    \n/ip kid-control device reset-counters 13"
add comment="Resetting Mobile Connection Safely" dont-require-permissions=no \
    name="Reset Modem" owner=Bucky policy=reboot,read,write,test,romon \
    source=":foreach i in= [ /tool netwatch find ] do={ :tool netwatch disable\
    \_\$i };\r\
    \n/interface lte at-chat lte1 input=\"AT+reset\";\r\
    \n:local time [/system clock get time];\r\
    \n:log warning message=\"RESETTING MODEM BY SCRIPT AT \$time - NO SIM SWIT\
    CH\";\r\
    \n:delay 99s\r\
    \n:foreach i in= [ /tool netwatch find ] do={ :tool netwatch enable \$i }\
    \r\
    \n"
add comment="Switch to SIMA UpperSlot by Schedule at 16:30" \
    dont-require-permissions=no name=Switch2SIMA owner=Bucky policy=\
    reboot,read,write,policy,test source="# Script switches to SIM Slot A\r\
    \n# Then log descriptive warning\r\
    \n:global simSlot [/system routerboard sim get sim-slot]\r\
    \n:local time [/system clock get time];\r\
    \n# Check which SIM slot is used\r\
    \n{\r\
    \n:if (\$simSlot=\"b\") do={\r\
    \n\r\
    \n:foreach i in= [ /tool netwatch find ] do={ \r\
    \n:tool netwatch disable \$i};\r\
    \n# If \"b\" LowerSlot, switch to \"a\" UpperSlot\r\
    \n/system routerboard sim set sim-slot=a\r\
    \n:log warning \"SWITCHED TO SIM A - \$ProvSIMA BY SCRIPT at \$time\";\r\
    \n:delay 90s;\r\
    \n:foreach i in= [ /tool netwatch find ] do={ :tool netwatch enable \$i };\
    \r\
    \n} else={\r\
    \n:log warning \"SIM A \$ProvSIMA WAS ACTIVE - NO CHANGES BY SCRIPT at \$t\
    ime\";\r\
    \n}\r\
    \n}"
/tool bandwidth-server
set enabled=no
/tool graphing interface
add interface=lte1
/tool graphing queue
add simple-queue=PCQ-Queue
/tool graphing resource
add
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
/tool netwatch
add down-script=NetWatchSwitch2OtherSIMSlot host=9.9.9.9 interval=2m30s \
    timeout=2s
/tool romon
set enabled=yes id=00:00:00:00:00:06
/tool sms
set port=lte1 receive-enabled=yes
Hope this helps! :)
Top
 
User avatar
sebastia
Forum Guru
Forum Guru
Posts: 1782
Joined: Tue Oct 12, 2010 3:23 am
Location: Antwerp, BE

Re: Limiting per User Traffic with PCQ not working reliably on SXT LTE kit  [SOLVED]

Wed Jan 16, 2019 9:44 pm

I expected something with FastTrack, but it's not applicable as it's disabled. And that's a GOOD thing as simple queues won't work with it enabled.

But
* "add max-limit=4M/4M name=PCQ-Queue queue=PCQ_download/PCQ_upload target=192.168.86.0/24"
The order of limits is upload / download, it's reversed in the command, and PCQ matching won't work.

* the actual limit defined on the simple queue is: 4M/4M (up/down)
that translates to ~0.5MB/s -> 9GB download in 5h

remove the limits on queue types as it's misleading see below, it manages total pcq buffer / queue size
Last edited by sebastia on Wed Jan 16, 2019 11:31 pm, edited 1 time in total.
Top
 
Binser
newbie
Topic Author
Posts: 48
Joined: Fri Dec 28, 2018 7:50 pm

Re: Limiting per User Traffic with PCQ not working reliably on SXT LTE kit

Wed Jan 16, 2019 10:45 pm

You mean I should do it like this?
Code: Select all
/queue type
add kind=pcq name=PCQ_download pcq-burst-rate=1200k pcq-burst-threshold=650k \
    pcq-classifier=dst-address pcq-limit=100KiB pcq-rate=700k \
    pcq-total-limit=0
add kind=pcq name=PCQ_upload pcq-burst-rate=1200k pcq-burst-threshold=650k \
    pcq-classifier=src-address pcq-limit=100KiB pcq-rate=700k \
    pcq-total-limit=0
 /queue simple
add max-limit=4M/4M name=PCQ-Queue queue=PCQ_upload/PCQ_download target=\
    192.168.86.0/24
Is it correct, that if by giving target=192.168.86.0/24 I limit the traffic per USER to 700k, while if I would have omitted this, it would be per connection, so that f.e. one user with 5 connections could use up to 3500k?

What do you think about the Burst values, should I leave them in, or do they not make sense?

Thanks for your great help. :)
Top
 
User avatar
sebastia
Forum Guru
Forum Guru
Posts: 1782
Joined: Tue Oct 12, 2010 3:23 am
Location: Antwerp, BE

Re: Limiting per User Traffic with PCQ not working reliably on SXT LTE kit

Wed Jan 16, 2019 11:26 pm

You mean I should do it like this?
Consulted doc and it says:

pcq-total-limit (integer [1..4294967295]; Default: 2000) Max amount of bytes queued (in kilobytes) for all sub-streams per PCQ instance. Note that each queue tree entry has its own PCQ instance.

so set it so that you don't buffer to much (<1s) -> no buffer-bloat

I limit the traffic per USER to 700k..
You'll limit traffic per classification (pcq-rate) as configured, currently per IP, to max 700k. If omitted, the available bandwidth will be split equally over all classes (here ip's).

What do you think about the Burst values...
using bursts does make sense as it provides better quality of service
Last edited by sebastia on Wed Jan 16, 2019 11:29 pm, edited 1 time in total.
Top
 
Binser
newbie
Topic Author
Posts: 48
Joined: Fri Dec 28, 2018 7:50 pm

Re: Limiting per User Traffic with PCQ not working reliably on SXT LTE kit

Wed Jan 16, 2019 11:29 pm

Hmm, that's strange, it won't take pcq-total-limit=0 and when I leave out that line completely, then ROS puts in the numer of 2000 by itself. #confused

Edit: OK, our posts crossed - your previous post explains it.
Top
 
Binser
newbie
Topic Author
Posts: 48
Joined: Fri Dec 28, 2018 7:50 pm

Re: Limiting per User Traffic with PCQ not working reliably on SXT LTE kit

Thu Jan 17, 2019 8:50 am

There is one big question remaining:
PCQ types "PCQ_download" and "PCQ_upload" are completely identical, only the names of the queues are different.

Thus it should not matter which one of the queues are given in the Simple Queue "queue=" field - and as far as I can tell, that's the ONLY thing we changed.

So how would/should that cure my original problem of the PCQ queues working unreliably, i.e. one destination ip address (=user device) being able to have incoming traffic of ~4.5GB over about 5 hours, which should not have been possible, since I limit traffic per classification (pcq-rate) per IP to 700k he should only be able to use a maximum of around 300MB/hour = ~1.5GB for a 5 hour period?
Top
 
User avatar
sebastia
Forum Guru
Forum Guru
Posts: 1782
Joined: Tue Oct 12, 2010 3:23 am
Location: Antwerp, BE

Re: Limiting per User Traffic with PCQ not working reliably on SXT LTE kit

Thu Jan 17, 2019 11:04 am

Have a look at options applied to them: for download connections are grouped by destination ip, for upload by src ip.
Top
 
Binser
newbie
Topic Author
Posts: 48
Joined: Fri Dec 28, 2018 7:50 pm

Re: Limiting per User Traffic with PCQ not working reliably on SXT LTE kit

Thu Jan 17, 2019 3:02 pm

Aahhh yes of course, totally overlooked that point! Thanks so much!!!! :)

OK, today everyone seems to be behaving!

I will know for sure in a week or two, since most of the time my setup worked, just sometimes somebody peaked with 2 or more GB per day.
Top
 
Binser
newbie
Topic Author
Posts: 48
Joined: Fri Dec 28, 2018 7:50 pm

Re: Limiting per User Traffic with PCQ not working reliably on SXT LTE kit

Mon Jan 21, 2019 5:20 pm

Hm, very strange, I think everything is set up correctly now, but still some users are getting much more bandwidth than they should:
Code: Select all
/queue simple> /que ty p from 5    
Flags: * - default 
 0   name="PCQ_download" kind=pcq pcq-rate=700k pcq-limit=100KiB pcq-classifier=dst-address 
     pcq-total-limit=4000KiB pcq-burst-rate=800k pcq-burst-threshold=650k pcq-burst-time=5s 
     pcq-src-address-mask=32 pcq-dst-address-mask=32 pcq-src-address6-mask=128 pcq-dst-address6-mask=128 
/queue simple> p               
Flags: X - disabled, I - invalid, D - dynamic 
 0    name="PCQ-Queue" target=192.168.86.0/24 parent=none packet-marks="" priority=8/8 
      queue=PCQ_upload/PCQ_download limit-at=0/0 max-limit=4M/4M burst-limit=0/0 burst-threshold=0/0 
      burst-time=0s/0s bucket-size=0.1/0.1
See f.e. user 0 with 1926.7kbps below:
Code: Select all
/queue simple> /ip k de p stats    
Flags: X - disabled, D - dynamic, B - blocked, L - limited, I - inactive 
 #        RATE-DOWN   RATE-UP   BYTES-DOWN     BYTES-UP
 0        1926.7... 122.6kbps    1199.5MiB      53.5MiB
 1             0bps      0bps      70.6MiB      17.9MiB
 2        771.6kbps  32.9kbps     372.4MiB      22.3MiB
 3  I          0bps      0bps            0            0
 4  I          0bps      0bps      22.9MiB       5.1MiB
 5  I          0bps      0bps      13.6MiB    1935.6KiB
 6  I          0bps      0bps      21.3MiB      10.2MiB
 7          3.2kbps   4.0kbps     537.3MiB      33.1MiB
 8             0bps      0bps     206.1MiB      29.9MiB
 9  I          0bps      0bps      36.3MiB       5.5MiB
10             0bps      0bps     495.8MiB      29.9MiB
11  I          0bps      0bps     170.1MiB      17.0MiB
12  I          0bps      0bps            0            0
13        227.6kbps  15.4kbps     511.6MiB      45.7MiB
Top
 
User avatar
sebastia
Forum Guru
Forum Guru
Posts: 1782
Joined: Tue Oct 12, 2010 3:23 am
Location: Antwerp, BE

Re: Limiting per User Traffic with PCQ not working reliably on SXT LTE kit

Mon Jan 21, 2019 9:24 pm

Don't immediately see a reason. What's the ip? Is there any local traffic?
Top
Post Reply

Who is online

Users browsing this forum: Amazon [Bot], Bing [Bot], ChadRT, LdB and 136 guests
  4. RouterOS
  5. General