Hi

I'm still wet behind the ears when it comes to configuring MT.

I have setup an AP and have clients connected. I want to setup a configuration where each clients gets equal bandwidth to the local network and a maximum upload/download (eg 10K/40K) to the Internet.

Local network is setup as 10.0.0.0/8 (wireless community) and the AP has a subnet 10.20.58.96/27 for clients.

I also want (if possible) to monitor traffic per client a) to/from local network b) to internet and c) from Internet

How does one go about this... any help is MUCH appreciated.

You have two opportunities,

1) to create 'queue simple' entry for each client like,
'queue simple add target-address=10.0.0.1/32 max-limit=10k/40k",

then use built-in graphing to monitor each queue,
http://www.mikrotik.com/testdocs/ros/2. ... aphing.php

2) either you may use PCQ queue for every user, one rule for every user, but then graphing is not available,
http://wiki.mikrotik.com/wiki/PCQ_Examples

Wouldn't I need 2 simple queues per client (one for local traffic and the other for internet?)

Also, I was wondering how CPU comsuming this would be..

So.. if

the AP has a subnet 10.20.58.96/27 for clients

and my first client got 10.20.58.99 as his IP and the local network is 10.0.0.0/8 then.... what would be the first set of queues for the first client?

It seems to me.. and I might be a bit slow on the uptake here... that a rule as described would limit everything (not just internet traffic) to 10k/40k.

Also, does this approach allow for dynamic bandwidth shaping as in: one client on the AP->total bandwidth (at least for local traffic), two clients->total bandwidth/2..etc?

You do not need two queues, one queue is enough to limit up/down traffic.

It is also possible to create setup with dynamic bandwidth, but then monitoring options via graphing or SNMP will not be available.

Don't I need a queue to balance local traffic as well? Otherwise don't I run the risk of a stronger signalled client (closer or with a better antenna than the other clients) hogging all the bandwidth?

And how do I incorporate a destination address set into the queue (internet) which would be my quoal after all?

Equal bandwidth towards the local network and a capped (small download and smaller upload) internet connection?

Just trying to get the best solution up and running...

Hi Vagan,

Welcome to the wonderful workd of Mikrotik where we are all probably still wet behind the ears with Mikrotik. I have been using it for 18 months and still consider myself a newbie....

anyway. Your issue on local traffic and internet traffic.

If you think it through you will ask yourself how do I know which is local traffic and which is internet traffic?

The MT doesnt know either until you identify the different types of traffic. That is what Mangle Rules are. You find them in IP> FIREWALL> MANGLE

These will become your best friend.

So you need to mark traffic using mangle rules for each destination of local and internet and then apply queue rules to that.

good Luck, and dont forget to read about mangle in the manual.

Rgds
Alex

Ok. This is something I had tried previously. I just wasn't sure whether I needed to go with mangle and two, four or whatever PCQ queues, or set multiple mangle rules per client and try shape traffic there (PCQ I read had the added advantage of dynamically shaping available traffic [when some option was set to 0]).

So, to have monitor options, I would need to set mangle rules (three or two? - one for in/out of local traffic and two? for in/out of internet traffic). I had actually set up rules to mark traffic as local when dest was 10.0.0.0/8 and internet when !10.0.0.0/8.

My problem is whether I need to set a mangle to mark packets or connections (what are the differences) and what the simplest way to is to enforce this policy. Again, using my hypothetical client IP 10.20.58.99

What are the steps to enforce a 1Mb up/down for local traffic and a 8K/20K up/down limit to internet?

In your wiki example to have different bandwidths for local and internet you mark both connections and packets... are both needed and why? (you also first mark both all connections and all packets.. again.. why is this needed?

I tried to adapt this example to my situation but I wasn't sure of the results because address list for local was 10.0.0.0/8 and client IP was also within that list (10.20.58.99).

There hasn't been a lack of trying but instead a lack of knowing whether a particular solution a) worked and b) was the appropriate one.

Folks,

What Vagan wants is to shape both for local traffic and internet traffic. So that means, he needs two Rules of Queueing.
Vagan, you could try Queue Tree, make two different rules @ Firewall Mangle to separate the traffic between local and Internet.

Hope it will helps ..



- Rio.Martin -
Ym: riomartinz

I'll give it a try ..thank you

Yep, what you need to do is think about where the traffic starts and stops. Thats first.

So lets use this:

192.168.0.0/24 is your clients
192.168.1./024 is your servers
then you have your internet connection, lets say, 1meg / 1meg is the connection rate

if you want your clients to get say, 3 meg to your servers, you have to define that, both directions.

so, if traffic comes from 192.168.1.x and is going to 192.168.0.x, then its internal
also, if you traffic comes from 192.168.0.x and is going to 192.168.1.x then it is also internal

Another rule to define your internet traffic would be

If traffic is coming from 192.168.1.x and is NOT going to 192.168.0.x, this is internet
if traffic is NOT coming from 192.168.0.x and is going to 192.168.1.x then it is internet

So now you have defined your network traffic. The two types, now create rules based on that. Mange your internal traffic first. If it does not match, then is passes on to the internet traffic rules (since you have only two, you can just say everything ELSE is internet traffic) something that is done quite often.

Something else you might wish to put in (cause if you are in a bridge this can happen), is to define client to client communications.. so, if traffic comes from 192.168.1.x and is going to a 192.168.1.x network, its internal, same difference the other way around.

Now, you have your mange rules, and you can mark your connections or packets however you wish.

Now, to track that, put it in a simple queue, set it to allow packets with the packet mark of internal ot 3meg both ways.
Then add another that say else and set it to 1meg.

Now you can't use PCQ if you want both rules, I don't like using PCQ even though I know quite a few people that do use them. Let us know of we can be more of a help!

hello.
please may you paste the rules on how to do that?

If you're going to supply an example, could you please also show how to setup different upload/download ratios (seeing as most internet connection nowdays have a restricted upload rate).

Also, I'm not sure on whether you need to mark packets, connections or both. Your post does not state which is needed (for mangle).

Also, when putting these marked packets in a queue, am I restricting to a 3meg internal and a 1meg external TOTAL traffic rate or a 3meg/1meg per client rate? (the second is what I am after).

Can you monitor for traffic rates and total traffic on a user basis with this setup (also what I'm after)?

Any chance of getting an example...please?