Page 1 of 1

Packet mangling and traffic control

Posted: Thu Sep 29, 2005 7:06 pm
by Testingpepe
Ok, this is the problem......I want to divide my 2Mbps in two groups, one whit 1,5Mbps and the other whit 512Kbps. Im trying to use packet mangling and the queue trees.....for the group of 1,5Mbps y have a big list of simple queues to asignate ah specific bandwidth to each client. I make the groups and I still see traffic of 1.9Mbps....WHY??? If I said in the queue trees that they only have 1472Kbps????

The configuration is:

In queue tree:
Flags: X - disabled, I - invalid, D - dynamic
0 name="Lobos-Downstream" parent=ether1 flow=loboscli limit-at=1472000 queue=default priority=8 max-limit=1472000
burst-limit=0 burst-threshold=0 burst-time=0

1 name="Lobos-Upstream" parent=ether1 flow=loboscli limit-at=1472000 queue=default priority=8 max-limit=1472000
burst-limit=0 burst-threshold=0 burst-time=0

and in the firewall mangle:
Flags: X - disabled, I - invalid, D - dynamic
0 src-address= action=passthrough mark-connection=lobos

1 src-address= action=passthrough mark-connection=lobos

2 src-address= action=passthrough mark-connection=lobos

3 connection=lobos action=accept mark-flow=loboscli

and have 85 simple queues for the clients on this 3 networks......the simple queue works fine but the queue tree dont do the work......PLEASE HELP!!


Posted: Thu Sep 29, 2005 8:51 pm
by andrewluck
The queues need to be applied to the router interface that the traffic is leaving from.

You have both inbound and outbound applied to ether1. At least one should be apllied to a different interface.



Posted: Thu Sep 29, 2005 9:04 pm
by Testingpepe
I try it but still having the same problem

Posted: Fri Sep 30, 2005 1:26 am
by Borage
Here you can see how I have done to limit edonkey traffic in a wireless link. According to your settings, the same NIC is set i.e. ether1. You are limiting in only one direction.

[admin@MikroTik] > queue tree print
Flags: X - disabled, I - invalid
0 name="queue1" parent=wlan1 packet-mark=ed2k limit-at=100000 queue=default
priority=8 max-limit=1000000 burst-limit=0 burst-threshold=0

1 name="queue2" parent=ether1 packet-mark=ed2k limit-at=100000 queue=default
priority=8 max-limit=10000000 burst-limit=0 burst-threshold=0

Posted: Fri Sep 30, 2005 2:54 am
by icommunity
A lot of questions about this were asked in this forum. I also have this problem, and after a while I think NAT is the reason why mangling and queue tree don't work hand-in-hand. Do you use NAT?

While mangling happens at the interface the traffic is COMING to the router, Queue Tree happens at the interface the traffic is LEAVING the router. My understanding is, although you successfully mangle the traffic (at the incoming interface), but if there's NAT in between, you won't be able to shape that traffic using Queue Tree (at the outgoing interface) since the mangled traffic flow/connection doesn't exist any more as mangled, because the header of the packets have been changed by NAT. Can any one confirm if this is correct?

If the above is true, questions:

1. Does torching the WAN & LAN interfaces still show the exact Destionation-IP and Source-IP relations when NAT is used? IF yes, then Mangling & Queue Tree cannot be used to shape traffic if NAT is used, because you cannot shape the traffic that you mangled before since it was changed by NAT, correct?

2. Does this case also apply to Masquerade in the same way as to NAT?

Any one can help clarify this?


Posted: Fri Sep 30, 2005 3:05 pm
by larmaid
yup this case is very often....and i think this poblem will continues...!

its still the mistery for mt man...! :?:

Posted: Fri Sep 30, 2005 6:38 pm
by Borage
Regarding the nat problem, I've set up a Mikrotik router in my home with a wireless link connected to my Netgear WGT624 broadband router. I configured the routing table in the router and I tried to portforward to the network I assigned to the Mikrotik router, but the Netgear router is stupid, it's not possible to do that to another network than the one assigned to the LAN interface in this Netgear router. What a sick puppy, that forced me to do a double nat i.e. one in the Netgear router and one in the Mikrotik router. I issued the rules found on page 393 in the manual to limit p2p traffic, and it actually works for me in this configuration with nat activated in both routers.