I have a HAP AC2 router with ISP theoretical max. speed= 500Mbps down, 22 Mbps up. The WAN interface is called "ether1-UPC". The LAN part uses all remaining ports in a bridge called "bridge".
I wanted to create a queue tree that:
* limits ssh connection download speed to 10M
* ensures higher priority for ssh connections for all servers
* except for a backup server (e.g. 111.11.111.11, real IP is hidden here) - that should have low priority
Here are my mangle rules:
/ip firewall mangle
add action=mark-connection chain=prerouting comment="SSH connection" dst-port=22,2222 new-connection-mark=ssh_con protocol=tcp
add action=mark-connection chain=prerouting comment="SSH connection" new-connection-mark=ssh_con protocol=tcp src-port=22,2222
add action=mark-connection chain=prerouting comment="backup connection" new-connection-mark=backup_con src-address=111.11.111.11
add action=mark-connection chain=prerouting comment="backup connection" dst-address=111.11.111.11 new-connection-mark=backup_con
add action=mark-packet chain=forward comment="backup packet" connection-mark=backup_con new-packet-mark=backup
add action=mark-packet chain=forward comment="SSH packet" connection-mark=ssh_con new-packet-mark=ssh
/queue tree
add max-limit=10M name=local_out parent=bridge
add comment="SSH 10k guaranteed, high priority" limit-at=10k max-limit=1024M name=ssh_to_bridge packet-mark=ssh parent=local_out \
priority=4
add comment="Backup server SSH, low priority" max-limit=1024M name=backup_to_bridge packet-mark=backup parent=local_out
head -c 4G </dev/urandom > www.dat # www server
head -c 4G </dev/urandom > backup.dat # backup server
scp root@backup:/root/backup.dat .
Same thing happens with www:
scp root@www:/root/www.dat .
If I start both of them at the same time, then actually the backup connection is sometimes faster than the www connection.
But the ssh_to_bridge queue has higher priority (4) than backup_to_bridge (8). Even if I change priority to ssh_to_bridge to 1, there is almost no difference in the speeds. Probably I do not understand how queue trees work, but I'm not sure what I'm doing wrong.