I have a bunch of internal vlans (one per client in a serviced office) that need to be restricted to say max limit of 5/5mbps each vlan on a 20/20mbps fibre line. They rarely go over.
I was having a go at marking the traffic per vlan
then using PCQ in simple queue to control the limits.
It seems to work, but I am not sure this is right way to do it so would like some comments.
the problem area maybe the voip that is going to be on Vlan 99 which needs priority but rarely uses much bandwidth and should never hit 5mbps anyway. I planned to make this priority 1 while all the other queues are priority 8.
anyway here is an abridged copy and paste so you get the idea of where I am going with it. maybe there is a better approach.
Code: Select all
/ip firewall mangle> print
0 chain=prerouting action=mark-connection new-connection-mark=VLAN_20_conn passthrough=yes in-interface=VLAN_20
1 chain=postrouting action=mark-connection new-connection-mark=VLAN_20_conn passthrough=yes out-interface=VLAN_20
2 chain=prerouting action=mark-packet new-packet-mark=VLAN_20_Mark passthrough=yes connection-mark=VLAN_20_conn
3 chain=postrouting action=mark-packet new-packet-mark=VLAN_20_Mark passthrough=yes connection-mark=VLAN_20_conn
4 chain=prerouting action=mark-connection new-connection-mark=VLAN_30_conn passthrough=yes in-interface=VLAN_30
5 chain=postrouting action=mark-connection new-connection-mark=VLAN_30_conn passthrough=yes out-interface=VLAN_30
6 chain=prerouting action=mark-packet new-packet-mark=VLAN_30_Mark passthrough=yes connection-mark=VLAN_30_conn
7 chain=postrouting action=mark-packet new-packet-mark=VLAN_30_Mark passthrough=yes connection-mark=VLAN_30_conn
Code: Select all
32 chain=prerouting action=mark-connection new-connection-mark=VLAN_99_conn passthrough=yes in-interface=VLAN_99
33 chain=postrouting action=mark-connection new-connection-mark=VLAN_99_conn passthrough=yes out-interface=VLAN_99
34 chain=prerouting action=mark-packet new-packet-mark=VLAN_99_Mark passthrough=yes connection-mark=VLAN_99_conn
35 chain=postrouting action=mark-packet new-packet-mark=VLAN_99_Mark passthrough=yes connection-mark=VLAN_99_conn
Code: Select all
/queue type
5 name="PCQ_5M_Download" kind=pcq pcq-rate=5M pcq-limit=50 pcq-classifier=src-address pcq-total-limit=20000000
pcq-burst-rate=0 pcq-burst-threshold=0 pcq-burst-time=10s pcq-src-address-mask=0 pcq-dst-address-mask=0
pcq-src-address6-mask=64 pcq-dst-address6-mask=64
6 name="PCQ_5M_Upload" kind=pcq pcq-rate=5M pcq-limit=50 pcq-classifier=dst-address pcq-total-limit=20000000 pcq-burst-rate=0
pcq-burst-threshold=0 pcq-burst-time=10s pcq-src-address-mask=0 pcq-dst-address-mask=0 pcq-src-address6-mask=64
pcq-dst-address6-mask=64
Code: Select all
/queue simple
0 name="TOTAL_Q1" target="" parent=none packet-marks="" priority=8/8 queue=default/default limit-at=0/0 max-limit=20M/20M
burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s
1 name="VLAN_20" target="" parent=TOTAL_Q1 packet-marks=VLAN_20_Mark priority=8/8 queue=PCQ_5M_Upload/PCQ_5M_Download
limit-at=0/0 max-limit=0/0 burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s
2 name="VLAN_30" target="" parent=TOTAL_Q1 packet-marks=VLAN_30_Mark priority=8/8 queue=PCQ_5M_Upload/PCQ_5M_Download
limit-at=0/0 max-limit=0/0 burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s
Code: Select all
9 name="VLAN_99" target="" parent=TOTAL_Q1 packet-marks=VLAN_99_Mark priority=1/1 queue=PCQ_5M_Upload/PCQ_5M_Download
limit-at=0/0 max-limit=0/0 burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s