Community discussions

MikroTik App
 
JoostJansen
just joined
Topic Author
Posts: 5
Joined: Thu Jun 02, 2022 3:34 pm

Managing local bandwith doesn't work

Wed Aug 10, 2022 2:14 pm

Hello all,

I use a Mikrotik Hap ac3 version 6.49.6
With version 7 I can't get fully working connection
I have the external part working and I can manage the up/down-load to the internet very well.
But as soon as someone up or download something from my NAS while connected to the local wired network, all other traffic goes splat.
I used the TKSJa tutorial video 13 and 14 on youtube and that part works fine but the extra rules I put in it won't detect the local traffic.
I hope someone can help me with this problem.

Here are the mangle rules and the queue tree rules I use.
/queue tree
add max-limit=1G name="all Bandbreete" parent=global priority=1
add max-limit=1G name=download packet-mark=client-download-paket parent="all Bandbreete" priority=2
add max-limit=1G name=upload packet-mark=client-upload-paket parent="all Bandbreete" priority=2
add max-limit=1G name=http-download packet-mark=http-download-paket parent=download priority=3 queue=pcq-download-default
add max-limit=1G name=netwerk-download1 packet-mark=netwerk-verplaatsing-down-paket parent=download priority=5 queue=pcq-download-default
add max-limit=1G name=netwerk-download2 packet-mark=netwerk-verplaatsing-down-paket-2 parent=download priority=5 queue=pcq-download-default
add max-limit=1G name=other-down packet-mark=other-download-packet parent=download queue=pcq-download-default
add max-limit=1G name=http-upload packet-mark=http-upload-packet parent=upload priority=3 queue=pcq-upload-default
add max-limit=1G name=netwerk-upload1 packet-mark=netwerk-verplaatsing-up-paket parent=upload priority=5 queue=pcq-upload-default
add max-limit=1G name=netwerk-upload2 packet-mark=netwerk-verplaatsing-up-paket2 parent=upload priority=5 queue=pcq-upload-default
add max-limit=1G name=other-up packet-mark=other-upload-packet parent=upload queue=pcq-upload-default

/ip firewall mangle
add action=mark-connection chain=forward comment="client download connection" in-interface=vlan-internet new-connection-mark=client-download-connection passthrough=yes
add action=mark-connection chain=prerouting comment=client-upload-connection in-interface=local-bridge new-connection-mark=client-upload-connection passthrough=yes
add action=mark-packet chain=forward comment=client-download-paket connection-mark=client-download-connection new-packet-mark=client-download-paket passthrough=yes
add action=mark-packet chain=prerouting comment=client-upload-paket connection-mark=client-upload-connection new-packet-mark=client-upload-paket passthrough=yes
add action=mark-packet chain=forward comment=http-download-paket new-packet-mark=http-download-paket packet-mark=client-download-paket passthrough=no port=80,443 protocol=tcp
add action=mark-packet chain=forward comment=http-upload-packet new-packet-mark=http-upload-packet packet-mark=client-upload-paket passthrough=no port=80,443 protocol=tcp
add action=mark-packet chain=forward comment=netwerk-verplaatsing-down-paket new-packet-mark=netwerk-verplaatsing-down-paket packet-mark=client-download-paket passthrough=no port=135,136,137,138,139,445 protocol=udp
add action=mark-packet chain=forward comment=netwerk-verplaatsing-up-paket new-packet-mark=netwerk-verplaatsing-up-paket packet-mark=client-upload-paket passthrough=no port=135,136,137,138,139,445 protocol=udp
add action=mark-packet chain=forward comment=netwerk-verplaatsing-up-paket2 new-packet-mark=netwerk-verplaatsing-up-paket2 packet-mark=client-upload-paket passthrough=no port=135,136,137,138,139,445 protocol=tcp
add action=mark-packet chain=forward comment=netwerk-verplaatsing-down-paket-2 new-packet-mark=netwerk-verplaatsing-down-paket-2 packet-mark=client-download-paket passthrough=no port=135,136,137,138,139,445 protocol=tcp
add action=mark-packet chain=forward comment=other-download-packet new-packet-mark=other-download-packet packet-mark=client-download-paket passthrough=no
add action=mark-packet chain=forward comment=other-upload-packet connection-mark=client-upload-connection new-packet-mark=other-upload-packet passthrough=no
 
JoostJansen
just joined
Topic Author
Posts: 5
Joined: Thu Jun 02, 2022 3:34 pm

Re: Managing local bandwith doesn't work

Thu Aug 11, 2022 1:13 pm

Is there no one that can help me with the right way to prevent 1 data transfer connection on my own network to block all other data transfer?
 
User avatar
jvanhambelgium
Forum Veteran
Forum Veteran
Posts: 985
Joined: Thu Jul 14, 2016 9:29 pm
Location: Belgium

Re: Managing local bandwith doesn't work

Thu Aug 11, 2022 1:20 pm

Please show how these local devices are connected ?
In what port is the NAS cabled, where is the rest (=client that you want to limit) cabled?
 
JoostJansen
just joined
Topic Author
Posts: 5
Joined: Thu Jun 02, 2022 3:34 pm

Re: Managing local bandwith doesn't work

Thu Aug 11, 2022 5:06 pm

Basic setup for a home network:
Hap ac3
port 1: connection to internet
port 2: my main computer
port 3: NAS lan port 1 at x.x.x.251
port 4: to hub port 1
port 5: PiHole DNS x.x.x.254

Hub with 8 connections
port 1: to Hap ac3 port 4
port 2: Television
port 3: Satbox (sometimes I stream from it to my main computer) x.x.x.253
port 4: NAS lan port 2 at x.x.x.252
port 5-8: laptop, windows, linux and or apple computers

in a normal situation I don't need to limit any traffic but when I am streaming from my satbox, any file transfer between my NAS and or any other computer in my network, the traffic load between the computers/NAS is so high, I will lose the stream (http) from my satbox or my TV looses the connection to youtube/HBO-max or any other streaming provider.
All computers and/or wifi connections use the same DHCP server so the users can play some games with each other.
But only when any computer on my network does a file transfer to the NAS or a shared folder on a computer and it is a big file (200mb+) all games/streams go down.
All I want is a way to limit local data transfer so everyone can use the network at the same time.
But I can not find the packet type used for the data transfer nor do I see what port is using up the bandwidth even if I use my own computer and have only NAS port 1 connected

if you need the entire config file from my mikrotik let me know and I will put it here
 
User avatar
k6ccc
Forum Guru
Forum Guru
Posts: 1490
Joined: Fri May 13, 2016 12:01 am
Location: Glendora, CA, USA (near Los Angeles)
Contact:

Re: Managing local bandwith doesn't work

Thu Aug 11, 2022 6:03 pm

You refer to it as an 8 port hub. Is it really a hub or is it a switch?
If a large file transfer is going on between the NAS on port 4 of the hub to a computer on another port of the same hub, there is not a damn thing that the router can do about it - because the traffic is not going through the router at all. If your "hub" is really a hub and not a switch, that is your problem. Replace it with a switch.
 
JoostJansen
just joined
Topic Author
Posts: 5
Joined: Thu Jun 02, 2022 3:34 pm

Re: Managing local bandwith doesn't work

Thu Aug 11, 2022 7:44 pm

I refer to it as a hub but it is a Sitecom ln121 8 port switch.
But I keep having the same problem even if I remove the LAN 2 port connection from my NAS.
Also the same problem occurs when 1 computer has a shared folder and someone up/download some big files to that folder.
 
User avatar
CZFan
Forum Guru
Forum Guru
Posts: 2098
Joined: Sun Oct 09, 2016 8:25 pm
Location: South Africa, Krugersdorp (Home town of Brad Binder)
Contact:

Re: Managing local bandwith doesn't work

Thu Aug 11, 2022 8:24 pm

without seeing full config / connection diagram, it is difficult to suggest any fixes. As mentioned already, data transfers in local network should not go via the router and should not affect the transfer.

There is possible 3 reasons why local traffic will cause limitations via the router:
1, Separate subnets
2. Vlans (With separate subnets)
3. Hardware offload is disabled on router bridge config

For home use, get rid of the vlans / separate subnets, etc, and place all internal devices in the same layer 2 network, then place connection limits between lan devices and internet. Then any traffic to / from NAS will go via switch and never reach the router, and you should get full capacity
 
JoostJansen
just joined
Topic Author
Posts: 5
Joined: Thu Jun 02, 2022 3:34 pm

Re: Managing local bandwith doesn't work

Thu Aug 11, 2022 9:54 pm

Now I understand.
A local stream from my satbox to my computer doesn't count as manageable data.
Also data between the NAS and / or computers doesn't go through the router so it can't be managed.
The only data that can be managed is from inside my network to internet and the other way around.

But if I am wrong here is my config file.
# aug/10/2022 10:33:36 by RouterOS 6.49.6
# software id = xxxxxxxxxxxx
#
# model = RBD53iG-5HacD2HnD
# serial number = xxxxxxxxx
/interface bridge
add name=local-bridge
/interface vlan
add comment="without this-> no internet" interface=ether1 name=vlan-internet vlan-id=300
/interface list
add name=local-list-bridge
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=X1
add authentication-types=wpa2-psk comment=N0-Adds! eap-methods="" mode=dynamic-keys name=my-WiFi_PW supplicant-identity="" wpa2-pre-shared-key=N0-Adds!
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-Ce country=no_country_set disabled=no frequency=auto mode=ap-bridge security-profile=my-WiFi_PW ssid=PiHole1
set [ find default-name=wlan2 ] band=5ghz-a/n/ac channel-width=20/40/80mhz-Ceee country=no_country_set disabled=no frequency=auto mode=ap-bridge security-profile=my-WiFi_PW ssid=PiHole2
/ip pool
add name=local-dhcp_pool ranges=192.168.124.100-192.168.124.199
/ip dhcp-server
add address-pool=local-dhcp_pool disabled=no interface=local-bridge name=local-DHCP-server
/queue tree
add max-limit=1G name="all Bandbreete" parent=global priority=1
add max-limit=1G name=download packet-mark=client-download-paket parent="all Bandbreete" priority=2
add max-limit=1G name=upload packet-mark=client-upload-paket parent="all Bandbreete" priority=2
add max-limit=1G name=http-download packet-mark=http-download-paket parent=download priority=3 queue=pcq-download-default
add max-limit=1G name=netwerk-download1 packet-mark=netwerk-verplaatsing-down-paket parent=download priority=5 queue=pcq-download-default
add max-limit=1G name=netwerk-download2 packet-mark=netwerk-verplaatsing-down-paket-2 parent=download priority=5 queue=pcq-download-default
add max-limit=1G name=other-down packet-mark=other-download-packet parent=download queue=pcq-download-default
add max-limit=1G name=http-upload packet-mark=http-upload-packet parent=upload priority=3 queue=pcq-upload-default
add max-limit=1G name=netwerk-upload1 packet-mark=netwerk-verplaatsing-up-paket parent=upload priority=5 queue=pcq-upload-default
add max-limit=1G name=netwerk-upload2 packet-mark=netwerk-verplaatsing-up-paket2 parent=upload priority=5 queue=pcq-upload-default
add max-limit=1G name=other-up packet-mark=other-upload-packet parent=upload queue=pcq-upload-default
/tool user-manager customer
set admin access=own-routers,own-users,own-profiles,own-limits,config-payment-gw
/interface bridge port
add bridge=local-bridge interface=ether2
add bridge=local-bridge interface=ether3
add bridge=local-bridge interface=ether4
add bridge=local-bridge interface=ether5
add bridge=local-bridge interface=wlan1
add bridge=local-bridge interface=wlan2
/ip neighbor discovery-settings
set discover-interface-list=local-list-bridge
/interface list member
add interface=local-bridge list=local-list-bridge
/ip address
add address=192.168.124.1/24 comment=gateway interface=local-bridge network=192.168.124.0
/ip cloud
set update-time=no
/ip dhcp-client
add disabled=no interface=vlan-internet
/ip dhcp-server network
add address=192.168.124.0/24 dns-server=192.168.124.254 gateway=192.168.124.1
/ip firewall filter
add action=accept chain=input connection-state=established,related
add action=drop chain=input connection-state=invalid
add action=accept chain=forward connection-state=established,related
add action=drop chain=forward connection-state=invalid
add action=drop chain=forward comment="Bescherm local tegen internet" connection-nat-state=dstnat connection-state=new in-interface=vlan-internet
/ip firewall mangle
add action=mark-connection chain=forward comment="client download connection" in-interface=vlan-internet new-connection-mark=client-download-connection passthrough=yes
add action=mark-connection chain=prerouting comment=client-upload-connection in-interface=local-bridge new-connection-mark=client-upload-connection passthrough=yes
add action=mark-packet chain=forward comment=client-download-paket connection-mark=client-download-connection new-packet-mark=client-download-paket passthrough=yes
add action=mark-packet chain=prerouting comment=client-upload-paket connection-mark=client-upload-connection new-packet-mark=client-upload-paket passthrough=yes
add action=mark-packet chain=forward comment=http-download-paket new-packet-mark=http-download-paket packet-mark=client-download-paket passthrough=no port=80,443 protocol=tcp
add action=mark-packet chain=forward comment=http-upload-packet new-packet-mark=http-upload-packet packet-mark=client-upload-paket passthrough=no port=80,443 protocol=tcp
add action=mark-packet chain=forward comment=netwerk-verplaatsing-down-paket new-packet-mark=netwerk-verplaatsing-down-paket packet-mark=client-download-paket passthrough=no port=135,136,137,138,139,445 protocol=udp
add action=mark-packet chain=forward comment=netwerk-verplaatsing-up-paket new-packet-mark=netwerk-verplaatsing-up-paket packet-mark=client-upload-paket passthrough=no port=135,136,137,138,139,445 protocol=udp
add action=mark-packet chain=forward comment=netwerk-verplaatsing-up-paket2 new-packet-mark=netwerk-verplaatsing-up-paket2 packet-mark=client-upload-paket passthrough=no port=135,136,137,138,139,445 protocol=tcp
add action=mark-packet chain=forward comment=netwerk-verplaatsing-down-paket-2 new-packet-mark=netwerk-verplaatsing-down-paket-2 packet-mark=client-download-paket passthrough=no port=135,136,137,138,139,445 protocol=tcp
add action=mark-packet chain=forward comment=other-download-packet new-packet-mark=other-download-packet packet-mark=client-download-paket passthrough=no
add action=mark-packet chain=forward comment=other-upload-packet connection-mark=client-upload-connection new-packet-mark=other-upload-packet passthrough=no
/ip firewall nat
add action=masquerade chain=srcnat out-interface=vlan-internet
add action=redirect chain=dstnat disabled=yes dst-port=80 protocol=tcp src-address=192.168.124.0/24 to-ports=8080
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www address=192.168.124.0/24
set ssh disabled=yes
set api disabled=yes
set winbox address=192.168.124.0/24
set api-ssl disabled=yes
/ip ssh
set strong-crypto=yes
/ip upnp
set enabled=yes
/ip upnp interfaces
add interface=local-bridge type=internal
/system clock
set time-zone-name=Europe/Amsterdam
/system identity
set name="Hap AC3"
/tool mac-server
set allowed-interface-list=local-list-bridge
/tool mac-server mac-winbox
set allowed-interface-list=local-list-bridge
/tool user-manager database
set db-path=user-manager
 
User avatar
CZFan
Forum Guru
Forum Guru
Posts: 2098
Joined: Sun Oct 09, 2016 8:25 pm
Location: South Africa, Krugersdorp (Home town of Brad Binder)
Contact:

Re: Managing local bandwith doesn't work

Fri Aug 12, 2022 7:33 pm

You should review the conn/pkt mark and queue tree config, you typically use the "leaving" interface for this, i.e. outgoing traffic on the internet facing interface for upload traffic limits, and outgoing traffic leaving the "bridge" interface towards LAN devices for download traffic

Who is online

Users browsing this forum: adimihaix, Bing [Bot], coreshock, Railander, sted and 69 guests