Community discussions

 
User avatar
Eugene
Forum Veteran
Forum Veteran
Topic Author
Posts: 993
Joined: Mon May 31, 2004 5:06 pm
Location: Cranfield, UK

How to limit a user to a given amount of traffic?

Sun Jul 04, 2004 5:28 pm

Many times people have asked how to shape traffic based on the amount the user has already downloaded.
Here is a small script which makes the job:
-------------------------
:local sum; :local traf;
:set sum 0
/ip firewall rule forward {
:foreach i in [find] do={:incr sum}
:for i from=1 to=$sum do={
:set traf [get [find comment=("user" . $i)]
bytes]
:set traf ($traf/1073741824)
:if ($traf>1) do={:log facility=System-Info message=("user" . $i .
" exceeded 1Gb limit!")}
}
}
-------------------------
Comments:
1)Make your own chain for accounting purposes (just don't forget to add jumps from forward chain.) In the end of this chain add return rule.

2)Make a custom action when the user reaches the limit. By default the scripts writes message to logs (use /log print without-paging command to view logs)

The original can be found in MT docs:
http://www.mikrotik.com/docs/ros/2.8/ap ... t#11.2.5.8
Last edited by Eugene on Mon Jan 10, 2005 9:49 am, edited 1 time in total.
 
fivenetwork
newbie
Posts: 45
Joined: Thu Jul 08, 2004 4:39 am

How Do we get this to work with PPPoE?

Thu Jul 08, 2004 4:58 am

Can this script work with PPPoE?? Like the OS provides a Traffic limit for HotSpot Users can this be adapted in similar fashion for PPPoE users??
 
tully
MikroTik Support
MikroTik Support
Posts: 505
Joined: Fri May 28, 2004 11:07 am

Thu Jul 08, 2004 9:37 am

With pppoe, I think you can set this based on a radius attribute. See the radius attributes that are supported for AAA in the AAA section of the manual.

John
 
User avatar
Eugene
Forum Veteran
Forum Veteran
Topic Author
Posts: 993
Joined: Mon May 31, 2004 5:06 pm
Location: Cranfield, UK

Thu Jul 08, 2004 6:23 pm

Yes, of course this script can work with PPPoE. Just make correct firewall rules that count traffic for particular PPPoE client.
 
gianluca
Member Candidate
Member Candidate
Posts: 258
Joined: Sun Aug 08, 2004 11:00 pm
Location: Italy - Spain - USA

Mon Jan 03, 2005 9:25 pm

Eugene, could you please be a bit more specific on it.

I have 50 customers woth pppoe. With 3 profiles (so that I have 3 fw rules, one each profile below ppp fw rule).

where should I put the rules for counting bytes?

I imagine that to put an identifier on each rule, I have to base the rule on the IP address of the customer. This means I have to fix the IP address of teh customer to his username on the pppoe secrets.

Am i correct?

thanks
 
gianluca
Member Candidate
Member Candidate
Posts: 258
Joined: Sun Aug 08, 2004 11:00 pm
Location: Italy - Spain - USA

Mon Jan 03, 2005 9:29 pm

just one more thing. my pppoe customers take the ip from a pool.
 
gianluca
Member Candidate
Member Candidate
Posts: 258
Joined: Sun Aug 08, 2004 11:00 pm
Location: Italy - Spain - USA

Tue Feb 01, 2005 7:45 pm

can anybody answer on how check amount of upload/dwonload traffic with radius and pppoe users?
 
User avatar
bjohns
Member Candidate
Member Candidate
Posts: 272
Joined: Sat May 29, 2004 4:11 am
Location: Sippy Downs, Australia
Contact:

Fri Feb 04, 2005 5:12 am

can anybody answer on how check amount of upload/dwonload traffic with radius and pppoe users?
afaik 'Alive' packets are sent back to the radius server with the updates. These are usually sent every 5min, but you can change that using either the MT Router or the Radius server. Otherwise the total session data will be sent with the Stop packet.

The difficult thing is enforcing the quota. Ie, a user is connected, exceeds their limit - how do you disconnect them? Currently I just disable and enable the PPPoE service every 24hrs, which is pretty dodgy. I'd like to know a more elegant solution that only affects the users in question.
 
gianluca
Member Candidate
Member Candidate
Posts: 258
Joined: Sun Aug 08, 2004 11:00 pm
Location: Italy - Spain - USA

Sun Feb 06, 2005 2:34 pm

thank for the help.

About enforcing a rule when they reach a quote, I probably run a script with a forward rule doing what you want to do, i.e. stop p2p .... or what else
 
nianderson
just joined
Posts: 11
Joined: Thu Feb 10, 2005 6:47 am

Mon Feb 14, 2005 3:52 am

can you expand a little more on this im attempting to set transfer limits so userx gets 1 GB transfer/month / week whatever. if they exceed it they get throttled to 64 K. This is my first run with mikrotik ect... so im still trying to figure out the firewall ect ...


Thanks
--
Nick Anderson
IT Technician
Sunflower Broadband

Adding features does not necessarily increase functionality -- it just
makes the manuals thicker.
 
nianderson
just joined
Posts: 11
Joined: Thu Feb 10, 2005 6:47 am

Wed Feb 16, 2005 5:37 am

So let me see if I understand this at all or if im on the right track.

first thing to do is add a chain
/ip firewall add name=accounting
then set a comment for it called userN atm i have 2 users so
/ip firewall rule accounting add comment=user2
add passthrough action to the chain accounting
/ip firewall rule accounting add action=passthrough
add a jump rule in forward to accountin
/ip firewall rule forward add jump-target=accounting
change the refferences of forward to accounting in the script provided
and add
:local sum; :local traf;
:set sum 0
/ip firewall rule accounting{
:foreach i in [find] do={:incr sum}
:for i from=1 to=$sum do={
:set traf [get [find comment=("user" . $i)]
bytes]
:set traf ($traf/1073741824)
:if ($traf>1) do={:log facility=System-Info message=("user" . $i .
" exceeded 1Gb limit!")}
}
/ip firewall rule accounting return
} 
does that look right?
Help is greatly appriciated
--
Nick Anderson
IT Technician
Sunflower Broadband

Adding features does not necessarily increase functionality -- it just
makes the manuals thicker.
 
User avatar
Eugene
Forum Veteran
Forum Veteran
Topic Author
Posts: 993
Joined: Mon May 31, 2004 5:06 pm
Location: Cranfield, UK

Wed Feb 16, 2005 1:20 pm

So let me see if I understand this at all or if im on the right track.

first thing to do is add a chain
/ip firewall add name=accounting
That's right

then set a comment for it called userN atm i have 2 users so
/ip firewall rule accounting add comment=user2
Not quite
add passthrough action to the chain accounting
/ip firewall rule accounting add action=passthrough
For each user, you need to add 1 rule with action=passthrough and comment=userN.
So, in case of two users assuming we use ip addresses to identify them:
/ip firewall rule accounting add action=passthrough comment=user1 dst-address=1.1.1.1/32
/ip firewall rule accounting add action=passthrough comment=user2 dst-address=1.1.1.2/32
[/color]

add a jump rule in forward to accounting
/ip firewall rule forward add jump-target=accounting
Just do not forget that this rule should be above all others. Also add rule with action=return to the accounting chain, in order to process general firewall rules in forward.
/ip firewall rule accounting add action=return
[/color]

change the refferences of forward to accounting in the script provided
and add
:local sum; :local traf;
:set sum 0
/ip firewall rule accounting{
:foreach i in [find] do={:incr sum}
:for i from=1 to=$sum do={
:set traf [get [find comment=("user" . $i)]
bytes]
:set traf ($traf/1073741824)
:if ($traf>1) do={:log facility=System-Info message=("user" . $i .
" exceeded 1Gb limit!")}
}
} 
Note, that return rule is added before, not from the script.

Add this script to system scheduler to do periodical checks.



does that look right?
Help is greatly appriciated
Tout individu a droit à la vie, à la liberté et à la sûreté de sa personne.
 
nianderson
just joined
Posts: 11
Joined: Thu Feb 10, 2005 6:47 am

Wed Feb 16, 2005 7:45 pm

when i do
/ip firewall rule accounting add action=passthrough comment=user1 dst-address=192.168.0.199/24
I get ERROR: destination bad
--
Nick Anderson
IT Technician
Sunflower Broadband

Adding features does not necessarily increase functionality -- it just
makes the manuals thicker.
 
cmit
Forum Guru
Forum Guru
Posts: 1552
Joined: Fri May 28, 2004 12:49 pm
Location: Germany

Wed Feb 16, 2005 9:39 pm

192.168.0.199/24 is not a valid notation. If you want to describe the single host, you have to use a /32 netmask:
192.168.0.199/32
If you meant to filter the whole class C network, you must use the network address together with the /24 subnet mask:
192.168.0.0/24
Best regards,
Christian Meis
 
nianderson
just joined
Posts: 11
Joined: Thu Feb 10, 2005 6:47 am

Wed Feb 16, 2005 9:43 pm

ahh thanks now this is how i have it setup


forward chain
[admin@MikroTik] system script> /ip firewall rule forward print
Flags: X - disabled, I - invalid, D - dynamic
 0   action=jump jump-target=accounting

 1   ;;; limit access for unauthorized hotspot clients
     in-interface=ether2 action=jump jump-target=hotspot-temp

 2   ;;; account traffic for authorized hotspot clients
     action=jump jump-target=hotspot

 3   action=accept
accounting chain
[admin@MikroTik] system script> /ip firewall rule accounting print
Flags: X - disabled, I - invalid, D - dynamic
 0   ;;; user1
     dst-address=192.168.0.195/32 action=passthrough

 1   action=return

script
[admin@MikroTik] system script> print
 0 name="account_user_traffic"
   source=":local sum; :local traf;\r\n:set sum 0\r\n/ip firewall rule
          accounting{\r\n:foreach i in [find] do={:incr sum}\r\n:for i from=1
          to=$sum do={\r\n:set traf [get [find comment=("user" . $i)]
          bytes]\r\n:set traf ($traf/1073741824)\r\n:if ($traf>1) do={:log
          facility=System-Info message=("user" . $i . " exceeded 1Gb
          limit!")}\r\n}\r\n}"
   owner="admin" policy=ftp,reboot,read,write,policy,test
   last-started=feb/16/2005 13:58:27 run-count=5
I get feb/16/2005 13:58:27 script error: no such chain when i try to run it.
--
Nick Anderson
IT Technician
Sunflower Broadband

Adding features does not necessarily increase functionality -- it just
makes the manuals thicker.
 
nianderson
just joined
Posts: 11
Joined: Thu Feb 10, 2005 6:47 am

Thu Feb 17, 2005 6:04 am

well figured out what the deal with not seeing the chain is. DONT PUT A SCRIPT IN VIA WINBOX. :) found the pico clone and entered it via cli script starts working except now it spits an error to the log script error: empty string value where some kind of specific value expected


here is my current script
:local sum; :local traf;
:set sum 0 
/ip firewall rule accounting {
  :foreach i in [find] do={:incr sum}
  :for i from=1 to=$sum do={
    :set traf [get [find comment=("user" . $i)] bytes]
    :set traf ($raf/1073741824)
    :if ($traf>1) do={:log facility=System-Info message=("Limit-exceeded")}
  }
}
--
Nick Anderson
IT Technician
Sunflower Broadband

Adding features does not necessarily increase functionality -- it just
makes the manuals thicker.
 
User avatar
Eugene
Forum Veteran
Forum Veteran
Topic Author
Posts: 993
Joined: Mon May 31, 2004 5:06 pm
Location: Cranfield, UK

Thu Feb 17, 2005 3:07 pm

It's your script:
script starts working except now it spits an error to the log script error: empty string value where some kind of specific value expected


here is my current script
:local sum; :local traf;
:set sum 0 
/ip firewall rule accounting {
  :foreach i in [find] do={:incr sum}
  :for i from=1 to=$sum do={
    :set traf [get [find comment=("user" . $i)] bytes]
    :set traf ($raf/1073741824)
    :if ($traf>1) do={:log facility=System-Info message=("Limit-exceeded")}
  }
}
There is one corrected string:
:set traf ($traf/1073741824)
Tout individu a droit à la vie, à la liberté et à la sûreté de sa personne.
 
Russ
newbie
Posts: 25
Joined: Mon May 02, 2005 11:55 pm
Location: New Zealand

Throttling with a radius server...

Tue May 03, 2005 3:41 am

So far everyone has addressed the issue of throttling using local user accounts.

Our network is in the situation where users authenticate via PPPOE, and are assigned an IP address either statically or from the routers dynamic pool, no matter where they enter the network.

The PPPOE server then talks to a freeradius server to get the appropriate attributes (static / dynamic IP, any queues that need to be applied, routes that need to be added etc). The PPPOE server is also set to send interim accounting updates every 5 minutes to let the radius server know how much data a user has used.

To make this work with a radius server either a script would need to run on the mikrotik PPPOE server (where the queue is applied) to check the value of the data usage on the radius server and set the queue appropriately, or a script would have to run on the radius server and somehow tell the mikrotik router to alter the queue if the user had gone over their allocated data cap.

We can not check the amount of data on the local mikrotik box, as users may come into the network from different entry points through different PPPOE servers. The mikrotik router would also loose all accounting information if it was rebooted.

I notice in 2.9 there is a feature where you can specify an incoming raidus server. Does anyone have any information on how this works? What it does?

Alternatively does anyone have a working solution for this?
 
cmit
Forum Guru
Forum Guru
Posts: 1552
Joined: Fri May 28, 2004 12:49 pm
Location: Germany

Tue May 03, 2005 9:34 am

The "radius incoming" features is to let a RADIUS server actively disconnect PPP(oE) sessions without using SSH scripts on the RADIUS server or the like. See here for example: http://forum.mikrotik.com/viewtopic.php?t=1480

Regarding your question of changing queues: I suppose the only way will be to run a script on the RADIUS server that connects to the appropriate PPPoE server (MikroTik) via SSH and then switches queues for the active user. Have never tried this, though...
Best regards,
Christian Meis
 
marko1101
newbie
Posts: 25
Joined: Sun Jul 11, 2004 9:33 pm

Sun Aug 07, 2005 2:35 pm

I try stop traffic and inform user buy mail:

my script:

:local sum; :local traf;
:set sum 0
/ip firewall rule example {
:foreach i in [find] do={:incr sum}
:for i from=1 to=$sum do={
:set traf [get [find comment=("user" . $i)] bytes]
:set traf ($traf/1073741824)
:if ($traf>0) do={ /ip firewall rule forward add src-address=1.1.1.1/32 action=reject
/tool e-mail send to=example@example.com subject="Limit-exceeded"}
}
}

but, I run this script from scheduler , interval is 5s , and when user reach traffic limit , scheduler make rule and send mail on 5s , nonstop.

Is there any way to stop scheduler when user reach traffic limit , something like /system scheduler disable 0 ?

and is there way to put "ip firewall forward rule" on ie. position 10 , something like... put-on=10 or put-position=10 ...

any idea ?

Thanks
 
User avatar
Eugene
Forum Veteran
Forum Veteran
Topic Author
Posts: 993
Joined: Mon May 31, 2004 5:06 pm
Location: Cranfield, UK

Mon Aug 08, 2005 12:18 pm

To put a firewall rule before another one, add place-before=[/ip firewall filter find comment="aaa"] parameter. (Of course, there should be a rule with
comment=aaa already added to the firewall filter).

To stop the scheduler:
/system scheduler disable [find]
8)
Tout individu a droit à la vie, à la liberté et à la sûreté de sa personne.
 
marko1101
newbie
Posts: 25
Joined: Sun Jul 11, 2004 9:33 pm

Mon Aug 08, 2005 4:11 pm

I resolve stop scheduler , but for position of rule ... I put rule in chain of accounting (one chain for one user , easy to reset when reach limit), because rule in accounting chain is passthrough , new rule stop traffic even on the end of the chain , (work for me)

now I put, place-before=[/ip firewall rule user1 find comment="aaa"] , works, thanks

script:

:local sum; :local traf;
:set sum 0
/ip firewall rule user1 {
:foreach i in [find] do={:incr sum}
:for i from=1 to=$sum do={
:set traf [get [find comment=("user" . $i)] bytes]
:set traf ($traf/1073741824)
:if ($traf>0) do={ /ip firewall rule user1 add action=reject place-before=[/ip firewall rule user1 find comment="aaa"]
/tool e-mail send to=user1@example.com subject="Limit-exceeded"}
}
}


this is the script for reach limit , but ... can you tell me, how make script for send mail on every 24h to user with amount of traffic at this moment, ... something like ,

scheduler with sorce: /tool e-mail send to=user1@example.com subject="You spend ([get [find comment=("user" . $i)] bytes]/1024) KB till now."

But, in accounting chain user1, I have 2 rule comment=user1(for Upload) and comment=user2 (for Download) , main script start whatever rule reach 1gb , and stop traffic and send mail , that is ok for reach limit...

Now I want make script to send info about traffic on both rule (upload and download) (comment=user1 and comment=user2) to user on every 24h

can you help ?

Thanks again.
 
User avatar
Eugene
Forum Veteran
Forum Veteran
Topic Author
Posts: 993
Joined: Mon May 31, 2004 5:06 pm
Location: Cranfield, UK

Mon Aug 08, 2005 4:22 pm

:local sum; :local traf;
:local limit
:set sum 0
:set traf 0
:set limit 5
/ip firewall rule user1 {
:foreach i in [find] do={:incr sum}
:for i from=1 to=$sum do={
:set traf ([get [find comment=("user" . $i)] bytes] + $traf)
}
:set traf ($traf/1073741824)
:set limit ($limit-$traf)
/tool e-mail send to=user1@example.com subject="You spend $traf GB. Beware! only $limit GB left :)"
} 
Tout individu a droit à la vie, à la liberté et à la sûreté de sa personne.
 
marko1101
newbie
Posts: 25
Joined: Sun Jul 11, 2004 9:33 pm

Mon Aug 08, 2005 4:45 pm

message from log : script error: invalid expression
 
User avatar
Eugene
Forum Veteran
Forum Veteran
Topic Author
Posts: 993
Joined: Mon May 31, 2004 5:06 pm
Location: Cranfield, UK

Mon Aug 08, 2005 5:34 pm

:local sum; :local traf;
:local limit
:set sum 0
:set traf 0
:set limit 5
/ip firewall rule user1 {
:foreach i in [find] do={:incr sum}
:for i from=1 to=$sum do={
:set traf ([get [find comment=("user" . $i)] bytes] + $traf)
}}
:set traf ($traf/1073741824)
:set limit ($limit - $traf)
/tool e-mail send to=user1@example.com subject="You spend $traf GB. Beware! only $limit GB left :)"
1) There should be spaces surrounding minus sign.
2) Outer loop closed before sending e-mail (to avoid duplicates).
Tout individu a droit à la vie, à la liberté et à la sûreté de sa personne.
 
marko1101
newbie
Posts: 25
Joined: Sun Jul 11, 2004 9:33 pm

Mon Aug 08, 2005 8:18 pm

I recived in log: invalid argument name , somethin about $traf and $limit in ...

/tool e-mail send to=user1@example.com subject="You spend $traf GB. Beware! only $limit GB left :)"

when I delete all in subject except $traf ,
/tool e-mail send to=user1@example.com subject=$traf , ...

mail recived with 0 in subject , all same with only $limit mail recived with 5 , every time. when send mail,

probably from here:

:set traf 0
:set limit 5
 
User avatar
Eugene
Forum Veteran
Forum Veteran
Topic Author
Posts: 993
Joined: Mon May 31, 2004 5:06 pm
Location: Cranfield, UK

Tue Aug 09, 2005 3:56 pm

This one tested and works:
:local sum; :local traf; :local limit; 
:set sum 0; :set traf 0; :set limit 5; 
/ip firewall rule user1 {:foreach i in [find] do={:incr sum}; :for i from=1 to=$sum do={:set traf ([get [find comment=("user" . $i)] bytes] + $traf)};}; :set traf ($traf/1073741824); :set limit ($limit - $traf); /tool e-mail send to=psi@mikrotik.com subject=("You spend " . $traf . " GB. Beware! only " . $limit . "GB left :)");
Tout individu a droit à la vie, à la liberté et à la sûreté de sa personne.
 
marko1101
newbie
Posts: 25
Joined: Sun Jul 11, 2004 9:33 pm

Wed Aug 10, 2005 12:26 am

Yes work,

but send message only for GB , maybe I make some mistake with rule,

never mind , it's help me to make my script , and the script do exactly what I want , thanks

but , there is another problem, and it's seems big , .... when mikrotik is off or restart or corrupt .... , rule reset to 0 ... and accounting start from 0, :(

till now I have no that problem , to reset ruter, because some error, but ... life is long , :)

is there some solution for that ?

Thanks again
 
User avatar
Eugene
Forum Veteran
Forum Veteran
Topic Author
Posts: 993
Joined: Mon May 31, 2004 5:06 pm
Location: Cranfield, UK

Wed Aug 10, 2005 11:39 am

Only remote accounting. Or you can restart router only on the 1st day of month :)

BTW, the router is pretty stable so having a good UPS should give you loooong uptime :D

Or make a script to save/restore values do disk.
Tout individu a droit à la vie, à la liberté et à la sûreté de sa personne.
 
marko1101
newbie
Posts: 25
Joined: Sun Jul 11, 2004 9:33 pm

Wed Aug 10, 2005 1:10 pm

Or make a script to save/restore values do disk.
that's will be good, but, can script, save (ie.) all data in some rule (ie.) user1 , and restore when ruter startup, I think hotspot do that ... ?

I prefer script opposite hotspot , if is posible to script do that ?
 
User avatar
Eugene
Forum Veteran
Forum Veteran
Topic Author
Posts: 993
Joined: Mon May 31, 2004 5:06 pm
Location: Cranfield, UK

Wed Aug 10, 2005 2:53 pm

One way to save variable values is to create /ppp secret entries with comments. But IMHO you need to switch ro remote accounting/management like RADIUS.
Tout individu a droit à la vie, à la liberté et à la sûreté de sa personne.
 
marko1101
newbie
Posts: 25
Joined: Sun Jul 11, 2004 9:33 pm

Tue Aug 16, 2005 2:16 pm

solution is ups , for now , ...

do you have idea how do this: ....

Can script, (make or disable) rule in MT through 2 or 3 or X ... MT (mikrotik)?

internet <---> MT1 <---> MT2 <----> MT3 <--- client

script for internet traffic accouting are on MT1 ,
I wish , make new deny or disable present allowe rule in firewall on MT3 to stop all traffic through network for client who connect on MT3 , but from information of traffic on MT1 for that client.

do this on MT1 is done for internet traffic , but is there any solution to do this on MT3 , when client reach limit accounting on MT1 ?

something like this :/ip firewall rule forward disable (ie.) 10 ... , but , script on MT1 to make this on MT3 , or script on Mt3 read data of traffic on MT1.

any idea ?
 
User avatar
Eugene
Forum Veteran
Forum Veteran
Topic Author
Posts: 993
Joined: Mon May 31, 2004 5:06 pm
Location: Cranfield, UK

Tue Aug 16, 2005 4:34 pm

I know some bizarre ways to achieve this with mt scripting, but you should really think about a dedicated server or a complete network redesign if you need such things.

Eugene
Tout individu a droit à la vie, à la liberté et à la sûreté de sa personne.
 
ponline
newbie
Posts: 49
Joined: Tue Sep 28, 2004 9:19 pm

Mon Nov 21, 2005 11:33 pm

Why do we count bytes on the firewall , when every queue has the statistics of rx and tx bytes, and total-bytes????

Can this be achieved in an simplier way by reading the total-bytes of the queues?????

Let's say I give my clients 256k/128k connections, but if they make 200Mb of transfer during the day they speed will be limited at 64k/64k.

The counters should be reseted every day at lets say 00:00 oclock via the scheduler. (/que simple reset-counters)

And there should be one script which will run every 5 minutes or so to check the bytes of every queue and set max-limit=64000/64000 if the total-bytes of the queue are >= 200MB

Is this possible or am i missing something??
 
User avatar
Eugene
Forum Veteran
Forum Veteran
Topic Author
Posts: 993
Joined: Mon May 31, 2004 5:06 pm
Location: Cranfield, UK

Tue Nov 22, 2005 4:51 pm

Yes, it's possible. Although I'd recommend using queues with bursts for this task. Just imagine: no scripting needed at all :wink:
Tout individu a droit à la vie, à la liberté et à la sûreté de sa personne.
 
ponline
newbie
Posts: 49
Joined: Tue Sep 28, 2004 9:19 pm

Wed Nov 23, 2005 1:57 am

The burts will give another meaning, sure it will help them not using the maximum of the allowed speed for a long time but what I need is limited amount of download until they speed cuts down.
Let them feel thay have a high speed connection, but prevent them downloding too much.

Since this is doable, and i never done scripts , i tried it a little but i cant make it work for this job, can someone help me with a simple script that scans all the simple queues for a 'total-bytes' amount, and if the total-bytes is equal or biger than 200MB then max-limit the queue at 64k/64k.
I would appriciate that,
Thanks

Urim.
 
User avatar
Eugene
Forum Veteran
Forum Veteran
Topic Author
Posts: 993
Joined: Mon May 31, 2004 5:06 pm
Location: Cranfield, UK

Thu Nov 24, 2005 2:13 pm

Well, bursts do exactly that. They will prevent users from downloading big amounts of data in the same time permitting high speed low volume traffic.
Tout individu a droit à la vie, à la liberté et à la sûreté de sa personne.
 
ponline
newbie
Posts: 49
Joined: Tue Sep 28, 2004 9:19 pm

Fri Nov 25, 2005 5:11 pm

Well,ok since you insist.
But still im interested doing that with reading total-bytes of the queues.
Any help would be appreciated.


P.S
This is like a FAP(Fair Access Policy) like some satelite providers give. They give you 512kb speed, but if you dowload 500 mb during the day, your speed will be capped to 128kb, and countinuing to lower your speed as your transfer amount increases.
 
User avatar
Eugene
Forum Veteran
Forum Veteran
Topic Author
Posts: 993
Joined: Mon May 31, 2004 5:06 pm
Location: Cranfield, UK

Mon Nov 28, 2005 10:32 am

Queue:
/queue simple add target-addresses=<address of host you want to limit> name="user1"
Script:
:local sum; :local traf;
:set sum 0
/queue simple{
  :foreach i in [find] do={:incr sum}
  :for i from=1 to=$sum do={
    :set traf [get [find name=("user" . $i)] total-bytes]
    :set traf ($traf/1073741824)
    :if ($traf>1) do={
      :log facility=System-Info message=("user" . $i . " exceeded 1Gb limit!");
      set [find name=("user" . $i)] max-limit=64000
    }
  }
}
Tout individu a droit à la vie, à la liberté et à la sûreté de sa personne.
 
marko1101
newbie
Posts: 25
Joined: Sun Jul 11, 2004 9:33 pm

Mon Nov 28, 2005 12:44 pm

problem with reset accouting , after reboot , power lost ... is resolve in 2.9.8 ... or not ?
 
ponline
newbie
Posts: 49
Joined: Tue Sep 28, 2004 9:19 pm

Mon Nov 28, 2005 6:31 pm

Now I know where my problem was, i think i was trying to do smth imposible, I was trying to make it work without changing the names of queues and i was lost.
All my queues have the names of my clients on it, and not something like user1...userN so they can be read from the function 'FOR i=1 to N'

So i gues the only solution is to change the queue names in a format user1...userN, is it?

Thanks for the script.
 
User avatar
Eugene
Forum Veteran
Forum Veteran
Topic Author
Posts: 993
Joined: Mon May 31, 2004 5:06 pm
Location: Cranfield, UK

Tue Nov 29, 2005 12:06 pm

Or search by ip address, or by part of the name instead of the whole name.
Tout individu a droit à la vie, à la liberté et à la sûreté de sa personne.
 
ponline
newbie
Posts: 49
Joined: Tue Sep 28, 2004 9:19 pm

Sun Dec 04, 2005 7:07 pm

This script searches simple queues by their target-addresses , and change their maximum-limit, if the total-bytes are > 100Mb.
:local traf;
/queue simple 
:for i from=10 to= 200 do =  {
:set traf [get [find target-addresses=("192.168.1." . $i)] total-bytes] 
:if ($traf  > 104857600) do = {
set [find target-addresses=("192.168.1." . $i)] max-limit= 64000/64000
}
}
This scripts is tested and working.
BUT, there must exist every single ip adress form 192.168.1.10 to 192.168.1.200. If one is missing the scripts stops on that position.

I want to search all this subnet from 192.168.1.10 - to - 192.168.1.200 but i am missing some ip adresses in a not organised way.
Can it be fixed to ignore the error where it can't find the given queue, and contnoue to the next one ?
 
User avatar
Eugene
Forum Veteran
Forum Veteran
Topic Author
Posts: 993
Joined: Mon May 31, 2004 5:06 pm
Location: Cranfield, UK

Tue Dec 06, 2005 4:00 pm

Use :if statement to check for the existance of the ip address prior to setting the parameters.
Tout individu a droit à la vie, à la liberté et à la sûreté de sa personne.
 
ponline
newbie
Posts: 49
Joined: Tue Sep 28, 2004 9:19 pm

Tue Dec 06, 2005 5:56 pm

And how is the right syntax to do that?
Sorry for bothering you, but i don't know where to read for finding the right syntax to acomplish that.
Thanks.
 
User avatar
Eugene
Forum Veteran
Forum Veteran
Topic Author
Posts: 993
Joined: Mon May 31, 2004 5:06 pm
Location: Cranfield, UK

Tue Dec 06, 2005 8:46 pm

 :if ([/queue simple find target-addresses=("192.168.1." . $i)] != "") do={
  :set traf [get [find target-addresses=("192.168.1." . $i)] total-bytes]
  :if ($traf  > 104857600) do = {
    set [find target-addresses=("192.168.1." . $i)] max-limit= 64000/64000
  } 
}
You can read more about scripting at http://www.mikrotik.com/docs/ros/2.9/system/scripting :roll:
Tout individu a droit à la vie, à la liberté et à la sûreté de sa personne.
 
ponline
newbie
Posts: 49
Joined: Tue Sep 28, 2004 9:19 pm

Wed Dec 07, 2005 2:29 am

Thank you very much,
Now I can give the service i wanted to offer.
I have users that never spend 100 mb daily but need the good speed,
And i have users that would download the whole internet in a day if they could.
This way 'easy' users will have good speed for browsing , chatting with camera, and some small downloads.
And the 'bandwidth hungry' users will suffer slower speeds after they cross their 100MB during the day. But, thats not that bad , users can download during the night hours 1am-10am when i disable this script and give greater speads, cose the network is slightly used.

For the others information here is the complete script that is tested and works.
:local traf; 
/queue simple 
:for i from=1 to= 254 do =  { 
:if ([/queue simple find target-addresses=("192.168.1." . $i)] != "") do={ 
:set traf [get [find target-addresses=("192.168.1." . $i)] total-bytes] 
:if ($traf  > 104857600) do = { 
set [find target-addresses=("192.168.1." . $i)] max-limit= 32000/64000 
} 
} 
}


This script will check all the simple queues shearching their target adresses and will search a whole 192.168.1.0/24 subnet.
It will read their total-bytes (recieved + transmited) and will check them if they crosed a limit of 100 MB ( 104857600 bytes)
If they did , they will be limited to lower speed (64k/64k)

You can change the subnet, the limit, and the lower speed acording to your needs.

It shoud be added a scheduler that will run this script every 5 minutes or so.
Another scheduler to reset counters daily " /que simple reset-counters".
 
cmit
Forum Guru
Forum Guru
Posts: 1552
Joined: Fri May 28, 2004 12:49 pm
Location: Germany

Wed Dec 07, 2005 11:28 am

Would be nice if you added this to the Wiki... ;)

Christian
 
pedja
Long time Member
Long time Member
Posts: 684
Joined: Sat Feb 26, 2005 5:37 am

Thu Dec 08, 2005 3:21 pm

Great script. Is it possible to expand it in a way to allow different limits for different groups of clients? Is it possible to use some marks in comments instead of IP adresses to find out which limitations to enforce?
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 23904
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Thu Dec 08, 2005 3:22 pm

eugene already added it, but it would be nice if some of you forum members also added something to the wiki from time to time ... :)

Who is online

Users browsing this forum: No registered users and 6 guests