After many months of struggling with Mikrotik and asking lots of questions and reading lots of documentation, I would like to share my configuration with the world. I want to do this for two reasons. One, to give back a little to the community, and maybe help someone else down the road.
Two, because I bet there is a mistake or two in my config, and I bet there are some experts out there who could audit it and make it better with suggestions and more examples.
For those of you out there reading this because of reason one, but became worried because of reason two, continue reading; although I'm a little unsure about my config, it does seem to work! (On version 2.9.23 anyway.)
My Mikrotik lives in a 10.x.x.x network behind a Cisco PIX 525 firewall, so it does not need to provide any firewalling or routing services. Queue Tree seems to be easier when used with routing. When simply bridging, like my example, Queue Tree is a little more difficult. Once I learned that you had to mark the connection first, then the packet, it all came together. I'm sure there is room for improvement, and I hope somebody who is smarter than I can suggest some corrections.
My MT box is at 10.0.0.32, and I have 40 class C's behind it. I have chosen to only apply Queue Trees to three of those classes so far. I am attempting to limit the entire input (download) into the network to 8 megabits, and the output to 2 megabits (upload). The three Class C's that are limited are children to ether1 (up) and ether2 (down).
P2P is marked and very heavily queued at 64k/64k.
I hope this helps somebody, and I hope that I get some suggestions/corrections in return.
Code: Select all
[admin@MikroTik] ip firewall mangle> print Flags: X - disabled, I - invalid, D - dynamic 0 ;;; Mark 20.x Traffic for Queueing chain=forward src-address=10.0.20.0/24 action=mark-connection new-connection-mark=MarsHill-conn passthrough=yes 1 chain=forward connection-mark=MarsHill-conn action=mark-packet new-packet-mark=MarsHill-flow passthrough=yes 2 ;;; Mark 20.x P2P Traffic for Queueing chain=forward src-address=10.0.20.0/24 p2p=all-p2p action=mark-connection new-connection-mark=MarsHill-p2p-conn passthrough=yes 3 chain=forward connection-mark=MarsHill-p2p-conn action=mark-packet new-packet-mark=MarsHill-p2p-flow passthrough=yes 4 ;;; Mark Winbox Traffic for Prioritization chain=prerouting dst-address=10.0.0.32 dst-port=8291 action=mark-connection new-connection-mark=Winbox-conn passthrough=yes 5 chain=prerouting connection-mark=Winbox-conn action=mark-packet new-packet-mark=Winbox-flow passthrough=yes 6 ;;; Mark 0.x Traffic for Queueing chain=forward src-address=10.0.0.0/24 action=mark-connection new-connection-mark=PresqueIsle-conn passthrough=yes 7 chain=forward connection-mark=PresqueIsle-conn action=mark-packet new-packet-mark=PresqueIsle-flow passthrough=yes 8 ;;; Mark 0.x P2P Traffic for Queueing chain=forward src-address=10.0.0.0/24 p2p=all-p2p action=mark-connection new-connection-mark=PresqueIsle-p2p-conn passthrough=yes 9 chain=forward connection-mark=PresqueIsle-p2p-conn action=mark-packet new-packet-mark=PresqueIsle-p2p-flow passthrough=yes 10 ;;; Mark 23.x Traffic for Queueing chain=prerouting src-address=10.0.23.0/24 action=mark-connection new-connection-mark=McGillan-conn passthrough=yes 11 chain=prerouting connection-mark=McGillan-conn action=mark-packet new-packet-mark=McGillan-flow passthrough=yes 12 ;;; Mark 23.x P2P Traffic for Queueing chain=prerouting src-address=10.0.23.0/24 p2p=all-p2p action=mark-connection new-connection-mark=McGillan-p2p-conn passthrough=yes 13 chain=prerouting connection-mark=McGillan-p2p-conn action=mark-packet new-packet-mark=McGillan-p2p-flow passthrough=yes [admin@MikroTik] /queue tree print Flags: X - disabled, I - invalid 0 name="Wireless-Downlink" parent=ether2 packet-mark="" limit-at=0 queue=pcq-down priority=1 max-limit=8388608 burst-limit=0 burst-threshold=0 burst-time=0s 1 name="Wireless-Uplink" parent=ether1 packet-mark="" limit-at=0 queue=pcq-up priority=1 max-limit=2097152 burst-limit=0 burst-threshold=0 burst-time=0s 2 name="MarsHill-Downlink" parent=Wireless-Downlink packet-mark=MarsHill-flow limit-at=1048576 queue=pcq-down priority=4 max-limit=2621440 burst-limit=0 burst-threshold=0 burst-time=0s 3 name="MarsHill-Uplink" parent=Wireless-Uplink packet-mark=MarsHill-flow limit-at=524288 queue=pcq-up priority=8 max-limit=1048576 burst-limit=0 burst-threshold=0 burst-time=0s 4 name="MarsHill-Uplink-p2p" parent=MarsHill-Uplink packet-mark=MarsHill-p2p-flow limit-at=0 queue=pcq-up priority=8 max-limit=64000 burst-limit=0 burst-threshold=0 burst-time=0s 5 name="MarsHill-Downlink-p2p" parent=MarsHill-Downlink packet-mark=MarsHill-p2p-flow limit-at=0 queue=pcq-down priority=8 max-limit=64000 burst-limit=0 burst-threshold=0 burst-time=0s 6 name="PresqueIsle-Downlink" parent=Wireless-Downlink packet-mark=PresqueIsle-flow limit-at=1048576 queue=pcq-down priority=1 max-limit=2621440 burst-limit=0 burst-threshold=0 burst-time=0s 7 name="PresqueIsle-Downlink-p2p" parent=PresqueIsle-Downlink packet-mark=PresqueIsle-p2p-flow limit-at=1000 queue=pcq-down priority=8 max-limit=64000 burst-limit=0 burst-threshold=0 burst-time=0s 8 name="PresqueIsle-Uplink" parent=Wireless-Uplink packet-mark=PresqueIsle-flow limit-at=524288 queue=pcq-up priority=1 max-limit=1048576 burst-limit=0 burst-threshold=0 burst-time=0s 9 name="PresqueIsle-Uplink-p2p" parent=PresqueIsle-Uplink packet-mark=PresqueIsle-p2p-flow limit-at=1000 queue=pcq-up priority=8 max-limit=64000 burst-limit=0 burst-threshold=0 burst-time=0s 10 name="McGillan-Downlink" parent=Wireless-Downlink packet-mark=McGillan-flow limit-at=1048576 queue=pcq-down priority=1 max-limit=2621440 burst-limit=0 burst-threshold=0 burst-time=0s 11 name="McGillan-Downlink-p2p" parent=McGillan-Downlink packet-mark=McGillan-p2p-flow limit-at=0 queue=pcq-down priority=8 max-limit=64000 burst-limit=0 burst-threshold=0 burst-time=0s 12 name="McGillan-Uplink" parent=Wireless-Uplink packet-mark=McGillan-flow limit-at=52488 queue=pcq-up priority=1 max-limit=1048576 burst-limit=0 burst-threshold=0 burst-time=0s 13 name="McGillan-Uplink-p2p" parent=McGillan-Uplink packet-mark=McGillan-p2p-flow limit-at=0 queue=pcq-up priority=8 max-limit=64000 burst-limit=0 burst-threshold=0 burst-time=0s [Admin@MikroTik] /queue type print 0 name="default" kind=pfifo pfifo-limit=50 1 name="ethernet-default" kind=pfifo pfifo-limit=50 2 name="wireless-default" kind=sfq sfq-perturb=5 sfq-allot=1514 3 name="synchronous-default" kind=red red-limit=60 red-min-threshold=10 red-max-threshold=50 red-burst=20 red-avg-packet=1000 4 name="hotspot-default" kind=sfq sfq-perturb=5 sfq-allot=1514 5 name="pcq-down" kind=pcq pcq-rate=0 pcq-limit=50 pcq-classifier=dst-address pcq-total-limit=2000 6 name="pcq-up" kind=pcq pcq-rate=0 pcq-limit=50 pcq-classifier=src-address pcq-total-limit=2000 7 name="red" kind=red red-limit=60 red-min-threshold=10 red-max-threshold=50 red-burst=20 red-avg-packet=1000 8 name="pfifo" kind=pfifo pfifo-limit=10 9 name="default-small" kind=pfifo pfifo-limit=10