Bandwith control on ADSL link
I used the MikroTok / RouterOS as my gateway to the Internet. It servers as a PPPoE-client (as my ISP uses PPPoE over ASDL), a router and AP. It does the job perfectly, but with a range of different clients connected, some more "important" that other, and a relatively slow internet-connection, I want to shape and prioritize the the traffic going to and from the internet.
- ADSL is a PPPoE-interface. It's running on ether1, as ether1 is the port connected to the ADSL-modem.
- wan1 and ether3 is slaves in bridge1. They do not have any IP.
- bridge1 has 192.168.10.1/24 as it's IP and net.
- I use NAT/Masquerading to provied connectivity to all clients.
- The ADSL link-speed is: 5500/550 kbps
|Server||192.168.10.5||Depends on service, see below||Running Bittorrent, SSH (as services available on the Internet)|
|Playstation 3||192.168.10.6||3||Used for gaming, need enough bandwidth and low latency. High priority.|
|Dreambox||192.168.10.7||1||TV Set-up box. Need minimum bandwidth, but it of highest priority|
|Logitech Squeezebox||192.168.10.8||2||Music and Internet radio. Needs seldom more than 160kbps, and almost no upload. Very high priority.|
|Workstations||192.168.10.10-.50||Low, except icmp and ssh.||Typical workstation. No gaming.|
|Guests||192.168.10.100-.200||Lowest, except icmp and ssh.||Lowest priority, except from bittorrent.|
|SSH||22/tcp||High||All||Need to be responsive|
What I want to do is to shape and prioritize the traffic to get an effective Internet-connection. The goals are:
- Since the ADSL modem has a small buffer and a tendency to slow everything down when it's full, the MikroTik must never send more than 95% of the up- and download-speed of my line.
- When the Dreambox wants to talk, it will get the highest priority, regardless of bandwidth requirements.
- ICMP is the second most important. Bandwidth is low, but not specified.
- The Squeezebox needs a CIR (Committed Information Rate) - a guaranteed data rate, since it's going to stream Internet Radio.
- The Playstation 3 is also of high priority. Latency need to be low and it also needs a CIR.
- SSH is a protocol which benefits of low latency. It does not need a CIR.
- Bittorrent has the lowest priority. Only when everybody else is satisfied, Bittorrent can get in line.
- All other traffic will get a default priority.
- Both the server, the clients in the workstation-range and in the guest-range will get a CIR.
- If there is spare bandwidth, share it! So if the only client is the server, running Bittorrent, it gets 100%!
- These rules applies only to traffic going in and out of the PPPoE interface (named ADSL).
Challenge 1: Limit down- and upload speed
Since the ADSL modem has a small buffer and a tendency to slow everything down when it's full, the MikroTik must never send more than about 95% of the up- and download-speed of my line. After some bandwidth-test I figured out I had a real speed of 5660/563. Using that, I started with the challenge of limiting the data-traffic.
First of I need to mark all traffic with a name (users). All traffic is coming from the 192.168.10.0/24-network, so we use it as src-address:
/ip firewall mangle add chain=forward src-address=192.168.10.0/24 action=mark-connection new-connection-mark=users-con /ip firewall mangle add connection-mark=users-con action=mark-packet new-packet-mark=users chain=forward
Then I added 2 new PCQ types. The first, called DSL-download will group all traffic by destination address. As we will attach this queue type to the bridge1 interface, it will create a dynamic queue for each destination address (user) which is downloading to the network 192.168.10.0/24. The second type, called dsl-upload will group the traffic by source address. We will attach this queue to the ADSL interface so it will make one dynamic queue for each user who is uploading to Internet from the local network 192.168.10.0/24.
/queue type add name=DSL-download kind=pcq pcq-classifier=dst-address /queue type add name=DSL-upload kind=pcq pcq-classifier=src-address
Finally I add a queue-tree to actually limit the traffic, using 90-05% of my real up- and download speed:
/queue tree add name=Download parent=bridge1 max-limit=5300k /queue tree add parent=Download queue=DSL-download packet-mark=users /queue tree add name=Upload parent=ADSL max-limit=530k /queue tree add parent=Upload queue=DLS-upload packet-mark=users
Challenge 2: Give the dreambox highest priority of all clients
The dreambox does not need much bandwidth, but when it's needed it must get a guaranteed data rate (CIR) of high priority. After some test using torch I measured the dreambox-traffic to be around 500b TX (upload) and 1024b RX (download). The IP of the dreambox is 192.168.10.7.
First of all, we mark all the dreambox's traffic:
/ip firewall mangle add src-address=192.168.10.7/32 action=mark-connection new-connection-mark=dreambox-con chain=forward /ip firewall mangle add connection-mark=dreambox-con action=mark-packet new-packet-mark=dreambox chain=forward
Then I just set the limits. Please note that the dreambox can receive at any rate below 5000k and transmit at any rate below 100k (it does not need any more), as long as there is bandwidth. But if the link is full, the dreambox will get a guaranteed data rate of 1024b/512b:
/queue tree add name=dreambox-rx parent=Download limit-at=1024 packet-mark=dreambox max-limit=5000k priority=2 /queue tree add name=dreambox-tx parent=Upload limit-at=512 packet-mark=dreambox max-limit=100k priority=2
Challenge 3: ICMP
Note: Work in progress!
/ip firewall mangle add protocol=icmp action=mark-connection new-connection-mark=icmp-con chain=forward /ip firewall mangle add connection-mark=icmp-con action=mark-packet new-packet-mark=icmp chain=forward /queue tree add name=icmp-rx parent=Download packet-mark=icmp max-limit=5000k priority=1 /queue tree add name=icmp-tx parent=Upload packet-mark=icmp max-limit=500k priority=1