Different limits for Local/Overseas traffic for 3 bandwitch rates using pcq and queue tree

From MikroTik Wiki
Jump to: navigation, search

1. Introduction

Let's consider the scenario where you want to apply different limits for many users to Local and Overseas traffic and don`t want to load cpu with a lot of simple queues and want sell 3 different bandwidth rates.

12/6 Mbps Latvian Traffic 1Mbps/512Kbps Overseas traffic
6/3 Mbps Latvian Traffic 512kbps/256Kbps Overseas traffic
4/2 Mbps Latvian Traffic 256Kbps/128Kbps Overseas traffic

We will limit the data rate for the Local country traffic and Overseas traffic using Queue Trees. In this scenario, the local country is Latvia. A list of all Latvian subnets is located at http://www.nic.lv/local.net.

2. Configuration

/ ip firewall address-list
add list=12/6 address=192.168.0.2 comment="12/6mbps Local traffic 1mbps/512kbps overseas"
add list=6/3 address=192.168.0.3 comment="6/3mbps Local traffic 512kbps/256kbps overseas"
add list=4/2 address=192.168.0.4 comment="4/2mbps Local traffic 256kbps/128kbps overseas"
add list=Latvia address=159.148.0.0/16
add list=Latvia address=193.41.195.0/24
add list=Latvia address=193.41.33.0/24
add list=Latvia address=193.41.45.0/24
add list=Latvia address=193.68.64.0/19
add list=Latvia address=193.108.29.0/24
add list=Latvia address=193.108.144.0/22
add list=Latvia address=193.108.185.0/24
/ ip firewall mangle
add chain=forward action=mark-packet new-packet-mark=LV_DL_6M passthrough=yes \
    in-interface=public src-address-list=latvia comment="Default mangle for \
    Latvia Download"
add chain=forward action=mark-packet new-packet-mark=LV_UL_3M passthrough=yes \
    in-interface=local dst-address-list=latvia comment="Default mangle for \
    Latvia Upload"
add chain=forward action=mark-packet new-packet-mark=OS_DL_512k \
    passthrough=yes in-interface=public src-address-list=!latvia \
    comment="Default mangle for Oversea Download"
add chain=forward action=mark-packet new-packet-mark=OS_UL_256k \
    passthrough=yes in-interface=local dst-address-list=!latvia \
    comment="Default mangle for Oversea Upload"
add chain=forward action=mark-packet new-packet-mark=LV_DL_12M passthrough=no \
    in-interface=public src-address-list=latvia dst-address-list=12/6 \
    comment="Tarif 12/6 Latvia Download"
add chain=forward action=mark-packet new-packet-mark=LV_UL_6M passthrough=no \
    in-interface=local src-address-list=12/6 dst-address-list=latvia \
    comment="Tarif 12/6 Latvia Upload"
add chain=forward action=mark-packet new-packet-mark=OS_DL_1M passthrough=no \
    in-interface=public src-address-list=!latvia dst-address-list=12/6 \
    comment="Tarif 12/6 Oversea Download"
add chain=forward action=mark-packet new-packet-mark=OS_UL_512k passthrough=no \
    in-interface=local src-address-list=12/6 dst-address-list=!latvia \
    comment="Tarif 12/6 Oversea Upload"
add chain=forward action=mark-packet new-packet-mark=LV_DL_4M passthrough=no \
    in-interface=public src-address-list=latvia dst-address-list=4/2 \
    comment="Tarif 4/2 Latvia Download"
add chain=forward action=mark-packet new-packet-mark=LV_UL_2M passthrough=no \
    in-interface=local src-address-list=4/2 dst-address-list=latvia \
    comment="Tarif 4/2 Latvia Upload"
add chain=forward action=mark-packet new-packet-mark=OS_DL_256k passthrough=no \
    in-interface=public src-address-list=!latvia dst-address-list=4/2 \
    comment="Tarif 4/2 Oversea Download"
add chain=forward action=mark-packet new-packet-mark=OS_UL_128k passthrough=no \
    in-interface=local src-address-list=4/2 dst-address-list=!latvia \
    comment="Tarif 4/2 Oversea Upload"
/ queue type
add name="LV_DL_12M" kind=pcq pcq-rate=12000000 pcq-classifier=dst-address
add name="LV_DL_6M" kind=pcq pcq-rate=6000000 pcq-classifier=dst-address
add name="LV_DL_4M" kind=pcq pcq-rate=4000000 pcq-classifier=dst-address
add name="LV_UL_6M" kind=pcq pcq-rate=6000000 pcq-classifier=src-address
add name="LV_UL_3M" kind=pcq pcq-rate=3000000 pcq-classifier=src-address
add name="LV_UL_2M" kind=pcq pcq-rate=2000000 pcq-classifier=src-address
add name="OS_DL_1M" kind=pcq pcq-rate=1000000 pcq-classifier=dst-address
add name="OS_DL_512k" kind=pcq pcq-rate=512000 pcq-classifier=dst-address
add name="OS_DL_256k" kind=pcq pcq-rate=256000 pcq-classifier=dst-address
add name="OS_UL_512k" kind=pcq pcq-rate=512000 pcq-classifier=src-address
add name="OS_UL_256k" kind=pcq pcq-rate=256000 pcq-classifier=src-address
add name="OS_UL_128k" kind=pcq pcq-rate=128000 pcq-classifier=src-address
/ queue tree
add name="LV_DL_12M" parent=local packet-mark=LV_DL_12M queue=LV_DL_12M
add name="LV_DL_6M" parent=local packet-mark=LV_DL_6M queue=LV_DL_6M
add name="LV_UL_2M" parent=public packet-mark=LV_UL_2M queue=LV_UL_2M
add name="LV_DL_4M" parent=local packet-mark=LV_DL_4M queue=LV_DL_4M
add name="LV_UL_3M" parent=public packet-mark=LV_UL_3M queue=LV_UL_3M
add name="LV_UL_6M" parent=public packet-mark=LV_UL_6M queue=LV_UL_6M
add name="OS_DL_1M" parent=local packet-mark=OS_DL_1M queue=OS_DL_1M
add name="OS_DL_256k" parent=local packet-mark=OS_DL_256k queue=OS_DL_256k
add name="OS_DL_512k" parent=local packet-mark=OS_DL_512k queue=OS_DL_512k
add name="OS_UL_128k" parent=public packet-mark=OS_UL_128k queue=OS_UL_128k
add name="OS_UL_256k" parent=public packet-mark=OS_UL_256k queue=OS_UL_256k
add name="OS_UL_512k" parent=public packet-mark=OS_UL_512k queue=OS_UL_512k


3. Explanation

In /ip firewall address-list we created 3 lists for bandwidth profiles and a list named Latvia for Latvian subnets. In /ip firewall mangle we created address-list-based packet marks for use with bandwidth profiles. All IPs which are not included in any address list will fall through to secondary bandwidth profile rates. In /queue types we created pcq types for bandwidth profiles. In /queue tree we created rules with Local/Overseas packet marks and queue types for bandwidth profiles.

Now, a customer with an IP of 192.168.0.2 will have 1 profile rate, a customer with an IP 192.168.0.3 will have 2 profile rates, a client with IP 192.168.0.4 have 3 profile rates, and all others will have 2 bandwidth rates; so all traffic will be limited and your cpu power will be free for other tasks.

Important note

This setup will work correctly if local network is not masqueraded. If masquerade is used then the parent for all upload queues must be 'global-out' instead of 'public'. The reason for this is that the pcq_upload classifier is source address. In case of masquerading, the source address is changed to public IP address. If a queue is set to 'public', interface pcq will think that all packets are coming from one source ( public IP ). PCQ must see the source address before masquerading occurs; according to the packet flow diagram from the manual, 'global-out' is before 'src-nat'.