Syed Jahanzaib Personal Blog to Share Knowledge !

February 29, 2016

[LAB] QOS Management in Mikrotik – Bandwidth Pools for Group of Users

Filed under: Mikrotik Related — Tags: , , , — Syed Jahanzaib / Pinochio~:) @ 4:48 PM

As required by an Operator:

We are using Mikrotik Routerboard in lab environment, and have total 384kbps of internet bandwidth from the ISP.

Hotspot with User manager is already configured and working. (no static/dynamic queues are configured)


 

Requirements:

We want to distribute bandwidth as follows.

Group A = 192.168.10.1-192.168.10.255
Total Bandwidth Pool for Group A = 128 kb
Per User Allowed = 64 kb and xxx kb (but overall all users must not exceed the parent queue that is 128 kb)

Group B = 192.168.20.1-192.168.20.255
Total Bandwidth Pool for Group B = 256 kb
Per User Allowed = 64 k and 128 k  for different profile users (but overall all users must not exceed the parent queue that is 256 kb)

This way Group A should get per user bandwidth from the parent queue 128 kb all the time but overall all users must not exceed the parent queue that is 128 kb

and the Group B users should get 128 k per user from the parent queue 256 kb all the time but overall all users must not exceed the parent queue that is 256 kb

 

This is also a way to give guaranteed bandwidth to group of people. example you have 10mb of link, and want to provide dedicated 5 mb to a single or group of users, and rest of 5 mb to common subscriber. (I am talking in kbs because in lab i have smaller amount of bandwidth, and its easier to do repeated tests in smaller links)


Pseudo Code:

  1. Mark connections and then packets from the specific IP Pool
  2. Create PCQ queue in Queue Type (for per user classification)
  3. Create Bandwidth pool for Groups in Queue Tree (Parent)
  4. Create per user queue in parent groups for per user distribution for marked packets.

 


 

1- Mark connections from the specific IP Pool

For this guide, I am using my local pc’s for demonstration purposes. but you can use groups as showed above.

PC#1, Laptop PC,
PC#2, Zaib PC,
PC#3, Temporarily PC

/ip firewall mangle

add action=mark-connection chain=prerouting comment="LAPTOP pc marking connection" new-connection-mark=laptop_pc_conn src-address=101.11.16.159
add action=mark-packet chain=prerouting comment="LAPTOP pc marking packets" connection-mark=laptop_pc_conn new-packet-mark=laptop_pc_pkts

add action=mark-connection chain=prerouting comment="zaib pc marking connection" new-connection-mark=zaib_pc_conn src-address=101.11.11.161
add action=mark-packet chain=prerouting comment="zaib PC Marking Packets" connection-mark=zaib_pc_conn new-packet-mark=zaib_pc_packets

add action=mark-connection chain=prerouting comment="VM PC marking CONNECTIONS" new-connection-mark=TEMP_pc_conn src-address=101.11.14.19
add action=mark-packet chain=prerouting comment="VM PC Marking Packets" connection-mark=TEMP_pc_conn new-packet-mark=temp_pc_packets

 


 

2- Create PCQ queue in Queue Type (for per user classification)

/queue type
add kind=pcq name=64k-per-user pcq-classifier=dst-address pcq-dst-address6-mask=64 pcq-rate=65536 pcq-src-address6-mask=64
add kind=pcq name=128k-per-user pcq-classifier=dst-address pcq-dst-address6-mask=64 pcq-rate=131072 pcq-src-address6-mask=64

 



3- Create Parent queues

/queue tree
add disabled=yes max-limit=256k name="256k TOTAL  for Group B" parent=global queue=default
add disabled=yes limit-at=128k max-limit=128k name="128k TOTAL for Group A" parent=global queue=default

 

4- Create per user (or group) queue in parent groups for per user distribution for marked packets.

/queue tree

# Adding user bandwidth rule from 128k pool
add name="TEMP PC - 64k - from 128k Pool" packet-mark=temp_pc_packets parent="128k TOTAL for Group A" queue=64k-per-user

# Adding users bandwidth rule from 256k pool
add name="ZAIB PC 64k - from 256k pool" packet-mark=zaib_pc_packets parent="256k TOTAL  for GroupB" queue=64k-per-user
add name="LAPTOP PC 128k - from 256k pool" packet-mark=laptop_pc_pkts parent="256k TOTAL  for GroupB" queue=128k-per-user

 


Watching rules in action 🙂

 

pcq


This post requires lot of time to explain things or add other items as well. will do it later.

zaib_scattered

Regard’s
Syed Jahanzaib

Advertisements

January 5, 2012

QOS with Mikrotik [Reference Guide]



QOS With Mikrotik

Following are few scenarios for some examples : I will add more soon.

1# Limit user traffic using PCQ (also useful for Hotspot Bypassed MAC address)

To limit all users 192.168.1.0/24 to 512kb epr user, using PCQ, use following script.


/queue type

add kind=pcq name=download-512kb pcq-burst-rate=0 pcq-burst-threshold=0 pcq-burst-time=10s pcq-classifier=dst-address pcq-dst-address-mask=32 pcq-dst-address6-mask=64 pcq-limit=50 pcq-rate=524288 \
pcq-src-address-mask=32 pcq-src-address6-mask=64 pcq-total-limit=2000

add kind=pcq name=upload-512kb pcq-burst-rate=0 pcq-burst-threshold=0 pcq-burst-time=10s pcq-classifier=src-address pcq-dst-address-mask=32 pcq-dst-address6-mask=64 pcq-limit=50 pcq-rate=524288 \
pcq-src-address-mask=32 pcq-src-address6-mask=64 pcq-total-limit=2000

/queue simple
add burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s comment="Limit every Users at 512kb using PCQ. Can be used for hotspot BYPASSED macs too. Can be used for multi purpose  Syed Jahanzaib" \
direction=both disabled=no interface=all limit-at=0/0 max-limit=0/0 name=512k-limit packet-marks="" parent=none priority=8 queue=upload-512kb/download-512kb target-addresses=192.168.1.0/24 \
total-queue=default-small

Change the Bandwidth and Target IP addresses to meet your local requirements.
Bandwidth example:
512k = 524288
1mb = 1048576
2mb = 2097152
4mb = 4194304

Result as showed in the image below . . .

queue-pcq-per-user

2# Allowing specific extension Low Priority over other traffic

In this example we are marking traffic via mangle rules. .iso extension is marked as low priority traffic , and all other traffic is marked as hi priority traffic.

For example We have 256kb internet bandwidth in total. and we want that when users are downloading any .iso file, it gets low priority over other traffic i.e browsing etc. Use the following.

/ip firewall mangle

add action=mark-connection chain=postrouting comment="Mark Conn for .iso Ext" content=iso disabled=no new-connection-mark=iso-conn passthrough=yes

add action=mark-packet chain=postrouting comment="Mark Pkts for iso-conn Ext" connection-mark=iso-conn disabled=no new-packet-mark=lo-prio-traffic-pkts passthrough=no

add action=mark-connection chain=postrouting comment="Mark Conn for all other traffic" content=!iso disabled=no new-connection-mark=hi-prio-traffic-conn passthrough=yes

add action=mark-packet chain=postrouting comment="Mark Pkts for all other traffic" connection-mark=hi-prio-traffic-conn disabled=no new-packet-mark=hi-prio-traffic-pkts passthrough=no

/queue simple add name=wan_conn_limit interface=ether1 max-limit=256k/256k

/queue simple add name=hi-prio-traffic interface=ether1 parent=wan_conn_limit packet-marks=hi-prio-traffic-pkts priority=1

/queue simple add name=lo-prio-traffic packet-marks=lo-prio-traffic-pkts interface=ether1 parent=wan_conn_limit priority=8

3# Allowing Specific File Extensions High / Limited / Unlimited Bandwidth

For example, You have a network and every user have there bandwidth limited at 256kb. Now you want that if a user is downloading .FLV video file , He can view/download it at unlimited speed regardless of his allowed speed limit, i.e 256kb package, Use the following.

First mark all packets with .flv extention.

/ip firewall mangle
add action=mark-connection chain=postrouting comment="Mark Conn for .flv Ext" content=flv disabled=no new-connection-mark=flv-conn passthrough=yes

add action=mark-packet chain=postrouting comment="Mark Pkts for flv-conn Ext" connection-mark=flv-conn disabled=no new-packet-mark=flv passthrough=no

Now Create a Queue Tree and Set Unlimited or Limited Bandwidth (OR As per your requirements if you want to allot specific amount, set it) to Marked Packets

/queue tree
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=100M max-limit=100M name=Unlimited-Speed-4-Marked-Pkts packet-mark=flv parent=global-out priority=1 queue=defaul

You can use the same in reverse to limit specific extension type bandwidth usage.

4# Allowing Specific Ports High Priority over other traffic

First we need to mark protocols. (In this example we are using SMTP port 25 )

/ip firewall mangle add chain=prerouting protocol=tcp port=25 connection-state=new action=mark-connection new-connection-mark=hi_prio_conn
/ip firewall mangle add chain=prerouting connection-mark=hi_prio_conn action=mark-packet new-packet-mark=hi_prio_conn_pkts

Now we will create Simple Queue and give high priority to marked packets and other packets low priority. (In this example we have 2Mb WAN connection)

/queue simple add name=wan_conn_limit interface=ether1 max-limit=2M/2M
/queue simple add name=prio interface=ether1 parent=wan_conn_limit packet-marks=hi_prio_conn_pkts priority=1
/queue simple add name=other interface=ether1 parent=Internet priority=8

Now SMTP traffic will get higher priority over other traffic.

5# Equal Distribution of Bandwidth for a number of users using PCQ

If you have a 512 kbps WAN connection and you want to share this equally among your users  but if only one pc is active it should have the full 512 kbps, if 2 pcs are active 256 kbps each and vise versa.
As shown in the image below . . .


Use the following:

/queue type add name="PCQ_download" kind=pcq pcq-rate=512k pcq-classifier=dst-address
/queue type add name="PCQ_upload" kind=pcq pcq-rate=512k pcq-classifier=src-address

/queue simple add queue=PCQ_upload/PCQ_download target-addresses=192.168.2.0/24

6# Limiting Single User Bandwidth via Simple QUEUE (Lookout for order number)

/queue simple add name="Limiting Zaib to 256kb" target-addresses=192.168.2.6 max-limit=256k/256k

7# Simple Queue with BURST

Following simple queue with BURST

– Limit user at 64kb in general.
– When the user will download at full 64kbps speed, he will be able to burst upto 256kb for 5 seconds. after 5 seconds , user will fall to 64kb again for next 5 seconds.

In short 5 seconds on load 256kbps, and next 5 seconds, 64kbp.

/queue simple

add burst-limit=256k/256k burst-threshold=128k/128k burst-time=20s/20s direction=both disabled=no interface=all limit-at=0/0 max-limit=64k/64k name=queue1 \

packet-marks="" parent=none priority=8 queue=default-small/default-small target-addresses=172.16.0.10/32 total-queue=default-small

.

.

.

8# Give specific web site assigned Bandwidth on per user basis [updated: 14th April, 2014]

For example you want to limit bandwidth on per user basis for SPECIFIC WEBSITE ONLY. Let’s say 4mb per user for facebook.com
The logic is simple.
1- First create a script that adds the web site ip to an address list.
2- Add scheduler that runs above script after every 5 minutes so that even if the web site ip gets changes, it will update accordingly.
3- Now mark connection and packets for above created address list.
4- Add PCQ queue type (Bandwidth that will be distributed on per user basis using single simple queue)
5- Finally add a simple queue that will distribute bandwidth for marked packets using PCQ for per user basis.


/system script
add name=facebook-list policy=ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive,api source="# Script to add Facebook DNS IP addressess \r\
\n# Syed Jahanzaib / aacable@hotmail.com\r\
\n:log warning \"Script Started ... Adding Facebook DNS ip's to address list name   facebook_dns_ips\"\r\
\n:foreach i in=[/ip dns cache find] do={\r\
\n:local bNew \"true\";\r\
\n:local cacheName [/ip dns cache all get \$i name] ;\r\
\n:if ([:find \$cacheName \"facebook\"] != 0) do={\r\
\n:local tmpAddress [/ip dns cache get \$i address] ;\r\
\n:put \$tmpAddress;\r\
\n:if ( [/ip firewall address-list find ] = \"\") do={\r\
\n:log info (\"added entry: \$[/ip dns cache get \$i name] IP \$tmpAddress\");\r\
\n/ip firewall address-list add address=\$tmpAddress list=facebook_dns_ips comment=\$cacheName;\r\
\n} else={\r\
\n:foreach j in=[/ip firewall address-list find ] do={\r\
\n:if ( [/ip firewall address-list get \$j address] = \$tmpAddress ) do={\r\
\n:set bNew \"false\";\r\
\n}\r\
\n}\r\
\n:if ( \$bNew = \"true\" ) do={\r\
\n:log info (\"added entry: \$[/ip dns cache get \$i name] IP \$tmpAddress\");\r\
\n/ip firewall address-list add address=\$tmpAddress list=facebook_dns_ips comment=\$cacheName;\r\
\n}\r\
\n}\r\
\n}\r\
\n}\r\
\n# Script Ended..."


/system scheduler
add comment="Add Facebook IP's to address list name facebook-list after every 5 minutes / zaib" disabled=no interval=5m name=add_fb_to_list_scheduler_every_5mnts on-event=facebook-list policy=\
ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive,api start-date=feb/11/2014 start-time=00:00:00


/ip firewall mangle
add action=mark-connection chain=postrouting comment="Mark Conn for FB Site / zaib" disabled=no dst-address-list=facebook_dns_ips new-connection-mark=FB-conn passthrough=yes
add action=mark-packet chain=postrouting comment="Mark Packtes for FB-CONN / zaib" connection-mark=FB-conn disabled=no new-packet-mark=FB_Packets passthrough=no


/queue type
add kind=pcq name=Download-4mb pcq-burst-rate=0 pcq-burst-threshold=0 pcq-burst-time=10s pcq-classifier=dst-address pcq-dst-address-mask=32 pcq-dst-address6-mask=64 pcq-limit=50 pcq-rate=4194304 \
pcq-src-address-mask=32 pcq-src-address6-mask=64 pcq-total-limit=2000
add kind=pcq name=Upload-4mb pcq-burst-rate=0 pcq-burst-threshold=0 pcq-burst-time=10s pcq-classifier=src-address pcq-dst-address-mask=32 pcq-dst-address6-mask=64 pcq-limit=50 pcq-rate=4194304 \
pcq-src-address-mask=32 pcq-src-address6-mask=64 pcq-total-limit=2000

/queue simple
add burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s comment="Limit FB speed 4mb per user using PCQ  / Syed Jahanzaib" direction=both disabled=no interface=all limit-at=0/0 max-limit=0/0 name=\
4mb_Limit_For_FB_Per_User packet-marks=FB_Packets parent=none priority=8 queue=Upload-4mb/Download-4mb target-addresses="" total-queue=default-small

 

Do remember, its just an example to show you how you can twist things, You can modify it as per your requirements 🙂

Syed Jahanzaib

%d bloggers like this: