QOS with Mikrotik [Reference Guide]

Filed under: Mikrotik Related — Tags: dst-address, Mikroitk unlimited speed for spefici protocol
extension, Mikrotik Limit by File Extention, Mikrotik QOS, QOS with Mikrotik, target-address — Syed Jahanzaib /
Pinochio~:) @ 3:35 PM

46 Votes

QOS With Mikrotik

Following are few scenarios for some examples : I will add more soon.

Post#1 – PCQ base Bandwidth Management with different bandwidth for DAY / NIGHT /
DAYS using TIME feature in Mikrotik

Scenario:

We are using Mikrotik CCR1036 ver 6.43.7 , acting as PPPoE NAS, Free-radius (DMA) is providing
authentication for users account & also its informing NAS about from which POOL users should
get IP address , based on the profile. Example 1mb user gets IP from 1mb pool from NAS.

We require following bandwidth plan:

1 mb user bandwidth plan
 From 10am till 5pm > 1mb

 From 5pm till 10am next morning > 2mb

 Saturday + Sunday Full Time > 2mb

1 /ip pool
2
add name=512kb ranges=172.16.114.1-172.16.115.255
3
add name=2mb ranges=172.16.102.1-172.16.103.255
4 add name=3mb ranges=172.16.104.1-172.16.105.255
5 add name=4mb ranges=172.16.106.1-172.16.107.255

6 add name=6mb ranges=172.16.108.1-172.16.109.255

7 add name=8mb ranges=172.16.110.1-172.16.111.255

8 add name=10mb ranges=172.16.112.1-172.16.113.255

9 add name=1mb ranges=172.16.100.1-172.16.101.255

10
/queue type
11
add kind=pcq name=1mb_down pcq-classifier=dst-address pcq-dst-address6-mask=64 p
12
add kind=pcq name=2mb_up pcq-classifier=src-address pcq-dst-address6-mask=64 pcq
13
add kind=pcq name=3mb_up pcq-classifier=src-address pcq-dst-address6-mask=64 pcq
14
add kind=pcq name=4mb_up pcq-classifier=src-address pcq-dst-address6-mask=64 pcq
15 add kind=pcq name=6mb_up pcq-classifier=src-address pcq-dst-address6-mask=64 pcq
16 add kind=pcq name=8mb_up pcq-classifier=src-address pcq-dst-address6-mask=64 pcq

17 add kind=pcq name=10mb_up pcq-classifier=src-address pcq-dst-address6-mask=64 pc

18 add kind=pcq name=512kb_up pcq-classifier=src-address pcq-dst-address6-mask=64 p

19 add kind=pcq name=2mb_down pcq-classifier=dst-address pcq-dst-address6-mask=64 p

add kind=pcq name=3mb_down pcq-classifier=dst-address pcq-dst-address6-mask=64 p

20
add kind=pcq name=4mb_down pcq-classifier=dst-address pcq-dst-address6-mask=64 p
21
add kind=pcq name=6mb_down pcq-classifier=dst-address pcq-dst-address6-mask=64 p
22
add kind=pcq name=8mb_down pcq-classifier=dst-address pcq-dst-address6-mask=64 p
23
add kind=pcq name=10mb_down pcq-classifier=dst-address pcq-dst-address6-mask=64
24 add kind=pcq name=512kb_down pcq-classifier=dst-address pcq-dst-address6-mask=64
25 add kind=pcq name=1mb_up pcq-classifier=src-address pcq-dst-address6-mask=64 pcq

26

27 /queue simple

28 add max-limit=10M/10M name="Google DNS High Priority 1" priority=1/1 target=8.8.

29 add max-limit=10M/10M name="Google DNS High Priority 2" priority=1/1 target=8.8.

add name="1mb pcq day - 10 am till 5 pm" queue=1mb_up/1mb_down target=172.16.100

30
add name="1mb pcq & 2mb double up night - 5pm till 10 am" queue=2mb_up/2mb_down
31
add name="1mb pcq & 2mb double up - saturday & sunday - 24 hours" queue=2mb_up/2
32
add name="2mb pcq day - 10 am till 5 pm" queue=2mb_up/2mb_down target=172.16.102
33
add name="2mb pcq & 3mb double up night - 5pm till 10 am " queue=3mb_up/3mb_down
34 add name="2mb pcq double up - saturday & sunday - 24 hours" queue=3mb_up/3mb_dow
35 add name="3mb pcq day - 10 am till 5 pm" queue=3mb_up/3mb_down target=172.16.104

36 add name="3mb pcq & 6mb double up night - 5pm till 10 am " queue=6mb_up/6mb_dow

37 add name="3mb pcq & 6mb double up - saturday & sunday - 24 hours" queue=6mb_up/6

38 add name="4mb pcq - 24 hours" queue=4mb_up/4mb_down target=172.16.106.0/23 time=

39 add name="6mb pcq - 24 hours" queue=6mb_up/6mb_down target=172.16.108.0/23 time=

40 add name="8mb pcq - 24 hours" queue=8mb_up/8mb_down target=172.16.110.0/23 time=

add name="10mb pcq - 24 hours" queue=10mb_up/10mb_down target=172.16.112.0/23 ti

41
add name="512kb pcq day - 10 am till 5 pm" queue=512kb_up/512kb_down target=172.
42
add name="512kb pcq & 1mb double up night - 5 pm till10 am" queue=1mb_up/1mb_dow
43
add name="512kb pcq & 1mb double up - saturday & sunday - 24 hours" queue=1mb_up
44
add name="512kb for UKNOWN users IF any by zaib - 24 hours" queue=512kb_up/512k
45

46

47

48

in User PPP Profile, I have added following line

1 /queue simple remove [find dynamic]

This line will remove any Dynamic Queue that will be created by DMA.

Done.

Screenshots …

PCQ base simple Queues with TIME settings, each queue will be enabled as per time
Remove DYNAMIC Queue by Script command

Its useful when you are using PCQ base queueus , and your raidus still sends dynamic queues,
you can add this in pppoe profile startups script section, so any dynamic queue will be removed
whenever any user logins
1 /queue simple remove [find dynamic]
Post#2 – Limit user traffic using PCQ (also useful for Hotspot Bypassed MAC address)

To limit all users 192.168.1.0/24 to 512kb epr user, using PCQ, use following script.
/queue type
1 add kind=pcq name=download-512kb pcq-burst-rate=0 pcq-burst-threshold=0 pcq-burst-ti
limit=50 pcq-rate=524288 \
2
pcq-src-address-mask=32 pcq-src-address6-mask=64 pcq-total-limit=2000
3

4
add kind=pcq name=upload-512kb pcq-burst-rate=0 pcq-burst-threshold=0 pcq-burst-time
5 pcq-rate=524288 \

6 pcq-src-address-mask=32 pcq-src-address6-mask=64 pcq-total-limit=2000

8 /queue simple

9 add burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s comment="Limit every Users

purpose Syed Jahanzaib" \
10direction=both disabled=no interface=all limit-at=0/0 max-limit=0/0 name=512k-limit

11addresses=192.168.1.0/24 \
total-queue=default-small

Change the Bandwidth and Target IP addresses to meet your local requirements.
Bandwidth example:
512k = 524288
1mb = 1048576
2mb = 2097152
4mb = 4194304

Result as showed in the image below . . .

 ↓

Post#3 – Allowing specific extension Low Priority over other traffic

In this example we are marking traffic via mangle rules. .iso extension is marked as low priority
traffic , and all other traffic is marked as hi priority traffic.

For example We have 256kb internet bandwidth in total. and we want that when users are
downloading any .iso file, it gets low priority over other traffic i.e browsing etc. Use the
following.
1/ip firewall mangle

2add action=mark-connection chain=postrouting comment="Mark Conn for .iso Ext" content

3add action=mark-packet chain=postrouting comment="Mark Pkts for iso-conn Ext" connect

add action=mark-connection chain=postrouting comment="Mark Conn for all other traffic
4
add action=mark-packet chain=postrouting comment="Mark Pkts for all other traffic" co
5passthrough=no

6/queue simple add name=wan_conn_limit interface=ether1 max-limit=256k/256k

7/queue simple add name=hi-prio-traffic interface=ether1 parent=wan_conn_limit packet-

8/queue simple add name=lo-prio-traffic packet-marks=lo-prio-traffic-pkts interface=et

▼
4# Allowing Specific File Extensions High / Limited / Unlimited Bandwidth

For example, You have a network and every user have there bandwidth limited at 256kb. Now
you want that if a user is downloading .FLV video file , He can view/download it
at unlimited speed regardless of his allowed speed limit, i.e 256kb package, Use the following.

First mark all packets with .flv extention.

1 /ip firewall mangle

2 add action=mark-connection chain=postrouting comment="Mark Conn for .flv Ext" con

4 add action=mark-packet chain=postrouting comment="Mark Pkts for flv-conn Ext" con

Now Create a Queue Tree and Set Unlimited or Limited Bandwidth (OR As per your requirements
if you want to allot specific amount, set it) to Marked Packets
/queue tree
1
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=100M max-limit
2queue=defaul

You can use the same in reverse to limit specific extension type bandwidth usage.

5# Allowing Specific Ports High Priority over other traffic

First we need to mark protocols. (In this example we are using SMTP port 25 )
1 /ip firewall mangle add chain=prerouting protocol=tcp port=25 connection-state=ne

2 /ip firewall mangle add chain=prerouting connection-mark=hi_prio_conn action=mark

Now we will create Simple Queue and give high priority to marked packets and other packets low
priority. (In this example we have 2Mb WAN connection)
1 /queue simple add name=wan_conn_limit interface=ether1 max-limit=2M/2M

2 /queue simple add name=prio interface=ether1 parent=wan_conn_limit packet-marks=h

3 /queue simple add name=other interface=ether1 parent=Internet priority=8

Now SMTP traffic will get higher priority over other traffic.

6# Equal Distribution of Bandwidth for a number of users using PCQ

If you have a 512 kbps WAN connection and you want to share this equally among your
users but if only one pc is active it should have the full 512 kbps, if 2 pcs are active 256
kbps each and vise versa.
As shown in the image below . . .
 Use the following:
1 /queue type add name="PCQ_download" kind=pcq pcq-rate=512k pcq-classifier=dst-add

2 /queue type add name="PCQ_upload" kind=pcq pcq-rate=512k pcq-classifier=src-addre

4 /queue simple add queue=PCQ_upload/PCQ_download target-addresses=192.168.2.0/24

7# Limiting Single User Bandwidth via Simple QUEUE (Lookout for order number)
1 /queue simple add name="Limiting Zaib to 256kb" target-addresses=192.168.2.6 max-

8# Simple Queue with BURST

Following simple queue with BURST

– Limit user at 64kb in general.

– When the user will download at full 64kbps speed, he will be able to burst upto 256kb for 5
seconds. after 5 seconds , user will fall to 64kb again for next 5 seconds.

In short 5 seconds on load 256kbps, and next 5 seconds, 64kbp.

1 /queue simple

2 add burst-limit=256k/256k burst-threshold=128k/128k burst-time=20s/20s direction=

3 packet-marks="" parent=none priority=8 queue=default-small/default-small target-a

9# Give specific web site assigned Bandwidth on per user basis [updated: 14th April,
2014]

For example you want to limit bandwidth on per user basis for SPECIFIC WEBSITE ONLY. Let’s say
4mb per user for facebook.com
The logic is simple.
1- First create a script that adds the web site ip to an address list.
2- Add scheduler that runs above script after every 5 minutes so that even if the web site ip gets
changes, it will update accordingly.
3- Now mark connection and packets for above created address list.
4- Add PCQ queue type (Bandwidth that will be distributed on per user basis using single simple
queue)
5- Finally add a simple queue that will distribute bandwidth for marked packets using PCQ for
per user basis.
1 /system script

2 add name=facebook-list policy=ftp,reboot,read,write,policy,test,winbox,password,snif

3 \n# Syed Jahanzaib / [email protected]\r\

4 \n:log warning \"Script Started ... Adding Facebook DNS ip's to address list name
\n:foreach i in=[/ip dns cache find] do={\r\
5
\n:local bNew \"true\";\r\
6
\n:local cacheName [/ip dns cache all get \$i name] ;\r\
7
\n:if ([:find \$cacheName \"facebook\"] != 0) do={\r\
8
\n:local tmpAddress [/ip dns cache get \$i address] ;\r\
9 \n:put \$tmpAddress;\r\

10\n:if ( [/ip firewall address-list find ] = \"\") do={\r\

11\n:log info (\"added entry: \$[/ip dns cache get \$i name] IP \$tmpAddress\");\r\

12\n/ip firewall address-list add address=\$tmpAddress list=facebook_dns_ips comment=\

13\n} else={\r\
\n:foreach j in=[/ip firewall address-list find ] do={\r\
14
\n:if ( [/ip firewall address-list get \$j address] = \$tmpAddress ) do={\r\
15
\n:set bNew \"false\";\r\
16
\n}\r\
17
\n}\r\
18\n:if ( \$bNew = \"true\" ) do={\r\

19\n:log info (\"added entry: \$[/ip dns cache get \$i name] IP \$tmpAddress\");\r\

20\n/ip firewall address-list add address=\$tmpAddress list=facebook_dns_ips comment=\

21\n}\r\

22\n}\r\
23\n}\r\

24\n}\r\
\n# Script Ended..."
25

26
/system scheduler
27
add comment="Add Facebook IP's to address list name facebook-list after every 5 minu
28event=facebook-list policy=\

29ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive,api start-date=feb

30

31/ip firewall mangle

32add action=mark-connection chain=postrouting comment="Mark Conn for FB Site / zaib"

add action=mark-packet chain=postrouting comment="Mark Packtes for FB-CONN / zaib" c
33

34
/queue type
35
add kind=pcq name=Download-4mb pcq-burst-rate=0 pcq-burst-threshold=0 pcq-burst-time
36pcq-rate=4194304 \

37pcq-src-address-mask=32 pcq-src-address6-mask=64 pcq-total-limit=2000

38add kind=pcq name=Upload-4mb pcq-burst-rate=0 pcq-burst-threshold=0 pcq-burst-time=1

pcq-rate=4194304 \
39pcq-src-address-mask=32 pcq-src-address6-mask=64 pcq-total-limit=2000

40

41/queue simple

42add burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s comment="Limit FB speed 4mb

max-limit=0/0 name=\
43
4mb_Limit_For_FB_Per_User packet-marks=FB_Packets parent=none priority=8 queue=Uploa
44

45

Do remember, its just an example to show you how you can twist things, You can modify it as
per your requirements 🙂

Some Notes:

The target-address is used to specify the host that you want to shape… target-address is the
address of (for example) your client who’s speed you are about to limit.
Destination-address is for more advanced shaping… for example to shape someone’s access to
a specific server dst-address is the server to which this client will connect (if you like to limit his
speed only when he connects to this one specific server)