this is only MT attached to the fiber line, there is only 1 pc behind the mikrotik (is doing NAT, no fasttrack).
the Simple queue, whether on the entire interface of the WAN , or as is more common on the LAN port and set for a single local IP (or subnet), same result, traffic is getting past it beyond the speed limits set.
yet test torrent traffic is racing right past it. (im testing with torrent traffic as its a good/quick way to simulate many, BW intensive and diverse connections from a single pc). + its a type of traffic we as providers have to deal with. (to be clear: this topic is NOT about torrent traffic or how to control torrent traffic, this topic is strictly about why would a simple queue fail to limit some traffic or protocols)
see image , queue is set for 150/150m , isp line is a 200/200m line , and mt export. (only 1 pc attached directly to eth1)
(note- trying the other queue types that you see as disabled, showed the same exact results)- the weird thing is when watching torsch of both interfaces, ill see:
(on lan int)- pub IP- RX:50m TX:1m
any ideas? tks
Code: Select all
# apr/25/2019 20:19:51 by RouterOS 6.44.3 # software id = P2xx # # model = RB4011iGS+ # serial number = B8xx /interface ethernet set [ find default-name=ether1 ] name=ether1-SW set [ find default-name=ether2 ] name=ether2-UNITI /queue simple add disabled=yes max-limit=180M/180M name=queue2 target=192.168.1.14/32 [b]add max-limit=100M/100M name=queue3 target=192.168.1.14/32[/b] add disabled=yes max-limit=100M/100M name=queue35 target=192.168.1.0/24 [b]add disabled=yes max-limit=100M/100M name=queue34 target=0.0.0.0/0[/b] add disabled=yes max-limit=150M/150M name=queue1 target=ether2-UNITI add comment=PCQ disabled=yes limit-at=100M/100M max-limit=100M/100M name=PCQ-queue1 queue=pcq-upload-default/pcq-download-default target=192.168.1.14/32 /ip address add address=93.x/30 disabled=yes interface=ether2-UNITI network=93.x /ip dns set servers=170.x.x.x /ip firewall filter add action=drop chain=input comment="drop MGMT SERVICES PORTS - DROP if not on ACL" dst-port=\ 20-55,80-445,2000,8022-8729 in-interface=ether2-UNITI log=yes log-prefix="/drop/-TCP not on ADMIN addyList" \ protocol=tcp src-address-list=!adminIPs /ip firewall nat add action=masquerade chain=srcnat out-interface=ether2-UNITI /ip route add distance=1 gateway=93.x.x.x. /ip service set telnet disabled=yes set ftp disabled=yes set www disabled=yes set ssh address=192.168.0.0/16 set api disabled=yes set winbox address=192.168.0.0/16 set api-ssl disabled=yes /ip ssh set allow-none-crypto=yes forwarding-enabled=remote /snmp set enabled=yes /system clock set time-zone-name=America/Toronto /system identity set name=TestQUEUE_rb4011_1.219