If we have a large number of clients, of course, the complete queue tree on each client IP would be very long. it is certainly going to take a lot of resources of the mikrotik router which makes the bandwidth management system becomes very complex and making hard for the router system. It will be depends on mikrotik router ability itself to regulate all traffic flow that would be very complex. And for those of you who want to apply the the previous method on your internet network that using hotspot with dynamic Ip address, certainly can not be done by the client ip address.
This is the combining of PCQ (Per Connection Queue) on queue type with the priority, limit-at and max-limit of the queue tree, which allows us to make the complete queue tree with the kind of connection packets that will be distributed to all IP address that used clients to access the internet from as our network. The implementing of this method is not just for dynamic ip address such a hotspot, but still can be used for static IP address clients without having to know the IP address of each client that connected. So it doesn't require to make a new queue tree rule if sometimes you make change the ip address of your client. One unite of the hierarchy of queue tree rules of each kind of connection packets is for all of your client that you have on your network.
As the previous method we will make the connection packets based on public and local interface name. It is free to use chain=prerouting or chain=forward as you like. The most important thing, you have to understand the the concept of QOS packets flow to separate and make the certain connection packets that would be set on the queue tree rules. We will limit the bandwidth for each kind connection packets using PCQ on queue type.
1. Separating the Various kind of Connection PacketsHere we simply to make the various kind of connection packets that you want to prioritize, We don't separate by IP address. For more details you must give the focus of the scripts console command below. How you can create the marking on mangle rule with layer 7 protocol! you can define by yourself a certain connection packets else by defining layer 7 protocol rules.
/ip firewall mangle add action=mark-connection chain=prerouting disabled=no in-interface=ether1 new-connection-mark=all-inconn passthrough=yes comment="UPSTEAM CONNECTION" add action=mark-packet chain=prerouting connection-mark=all-inconn disabled=no new-packet-mark=all-inpkt passthrough=yes comment="UPSTEAM" add action=mark-connection chain=forward disabled=no in-interface=wlan1 new-connection-mark=all-outconn passthrough=yes comment="DOWNSTEAM CONNECTION" add action=mark-packet chain=forward connection-mark=all-outconn disabled=no new-packet-mark=all-outpkt passthrough=yes comment="DOWNSTEAM" /ip firewall layer7-protocol add comment="download" name=high regexp="^.*get.+\\.(exe|rar|iso|zip|7zip|0[0-9][1-9]|flv|mkv|avi|mp4|3gp|rmvb|mp3|img|dat|mov).*\$" add comment="download" name=document regexp="^.*get.+\\.(pdf|doc|docx|xlsx|xls|rtf|ppt|ppt).*\$" add comment="video" name=youtube regexp="^.*get.+\\.(c.youtube.com|cdn.dailymotion.com|metacafe.com|mccont.com).*\$" add comment="video" name=streaming regexp="videoplayback|video" /ip firewall mangle add action=mark-packet chain=forward layer7-protocol=high new-packet-mark=dpkt packet-mark=all-outpkt passthrough=no comment="CLIENT DOWNLOAD" add action=mark-packet chain=forward layer7-protocol=document new-packet-mark=dpkt packet-mark=all-outpkt passthrough=no comment="" add action=mark-packet chain=forward connection-bytes=1000000-0 src-port=80,443 passthrough=yes new-packet-mark=dpkt packet-mark=all-outpkt protocol=tcp comment="" /ip firewall mangle add action=mark-packet chain=forward layer7-protocol=youtube new-packet-mark=spkt packet-mark=all-outpkt passthrough=no comment="CLIENT VIDEO" add action=mark-packet chain=forward layer7-protocol=streaming new-packet-mark=spkt packet-mark=all-outpkt passthrough=no comment="" /ip firewall mangle add action=mark-packet chain=forward packet-mark=all-outpkt new-packet-mark=gpkt passthrough=yes protocol=tcp dst-port=5340-5352,6000-6152,10001-10011,14009-14030,18901-18909 comment="CLIENT ONLINE GAMES" add action=mark-packet chain=forward packet-mark=all-outpkt new-packet-mark=gpkt passthrough=yes protocol=tcp dst-port=39190,27780,29000,22100,10009,4300,15001,15002,7341,7451 add action=mark-packet chain=forward packet-mark=all-outpkt new-packet-mark=gpkt passthrough=yes protocol=tcp dst-port=40000,9300,9400,9700,7342,8005-8010,37466,36567,8822 add action=mark-packet chain=forward packet-mark=all-outpkt new-packet-mark=gpkt passthrough=yes protocol=tcp dst-port=47611,16666,20000,5105,29000,18901-18909,9015 add action=mark-packet chain=forward packet-mark=all-outpkt new-packet-mark=gpkt passthrough=yes protocol=udp dst-port=27005,27015 add action=mark-packet chain=forward packet-mark=all-outpkt new-packet-mark=gpkt passthrough=yes protocol=udp dst-port=27005-27020,13055,7800-7900,12060-12070 add action=mark-packet chain=forward packet-mark=all-outpkt new-packet-mark=gpkt passthrough=yes protocol=udp dst-port=8005-8010,9068,1293,1479,9401,9600,30000 add action=mark-packet chain=forward packet-mark=all-outpkt new-packet-mark=gpkt passthrough=yes protocol=udp dst-port=14009-14030,42051-42052,40000-40050,13000-13080 /ip firewall mangle add action=mark-packet chain=forward connection-bytes=0-1000000 src-port=80,443 passthrough=no new-packet-mark=bpkt packet-mark=all-outpkt protocol=tcp comment="CLIENT BROWSING" /ip firewall layer7-protocol add comment="BIT TORENT" name=bittorrent regexp="^(\13bittorrent protocol|azver1\$|get /scrape\\\\?info_hash=)|d1:ad2:id20:|8’7P\\)[RP]" add comment="TORRENT WEBSITES" name=torrentsites regexp="^.*(get|GET).+(torrent|thepiratebay|isohunt|entertane|demonoid|btjunkie|mininova|flixflux|torrentz|vertor|h33t|btscene|bitunity|bittoxic|thunderbytes|entertane|zoozle|vcdq|bitnova|bitsoup|meganova|fulldls|btbot|flixflux|seedpeer|fenopy|gpirate|commonbits).*\$" /ip firewall mangle add action=mark-packet chain=forward layer7-protocol=bittorrent new-packet-mark=tpkt packet-mark=all-outpkt passthrough=no comment="BILLING BIT TORRENT" add action=mark-packet chain=forward layer7-protocol=torrentsites new-packet-mark=tpkt packet-mark=all-outpkt passthrough=no comment="BILLING TORRENT WEBSITES" add action=mark-packet chain=forward p2p=all-p2p new-packet-mark=tpkt packet-mark=all-outpkt passthrough=no comment="BILLING ALLP2P" add action=mark-packet chain=forward dst-port=58561,58045,14948,58008,58816,59097 new-packet-mark=tpkt packet-mark=all-outpkt passthrough=no protocol=tcp comment="BILLING TORRENT PORT"
This rules command is much simpler than previous method to capture the various kind of connection packets to your clients. As I told you can expand to define the connection packets to make the kind of connection packets as you desired.
2. Set the bandwidth limitations using PCQ with the Queue TypePCQ will divided bandwidth equally for all clients with maximum limit rate that will be given to a certain connection packets to all clients that use the kind connections. So we just need to set the limit rate for each kind connection packets. The queue type script rules like this!
/queue type add name=pcq_upstream kind=pcq pcq-rate=256k pcq-classifier=src-address add name=pcq_downstream kind=pcq pcq-rate=512k pcq-classifier=dst-address add name=pcq_game kind=pcq pcq-rate=256k pcq-classifier=dst-address add name=pcq_browsing kind=pcq pcq-rate=256k pcq-classifier=dst-address add name=pcq_download kind=pcq pcq-rate=256k pcq-classifier=dst-address add name=pcq_undefined kind=pcq pcq-rate=180k pcq-classifier=dst-address add name=pcq_extensions kind=pcq pcq-rate=180k pcq-classifier=dst-address add name=pcq_video kind=pcq pcq-rate=200k pcq-classifier=dst-address add name=pcq_p2ptorrent kind=pcq pcq-rate=150k pcq-classifier=dst-address
Change the pcq-rate value of the queue types rules to each kind connection packets. After this the pcq name that we have defined, will be used to the queue tree rules. It is fully according to you to give the name of the queue type. The result you can see as the picture below!
The value of pcq-rate will determine the maximum bandwidth limit that will shared to the clients that used the certain connection packets a long as bandwidth is still remain to all clients equally.
3. Create Queue Tree Rules of The Kind Connection PacketsThis is going the final step that allow you to manage the bandwidth limit and priority on queue tree rules, specify limit-at and max-limit to all clients that will use a certain connection packets. The kind of connection packets you set the priority according to you. In this case I just give the high priority for the online games and browsing connection packets that are relatively consuming just a bit bandwidth. You can edit and paste this scripts of queue tree rules below on the console terminal winbox!
/queue tree add name=a.Upstream parent=global-in queue=pcq_upstream packet-mark=all-inpkt priority=8 max-limit=2M add name=b.Downstream parent=global-out queue=pcq_downstream packet-mark=all-outpkt priority=8 max-limit=2M add name=1.Games parent=b.Downstream queue=pcq_game packet-mark=gpkt priority=1 limit-at=125k max-limit=512k add name=2.Browsing parent=b.Downstream queue=pcq_browsing packet-mark=bpkt priority=2 limit-at=125k max-limit=512k add name=3.Download parent=b.Downstream queue=pcq_download packet-mark=all-outpkt priority=3 limit-at=125k max-limit=512k add name=3.1.Undefined parent=3.Download queue=pcq_undefined packet-mark=all-outpkt priority=4 limit-at=75k max-limit=320k add name=3.2.Extensions parent=3.Download queue=pcq_extensions packet-mark=dpkt priority=5 limit-at=75k max-limit=320k add name=3.3.Video parent=3.Download queue=pcq_video packet-mark=spkt priority=6 limit-at=75k max-limit=320k add name=3.4.P2P&Torrent parent=3.Download queue=pcq_p2ptorrent packet-mark=tpkt priority=7 limit-at=75k max-limit=320k
Still using the previous hierarchy of queue tree rules. Once you insert the above scripts, you will see the rules as shown like the picture below!
Understanding of HTB (Hierarchical Token Bucket) on Mikrotik RouterOS QoS is needed to make the priority of the connection packets works as you expected. This is most determined by the value of "limit-at" and "max-limit" that used on the hierarchy of the queue tree rules. Note that this is a as the unit hierarchy of the queue tree rules for all clients that using a certain connection packets. Max-limit will maintain the total limit of a certain connection packets usage as a whole. Furthermore, granting priority value, limit-at will determine the priority of the seizure bandwidth of the kind connection packets on queue tree.
- Max-limit is the bandwidth maximum of certain connection packets that used by clients
- Max-limit of each queue tree child should not be more than max-limit parent
- The total limit-at of all queue tree childs should not be more than max-limit parent
- Priority of the connection packets will only work if on the rule of two setup above.
Next please practice it yourself, as far as I observe now the satisfaction of the clients more determined by the stability of the Internet connection that provided by your ISP to give the bandwidth. As a description of this method, I have included this video of this article !