Table of Contents

MikroTik: Controlling Speeds

Alex Moore Updated by Alex Moore

Prerequisites

Before you can use Sonar to control speeds in a MikroTik, you need to build address lists and add the MikroTik as an inline device in Sonar. Once both of these prerequisites are met, follow the steps below to start controlling speeds based on services assigned in Sonar. For the purposes of this guide, we are going to set up rules for a "Silver" data service that is 10 Mbps download and 2 Mbps upload.

Creating Connection Marks

For each Address List in Sonar that we would like to control speeds, we will need to create a connection mark for the download, as well as one for the upload. This means for example, if we have five address lists that we would like to control speeds, there should be 10 connection marks. In the examples below, we will build out both connection marks for the "Silver" address list.

  1. Winbox into the MikroTik you would like to setup rules in and go to IP > Firewall > Mangle, then hit the blue "+" button to create a new mangle rule.
  1. In the General tab, set the chain to forward and the Out. Interface to whichever interface is customer facing. If you have more than one physical interface that faces towards customer devices, common practice would be to set this up as a bridge and use the bridge as the Out. Interface.
If you are using VLANs for your customer facing traffic, set the Out. Interface to "all vlan".
  1. In the Advanced tab, set the Dst. Address List to "Silver". This option should already be in the drop down from synchronizing your inline device, but keep in mind that if no IP addresses are already a member of this address list, you may need to manually type in this name. Just make sure that it perfectly matches the name you setup in the Address Lists configuration in Sonar.
  1. In the Action tab, set the Action to "mark connection". Set the New Connection Mark to "Silver_traffic_down". Make sure the Passthrough checkbox is checked. Once this is completed, click Apply.
  1. Hit the blue "+" button to create a new mangle rule. In the General tab, set the chain to forward and this time, set the In. Interface to whichever interface is customer facing.
If you are using VLANs for your customer facing traffic, set the In. Interface to "all vlan".
  1. In the Advanced tab, set the Src. Address List to "Silver".
  1. In the Action tab, set the Action to "mark connection". Set the New Connection Mark to "Silver_traffic_up". Make sure the Passthrough checkbox is checked. Once this is completed, click Apply.

Once you have one pair of connection mark rules built, you can just Copy each rule and modify the Dst. or Src. Address List you are selecting as well as the name of the New Connection Mark to build additional marks.

Creating Packet Marks

Similar to Connection Marks, for each Address List in Sonar that we would like to control speeds, we will need to create a packet mark for the download, as well as one for the upload. In the examples below, we will build out both packet marks for the "Silver" address list.

  1. Hit the blue "+" button to create a new mangle rule. In the General tab, set the chain to forward, set the Out. Interface to whichever interface is customer facing, and set the Connection Mark to "Silver_traffic_down".
If you are using VLANs for your customer facing traffic, set the Out. Interface to "all vlan".
  1. In the Action tab, set the Action to "mark packet". Set the New Packet Mark to "Silver_traffic_down". Make sure the Passthrough check box is checked. Once this is completed, click Apply.
  2. Hit the blue "+" button to create a new mangle rule. In the General tab, set the chain to forward, set the In. Interface to whichever interface is customer facing, and set the Connection Mark to "Silver_traffic_up".
If you are using VLANs for your customer facing traffic, set the Out. Interface to "all vlan".
  1. In the Action tab, set the Action to "mark packet". Set the New Packet Mark to "Silver_traffic_up". Make sure the Passthrough check box is checked. Once this is completed, click Apply.

Once you have one pair of packet mark rules built, you can just Copy each rule and modify the Connection Mark you are selecting under the General tab as well as the name of the New Packet Mark under the Action to create new marks.

Once you have both connection marks and packet marks, if you have built these rules on a live network, you should see both the Bytes and Packets tables climbing for each mangle rule.

Creating PCQ in Queue Types

  1. Navigate to Queues > Queue Types, and click the blue "+" button.
  2. Set the Type Name to "Silver_download", the Kind to "pcq" the Rate to 10M, the Queue Size to 50 and the Total Queue Size to 250000. You can also set the Burst Rate to 20% higher than the Rate limit (12M in this case) and the Burst Time to 00:00:15. This will allow speed tests to show a little above full speed but limit bulk downloads to the actual speed of the service. Lastly, set the Classifier to "Dst. Address" and hit OK.
  3. Click the blue "+" button once again. Set the Type Name to "Silver_upload", the Kind to "pcq" the Rate to 2M, the Queue Size to 50 and the Total Queue Size to 250000. You can also set the Burst Rate to 20% higher than the Rate limit (2400k in this case) and the Burst Time to 00:00:15. This will allow speed tests to show a little above full speed but limit bulk uploads to the actual speed of the service. Lastly, set the Classifier to "Src. Address" and hit OK.

Once you have one pair of PCQ queues built, you can just Copy each queue and modify the Type Name as well as the Rate and Burst Rate to build additional queues.

  1. Under the Queue Tree tab, hit the blue "+" button. Under the General tab, set the Name to "Silver_download". Set the Parent to the customer facing interface. Set the Packet Marks to "Silver_traffic_down" and set the Queue Type to "Silver_download". Set the Priority to 7 as this will allow for lower priority shaping queues in the future if need be. Hit OK.
Even if you are using VLANs for your customer facing traffic, set the Parent to the physical interface, or a bridge representing all interfaces. If there is a reason you do not want to bridge these interfaces, you can also build an identical rule for each interface separately.
  1. Hit the blue "+" button once again. Under the General tab, set the Name to "Silver_upload". Set the Parent to the internet facing interface. Set the Packet Marks to "Silver_traffic_up" and set the Queue Type to "Silver_upload". Again, set the Priority to 7 and hit OK.

Once you have one pair of queues built, you can just Copy each rule and modify the Name, Packet Marks,and Queue Type to build additional queues.

Once you have both PCQ and Queue Trees setup, if you have built these rules on a live network, you should see both the Bytes and Packets tables climbing for each queue tree.

If you do not see bytes and packets climbing in a live network, please continue to Troubleshooting. Otherwise, you can continue to MikroTik: Controlling Access.

How did we do?

MikroTik as an Inline Device: Integration With Sonar

MikroTik: Controlling Access

Contact