Setup guide
priority=8 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0
[admin@Wandy] queue tree>
Thus, we used queue trees for limiting the upload. The download speed can be limited the same
way simply changing the interface names and matching the packets destinated to the server:
[admin@Wandy] queue tree> add name=Down parent=Local max-limit=131072
[admin@Wandy] queue tree> print
Flags: X - disabled, I - invalid, D - dynamic
0 name="Up" parent=Public flow="" limit-at=0 queue=default priority=8
max-limit=65536 burst-limit=0 burst-threshold=0 burst-time=0
1 name="Server_Up" parent=Up flow=Server_Up limit-at=32768 queue=default
priority=7 max-limit=65536 burst-limit=0 burst-threshold=0 burst-time=0
2 name="Local_Up" parent=Up flow=Local_Up limit-at=0 queue=default
priority=8 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0
3 name="Down" parent=Local flow="" limit-at=0 queue=default priority=8
max-limit=131072 burst-limit=0 burst-threshold=0 burst-time=0
[admin@Wandy] queue tree> /ip firewall mangle
[admin@Wandy] ip firewall mangle> add dst-address=192.168.0.17/32:20-21 \
\... protocol=tcp mark-flow=Server_Down in-interface=Public
[admin@Wandy] ip firewall mangle> add dst-address=0.0.0.0/0 \
\... mark-flow=Local_Down in-interface=Public
[admin@Wandy] ip firewall mangle> print
Flags: X - disabled, I - invalid, D - dynamic
0 src-address=192.168.0.17/32:20-21 in-interface=Local protocol=tcp
action=accept mark-flow=Server_Up
1 in-interface=Local action=accept mark-flow=Local_Up
2 in-interface=Public dst-address=192.168.0.17/32:20-21 protocol=tcp
action=accept mark-flow=Server_Down
3 in-interface=Public action=accept mark-flow=Local_Down
[admin@Wandy] ip firewall mangle> /queue tree
[admin@Wandy] queue tree> add name=Server_Down parent=Down limit-at=32000 \
\... flow=Server_Down max-limit=128000 priority=7
[admin@Wandy] queue tree> add name=Local_Down parent=Down limit-at=0 \
\... flow=Local_Down
[admin@Wandy] queue tree> print
Flags: X - disabled, I - invalid, D - dynamic
0 name="Up" parent=Public flow="" limit-at=0 queue=default priority=8
max-limit=65536 burst-limit=0 burst-threshold=0 burst-time=0
1 name="Server_Up" parent=Up flow=Server_Up limit-at=32768 queue=default
priority=7 max-limit=65536 burst-limit=0 burst-threshold=0 burst-time=0
2 name="Local_Up" parent=Up flow=Local_Up limit-at=0 queue=default
priority=8 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0
3 name="Down" parent=Local flow="" limit-at=0 queue=default priority=8
max-limit=131072 burst-limit=0 burst-threshold=0 burst-time=0
4 name="Server_Down" parent=Down flow=Server_Down limit-at=32768
queue=default priority=7 max-limit=131072 burst-limit=0
burst-threshold=0 burst-time=0
5 name="Local_Down" parent=Down flow=Local_Down limit-at=0 queue=default
priority=8 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0
[admin@Wandy] queue tree>
Peer-to-Peer Limitation with PCQ
Let us consider a situation where the limited network is 192.168.0.0/24 (see the picture above). We
will limit the p2p download traffic to 256kbit/s and upload to 128kbit/s
The 192.168.0.0/24 network has to be masquaraded in order to get public access (it will use the
address 10.0.0.217). To do so, we will masquerade this network.
[admin@Wandy] ip firewall src-nat> add src-address=192.168.0.0/24 \
\... action=masquerade
[admin@Wandy] ip firewall src-nat> print
Flags: X - disabled, I - invalid, D - dynamic
0 src-address=192.168.0.0/24 action=masquerade