Problema banda su reti diverse

[marko.gem]

Salve, ho uno strano problema su una routerboard RB750 (400MHz) fw 6.41
la ether1 è connesso un router
la ether 2,3,4,5 sono 4 reti verso 4 abitazioni
ogni rete usa classi 192.168.6.0/24,192.168.7.0/24,192.168.8.0/24,192.168.9.0/24
ogni interfaccia da 2 a 5 ha dhcp attivo per assegnare rispettivi indirizzi

ci sono delle code (mangle+queue) per gestire la banda internet

il problema evidente che ho, a seguito di lamentele, ho notato che se una rete traffica banda esempio 12-28 mbit in download le altre rimangono soffocate riuscendo aspuntare poche kbit quindi una velocità quasi inutilizzabile. Anche con dei semplici test con dei download di file da una rete, poi contemporanea da un'altra, anche con code disabilitate si nota subito il problema, ad esempio download a 20mbit su una rete, avvio download di un file su altro server da un'altra delle reti e il primo download salta rischiando di raggiugnere anche solo 500kbit o perfino saltare

ripeto il problema si presenta anche con le queue disattivate

qualcuno mai ha avuto un problma simile... ho provato tante cose, senza mai risultato e mi scoccia avere questi buchi che fanno lamentare i diretti interessati, inizialmente immaginavo fossero le code, ma non sono loro...

qualunque aiuto o inidizio è ben accetto

[radiation]

Questo genere di problema me lo sono trovato sui CRS;
In poche parole il problema lo hai indipendentemente dalla banda internet? Cioè è un problema di traffico interno?

Processore e memoria come si comportano quando sei a tappo?

[marko.gem]

Ciao, grazie della tua risposta
nel mio caso non è permesso il traffico locale, tutte le reti sono isolate permettendo solo il traffico verso la rete Internet, effettivamente la banda è stata di recente aumentata da 13 a 25 mbit ma io credo che il problema era presente anche prima magari in forma più lieve.
Quando noto questo problema la cpu varia da 25-45% e la memoria 6-7MB libere (su 32MB)

tutto è nato da alcune lamentele dei diretti interessati allora nel fare prove sono arrivato a questo, la cosa incredibile è che per le prove ho usato uno smartphone android 7 e un pc windows 8.1.
Se connetto il pc su una rete e lo smarphone su l'altra e avvio dei download pesanti noto subito il problema (una rete va al massimo, l'altra rimane soffocata, quasi inutilizzabile) stamani nel riprovare ho invertito tablet e pc e tutto va alla grande.... io davvero non riesco a capire il legame.
Ho fatto i test più volte, con una combinazione ho il problema con l'altra va tutto alla grande.

Sembrerebbe dai dati, adesso per esempio sto tra le due reti trafficando 40mbit in dw con un utilizzo del 70% max di processore e sempre 7mb ram libere. Se inverto i dispositivi noto il problema, se ne connetto uno solo va al massimo della banda.

Questo è incredibile e non mi sta spiegando nulla

qualcosa mi fa pensare a incompatibilità, infatti una rete ha un access point tplink (che poco mi piacciono ), proseguo con test via cavo!!

[radiation]

Perdonami ma allora non capisco. Perché se il problema sono i download verso internet sono proprio le code checge non lavorano o lavorano male.

Quante code hai? Per essere giusti ne servono N+1 (dove N sono il numero di reti da gestire)

[marko.gem]

Probabilmente non ho descritto tutto bene, se disattivo le code il problmea persiste, non sono loro

la porta1 è l'uplink verso un router
le altre 4 porte sono 4 reti lan, ci sono 4 code di dw e 4 per up (mangle + queue tree)

[marko.gem]

Tra l'altro le code ci sono per ragioni storiche, quando 5 anni fa la connettività era di 7mbit, adesso con 25mbit non sono poi così utili
tra l'altro oltre a questo grosso problema, ho anche il problema che non funziona il limit-at (questo problema lo riscontro anche su un'altra routerboard diversa) ma questo è un problema marginale adesso.

[radiation]

Ma scusa ovvio che senza code il problema c’è!
Il problema è se le code lavorano giuste. Ad esempio diventano rosse le rispettive in caso di saturazione? Hai usato del burst?

Forse è il caso che posti la conf

[marko.gem]

si uso anche dei boost, la prima colpa fu data appunto alle code che non lavoravano bene, ma disabilitandole il problema persisteva.


config

Codice: Seleziona tutto

[marco@gem-router] > export
# mar/20/2018 08:47:54 by RouterOS 6.41.3
# software id = 1C7I-8H52
#
# model = 750
# serial number = 3Bxxxxxxxx
/interface ethernet
set [ find default-name=ether1 ] name=ether1-tgm
set [ find default-name=ether2 ] name=ether2-marco
set [ find default-name=ether3 ] name=ether3-fabio
set [ find default-name=ether4 ] name=ether4-andrea
set [ find default-name=ether5 ] name=ether5-gemlan
/interface list
add exclude=dynamic name=discover
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip ipsec proposal
set [ find default=yes ] enc-algorithms=3des
/ip pool
add name=marco ranges=192.168.6.50-192.168.6.254
add name=fabio ranges=192.168.7.50-192.168.7.254
add name=andrea ranges=192.168.8.50-192.168.8.254
add name=gem ranges=192.168.9.50-192.168.9.254
/ip dhcp-server
add address-pool=marco disabled=no interface=ether2-marco lease-time=1d name=marco
add address-pool=fabio disabled=no interface=ether3-fabio lease-time=1d name=fabio
add address-pool=andrea disabled=no interface=ether4-andrea lease-time=1d name=andrea
add address-pool=gem disabled=no interface=ether5-gemlan lease-time=1d name=gem
/queue tree
add max-limit=50M name=dw parent=global
add max-limit=4M name=up parent=global
add limit-at=400k max-limit=600k name=up-gemlan parent=up
add limit-at=2M max-limit=6M name=dw-gemlan parent=dw
/queue type
add kind=pfifo name=gemDw pfifo-limit=40
add kind=pfifo name=gemUp pfifo-limit=20
/queue tree
add limit-at=1M max-limit=6M name=dw-gemlanGradeB packet-mark=gemlanAllRestDw parent=dw-gemlan priority=2 queue=gemDw
add limit-at=400k max-limit=400k name=dw-gemlanGradeA packet-mark=gemlanPbxVoipDw parent=dw-gemlan priority=1 queue=gemDw
add limit-at=400k max-limit=400k name=up-gemlanGradeA packet-mark=gemlanPbxVoipUp parent=up-gemlan priority=1 queue=gemUp
add limit-at=200k max-limit=600k name=up-gemlanGradeB packet-mark=gemlanAllRestUp parent=up-gemlan priority=2 queue=gemUp
add burst-limit=3700k burst-threshold=950k burst-time=40s limit-at=900k max-limit=2800k name=up-andrea packet-mark=andreaUp parent=up priority=2 queue=gemUp
add burst-limit=3700k burst-threshold=950k burst-time=40s limit-at=900k max-limit=2800k name=up-fabio packet-mark=fabioUp parent=up priority=2 queue=gemUp
add burst-limit=3700k burst-threshold=950k burst-time=40s limit-at=900k max-limit=2800k name=up-marco packet-mark=marcoUp parent=up priority=2 queue=gemUp
add burst-limit=37M burst-threshold=11M burst-time=50s limit-at=10M max-limit=29M name=dw-andrea packet-mark=andreaDw parent=dw priority=2 queue=gemDw
add burst-limit=37M burst-threshold=11M burst-time=50s limit-at=10M max-limit=29M name=dw-fabio packet-mark=fabioDw parent=dw priority=2 queue=gemDw
add burst-limit=37M burst-threshold=11M burst-time=50s limit-at=10M max-limit=29M name=dw-marco packet-mark=marcoDw parent=dw priority=2 queue=gemDw
/snmp community
set [ find default=yes ] addresses=0.0.0.0/0
/system logging action
set 0 memory-lines=100
set 1 disk-lines-per-file=100
/ip neighbor discovery-settings
set discover-interface-list=none
/ip address
add address=192.168.6.1/24 interface=ether2-marco network=192.168.6.0
add address=192.168.7.1/24 interface=ether3-fabio network=192.168.7.0
add address=192.168.8.1/24 interface=ether4-andrea network=192.168.8.0
add address=192.168.5.2/24 interface=ether1-tgm network=192.168.5.0
add address=192.168.9.1/24 interface=ether5-gemlan network=192.168.9.0
/ip cloud
set update-time=no
/ip dhcp-server network
add address=192.168.6.0/24 comment=marco dns-server=192.168.6.1 gateway=192.168.6.1 netmask=24 ntp-server=192.168.6.1
add address=192.168.7.0/24 comment=fabio dns-server=192.168.7.1 gateway=192.168.7.1 netmask=24 ntp-server=192.168.7.1
add address=192.168.8.0/24 comment=andrea dns-server=192.168.8.1 gateway=192.168.8.1 netmask=24 ntp-server=192.168.8.1
add address=192.168.9.0/24 comment=gemlan dns-server=192.168.9.1 gateway=192.168.9.1 netmask=24 ntp-server=192.168.9.1
/ip dns
set allow-remote-requests=yes servers=192.168.5.1
/ip firewall address-list
add address=192.168.5.0/24 list=gemNetworks
add address=192.168.6.0/24 list=gemNetworks
add address=192.168.7.0/24 list=gemNetworks
add address=192.168.8.0/24 list=gemNetworks
add address=192.168.9.0/24 list=gemNetworks
/ip firewall filter
add action=accept chain=forward connection-state=established,related dst-address-list=gemNetworks in-interface=ether1-tgm out-interface=all-ethernet
add action=accept chain=forward connection-nat-state=dstnat connection-state=new dst-address-list=gemNetworks in-interface=ether1-tgm
add action=drop chain=forward in-interface=ether1-tgm
add action=accept chain=forward in-interface=all-ethernet out-interface=ether1-tgm src-address-list=gemNetworks
add action=drop chain=forward out-interface=ether1-tgm
add action=accept chain=forward connection-state=established,related in-interface=ether5-gemlan out-interface=all-ethernet src-address-list=gemNetworks
add action=accept chain=forward dst-address-list=gemNetworks in-interface=all-ethernet out-interface=ether5-gemlan
add action=drop chain=forward
add action=accept chain=input connection-state=established,related in-interface=all-ethernet
add action=accept chain=input connection-state=new in-interface=all-ethernet protocol=icmp
add action=accept chain=input connection-state=new dst-port=80,8291 in-interface=all-ethernet protocol=tcp src-address-list=gemNetworks
add action=drop chain=input in-interface=ether1-tgm
add action=accept chain=input connection-state=new dst-port=53 in-interface=all-ethernet protocol=udp src-address-list=gemNetworks
add action=accept chain=input connection-state=new dst-port=123 in-interface=all-ethernet protocol=udp src-address-list=gemNetworks
add action=drop chain=input
/ip firewall mangle
add action=mark-connection chain=forward connection-state=new dst-address-list=!gemNetworks in-interface=ether4-andrea new-connection-mark=andreaCon out-interface=ether1-tgm passthrough=yes
add action=mark-packet chain=forward connection-mark=andreaCon in-interface=ether1-tgm new-packet-mark=andreaDw out-interface=ether4-andrea passthrough=no
add action=mark-packet chain=forward connection-mark=andreaCon in-interface=ether4-andrea new-packet-mark=andreaUp out-interface=ether1-tgm passthrough=no
add action=mark-connection chain=forward connection-state=new dst-address-list=!gemNetworks in-interface=ether2-marco new-connection-mark=marcoCon out-interface=ether1-tgm passthrough=yes
add action=mark-packet chain=forward connection-mark=marcoCon in-interface=ether1-tgm new-packet-mark=marcoDw out-interface=ether2-marco passthrough=no
add action=mark-packet chain=forward connection-mark=marcoCon in-interface=ether2-marco new-packet-mark=marcoUp out-interface=ether1-tgm passthrough=no
add action=mark-connection chain=forward connection-state=new dst-address-list=!gemNetworks in-interface=ether3-fabio new-connection-mark=fabioCon out-interface=ether1-tgm passthrough=yes
add action=mark-packet chain=forward connection-mark=fabioCon in-interface=ether1-tgm new-packet-mark=fabioDw out-interface=ether3-fabio passthrough=no
add action=mark-packet chain=forward connection-mark=fabioCon in-interface=ether3-fabio new-packet-mark=fabioUp out-interface=ether1-tgm passthrough=no
add action=mark-connection chain=forward connection-state=new dst-address-list=!gemNetworks in-interface=ether5-gemlan new-connection-mark=gemlanCon out-interface=ether1-tgm passthrough=yes
add action=mark-connection chain=forward connection-mark=gemlanCon dst-port="" new-connection-mark=pbxVoipCon passthrough=yes protocol=udp src-address=192.168.9.5 src-port=5060-5061,10000-20000
add action=mark-packet chain=forward connection-mark=gemlanCon in-interface=ether1-tgm new-packet-mark=gemlanAllRestDw out-interface=ether5-gemlan passthrough=no
add action=mark-packet chain=forward connection-mark=gemlanCon in-interface=ether5-gemlan new-packet-mark=gemlanAllRestUp out-interface=ether1-tgm passthrough=no
add action=mark-packet chain=forward connection-mark=pbxVoipCon in-interface=ether1-tgm new-packet-mark=gemlanPbxVoipDw out-interface=ether5-gemlan passthrough=no
add action=mark-packet chain=forward connection-mark=pbxVoipCon in-interface=ether5-gemlan new-packet-mark=gemlanPbxVoipUp out-interface=ether1-tgm passthrough=no
add action=mark-connection chain=forward connection-state=new in-interface=ether1-tgm new-connection-mark=andreaCon out-interface=ether4-andrea passthrough=yes src-address-list=!gemNetworks
add action=mark-connection chain=forward connection-state=new in-interface=ether1-tgm new-connection-mark=marcoCon out-interface=ether2-marco passthrough=yes src-address-list=!gemNetworks
add action=mark-connection chain=forward connection-state=new in-interface=ether1-tgm new-connection-mark=fabioCon out-interface=ether3-fabio passthrough=yes src-address-list=!gemNetworks
add action=mark-connection chain=forward connection-state=new in-interface=ether1-tgm new-connection-mark=gemlanCon out-interface=ether5-gemlan passthrough=yes src-address-list=!gemNetworks
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1-tgm src-address-list=gemNetworks
/ip firewall service-port
set ftp disabled=yes
set tftp disabled=yes
set irc disabled=yes
set h323 disabled=yes
set sip disabled=yes
set pptp disabled=yes
set udplite disabled=yes
set dccp disabled=yes
set sctp disabled=yes
/ip ipsec policy
set 0 dst-address=0.0.0.0/0 src-address=0.0.0.0/0
/ip proxy
set cache-path=web-proxy1
/ip route
add distance=1 gateway=192.168.5.1
/ip service
set telnet disabled=yes
set ftp disabled=yes
set ssh disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/system clock
set time-zone-autodetect=no time-zone-name=Europe/Rome
/system identity
set name=gem-router
/system ntp client
set enabled=yes primary-ntp=192.168.5.1
/system ntp server
set enabled=yes
/tool bandwidth-server
set enabled=no
/tool mac-server
set allowed-interface-list=none
[marco@gem-router] >

[radiation]

Sinceramente non ho capito perchè fai tutto quel mangle e perchè usi le queue tree; per fare quello che dici bastano delle simple queue e due regole di firewall sulle rotte (nel caso vuoi isolare le reti).
Ho modificato solo la parte code.......
La prima è dove viene specificata la banda totale a disposizione.
Le altre 3 sono le reti (che io ho appoggiato ai bridge, ma puoi specificaree le interfacce).

Codice: Seleziona tutto

[marco@gem-router] > export
    # mar/20/2018 08:47:54 by RouterOS 6.41.3
    # software id = 1C7I-8H52
    #
    # model = 750
    # serial number = 3Bxxxxxxxx
    /interface ethernet
    set [ find default-name=ether1 ] name=ether1-tgm
    set [ find default-name=ether2 ] name=ether2-marco
    set [ find default-name=ether3 ] name=ether3-fabio
    set [ find default-name=ether4 ] name=ether4-andrea
    set [ find default-name=ether5 ] name=ether5-gemlan
    /interface list
    add exclude=dynamic name=discover
    /interface wireless security-profiles
    set [ find default=yes ] supplicant-identity=MikroTik
    /ip ipsec proposal
    set [ find default=yes ] enc-algorithms=3des
    /ip pool
    add name=marco ranges=192.168.6.50-192.168.6.254
    add name=fabio ranges=192.168.7.50-192.168.7.254
    add name=andrea ranges=192.168.8.50-192.168.8.254
    add name=gem ranges=192.168.9.50-192.168.9.254
    /ip dhcp-server
    add address-pool=marco disabled=no interface=ether2-marco lease-time=1d name=marco
    add address-pool=fabio disabled=no interface=ether3-fabio lease-time=1d name=fabio
    add address-pool=andrea disabled=no interface=ether4-andrea lease-time=1d name=andrea
    add address-pool=gem disabled=no interface=ether5-gemlan lease-time=1d name=gem
   
   
   /queue simple
   add max-limit=25M/25M name=global target=""
   add limit-at=2M/2M max-limit=5M/10M name=Coda1 parent=global target=\
    "Bridge1"
   add limit-at=2M/2M max-limit=5M/12M name=Coda2 parent=global target=\
    "Bridge2"
   add limit-at=20M/20M max-limit=25M/25M name=Coda3 parent=global priority=1/1 \
    queue=default/default target="Bridge3"
   
    /snmp community
    set [ find default=yes ] addresses=0.0.0.0/0
    /system logging action
    set 0 memory-lines=100
    set 1 disk-lines-per-file=100
    /ip neighbor discovery-settings
    set discover-interface-list=none
    /ip address
    add address=192.168.6.1/24 interface=ether2-marco network=192.168.6.0
    add address=192.168.7.1/24 interface=ether3-fabio network=192.168.7.0
    add address=192.168.8.1/24 interface=ether4-andrea network=192.168.8.0
    add address=192.168.5.2/24 interface=ether1-tgm network=192.168.5.0
    add address=192.168.9.1/24 interface=ether5-gemlan network=192.168.9.0
    /ip cloud
    set update-time=no
    /ip dhcp-server network
    add address=192.168.6.0/24 comment=marco dns-server=192.168.6.1 gateway=192.168.6.1 netmask=24 ntp-server=192.168.6.1
    add address=192.168.7.0/24 comment=fabio dns-server=192.168.7.1 gateway=192.168.7.1 netmask=24 ntp-server=192.168.7.1
    add address=192.168.8.0/24 comment=andrea dns-server=192.168.8.1 gateway=192.168.8.1 netmask=24 ntp-server=192.168.8.1
    add address=192.168.9.0/24 comment=gemlan dns-server=192.168.9.1 gateway=192.168.9.1 netmask=24 ntp-server=192.168.9.1
    /ip dns
    set allow-remote-requests=yes servers=192.168.5.1
    /ip firewall address-list
    add address=192.168.5.0/24 list=gemNetworks
    add address=192.168.6.0/24 list=gemNetworks
    add address=192.168.7.0/24 list=gemNetworks
    add address=192.168.8.0/24 list=gemNetworks
    add address=192.168.9.0/24 list=gemNetworks
    /ip firewall filter
    add action=accept chain=forward connection-state=established,related dst-address-list=gemNetworks in-interface=ether1-tgm out-interface=all-ethernet
    add action=accept chain=forward connection-nat-state=dstnat connection-state=new dst-address-list=gemNetworks in-interface=ether1-tgm
    add action=drop chain=forward in-interface=ether1-tgm
    add action=accept chain=forward in-interface=all-ethernet out-interface=ether1-tgm src-address-list=gemNetworks
    add action=drop chain=forward out-interface=ether1-tgm
    add action=accept chain=forward connection-state=established,related in-interface=ether5-gemlan out-interface=all-ethernet src-address-list=gemNetworks
    add action=accept chain=forward dst-address-list=gemNetworks in-interface=all-ethernet out-interface=ether5-gemlan
    add action=drop chain=forward
    add action=accept chain=input connection-state=established,related in-interface=all-ethernet
    add action=accept chain=input connection-state=new in-interface=all-ethernet protocol=icmp
    add action=accept chain=input connection-state=new dst-port=80,8291 in-interface=all-ethernet protocol=tcp src-address-list=gemNetworks
    add action=drop chain=input in-interface=ether1-tgm
    add action=accept chain=input connection-state=new dst-port=53 in-interface=all-ethernet protocol=udp src-address-list=gemNetworks
    add action=accept chain=input connection-state=new dst-port=123 in-interface=all-ethernet protocol=udp src-address-list=gemNetworks
    add action=drop chain=input
    /ip firewall mangle
    add action=mark-connection chain=forward connection-state=new dst-address-list=!gemNetworks in-interface=ether4-andrea new-connection-mark=andreaCon out-interface=ether1-tgm passthrough=yes
    add action=mark-packet chain=forward connection-mark=andreaCon in-interface=ether1-tgm new-packet-mark=andreaDw out-interface=ether4-andrea passthrough=no
    add action=mark-packet chain=forward connection-mark=andreaCon in-interface=ether4-andrea new-packet-mark=andreaUp out-interface=ether1-tgm passthrough=no
    add action=mark-connection chain=forward connection-state=new dst-address-list=!gemNetworks in-interface=ether2-marco new-connection-mark=marcoCon out-interface=ether1-tgm passthrough=yes
    add action=mark-packet chain=forward connection-mark=marcoCon in-interface=ether1-tgm new-packet-mark=marcoDw out-interface=ether2-marco passthrough=no
    add action=mark-packet chain=forward connection-mark=marcoCon in-interface=ether2-marco new-packet-mark=marcoUp out-interface=ether1-tgm passthrough=no
    add action=mark-connection chain=forward connection-state=new dst-address-list=!gemNetworks in-interface=ether3-fabio new-connection-mark=fabioCon out-interface=ether1-tgm passthrough=yes
    add action=mark-packet chain=forward connection-mark=fabioCon in-interface=ether1-tgm new-packet-mark=fabioDw out-interface=ether3-fabio passthrough=no
    add action=mark-packet chain=forward connection-mark=fabioCon in-interface=ether3-fabio new-packet-mark=fabioUp out-interface=ether1-tgm passthrough=no
    add action=mark-connection chain=forward connection-state=new dst-address-list=!gemNetworks in-interface=ether5-gemlan new-connection-mark=gemlanCon out-interface=ether1-tgm passthrough=yes
    add action=mark-connection chain=forward connection-mark=gemlanCon dst-port="" new-connection-mark=pbxVoipCon passthrough=yes protocol=udp src-address=192.168.9.5 src-port=5060-5061,10000-20000
    add action=mark-packet chain=forward connection-mark=gemlanCon in-interface=ether1-tgm new-packet-mark=gemlanAllRestDw out-interface=ether5-gemlan passthrough=no
    add action=mark-packet chain=forward connection-mark=gemlanCon in-interface=ether5-gemlan new-packet-mark=gemlanAllRestUp out-interface=ether1-tgm passthrough=no
    add action=mark-packet chain=forward connection-mark=pbxVoipCon in-interface=ether1-tgm new-packet-mark=gemlanPbxVoipDw out-interface=ether5-gemlan passthrough=no
    add action=mark-packet chain=forward connection-mark=pbxVoipCon in-interface=ether5-gemlan new-packet-mark=gemlanPbxVoipUp out-interface=ether1-tgm passthrough=no
    add action=mark-connection chain=forward connection-state=new in-interface=ether1-tgm new-connection-mark=andreaCon out-interface=ether4-andrea passthrough=yes src-address-list=!gemNetworks
    add action=mark-connection chain=forward connection-state=new in-interface=ether1-tgm new-connection-mark=marcoCon out-interface=ether2-marco passthrough=yes src-address-list=!gemNetworks
    add action=mark-connection chain=forward connection-state=new in-interface=ether1-tgm new-connection-mark=fabioCon out-interface=ether3-fabio passthrough=yes src-address-list=!gemNetworks
    add action=mark-connection chain=forward connection-state=new in-interface=ether1-tgm new-connection-mark=gemlanCon out-interface=ether5-gemlan passthrough=yes src-address-list=!gemNetworks
    /ip firewall nat
    add action=masquerade chain=srcnat out-interface=ether1-tgm src-address-list=gemNetworks
    /ip firewall service-port
    set ftp disabled=yes
    set tftp disabled=yes
    set irc disabled=yes
    set h323 disabled=yes
    set sip disabled=yes
    set pptp disabled=yes
    set udplite disabled=yes
    set dccp disabled=yes
    set sctp disabled=yes
    /ip ipsec policy
    set 0 dst-address=0.0.0.0/0 src-address=0.0.0.0/0
    /ip proxy
    set cache-path=web-proxy1
    /ip route
    add distance=1 gateway=192.168.5.1
    /ip service
    set telnet disabled=yes
    set ftp disabled=yes
    set ssh disabled=yes
    set api disabled=yes
    set api-ssl disabled=yes
    /system clock
    set time-zone-autodetect=no time-zone-name=Europe/Rome
    /system identity
    set name=gem-router
    /system ntp client
    set enabled=yes primary-ntp=192.168.5.1
    /system ntp server
    set enabled=yes
    /tool bandwidth-server
    set enabled=no
    /tool mac-server
    set allowed-interface-list=none

[marko.gem]

Ciao, faccio il mangle perchè in passato sulla ehter1 oltre al router vdsl erano presenti altri dispositivi (telecamere ip) con i mangle riuscivo a prendere solo il traffico verso internet e non quello verso i decoder che quindi non era limitato.

Effettivamente adesso potrei rimuovere il tutto. In ogni modo il mangle che sono in uso prendono le connessioni di ognuna delle 3 reti e poi marcano i pacchetti in up e in dw (anche li bastava usare nelle queue le interfacce per determinare se up e dw, ma per me era più chiaro marcarli così).
Nella rete gemlan c'è un centralino asterisk, così prendo il traffico voip che poi viene data maggiore priorità nelle code, in passato cera anche un hotspot ma è stato rimosso anche questo.

Per il firewall idem, in passato la ether1 era una sorta di rete pubblica, la gemlan doveva avere accesso da tutte le 3 reti (per il centralino) e altri servizi di rete comuni a tutte le reti... adesso però potrei snellire non poco perchè negli anni tanti servizi non più usati sono stati tolti.

posso chiederti come funziona questa configurazione?

Codice: Seleziona tutto

/queue simple
   add max-limit=25M/25M name=global target=""
   add limit-at=2M/2M max-limit=5M/10M name=Coda1 parent=global target=\
    "Bridge1"
   add limit-at=2M/2M max-limit=5M/12M name=Coda2 parent=global target=\
    "Bridge2"
   add limit-at=20M/20M max-limit=25M/25M name=Coda3 parent=global priority=1/1 \
    queue=default/default target="Bridge3"


tu crei una coda con limitemassimo 25/25 in up e dw
poi crei un'altra coda con banda minima up/dw 2M massima 5M up 10M dw legata a un bridge
poi un'altra sembre minima 2/2 M massima 5 up 12 DW legata ad altro bridge
un ultima min 20/20 M 25/25M max legata ad un terzi bridge

perdonami l'ignoranza a me sembrerebbero 3 limitazioni diverse (velocità diverse) du cui la terza con maggiore priorità, puoi farmi capire meglio per favore?
grazie