Skip to content
Apr 14 / Greg

Using PCQ With PPPoE – Mikrotik

I came up with a method about 2 years ago to use PCQs with PPPoE instead of the traditional simple queue(SQ) method. As you guys know SQs are more resource intensive and as they grow they can delay packet delivery. Using PCQs can help the resources on heavily utilized routers.

Quick video of configuring everything:

Diagram used in this example

Usermanager

One of the options in usermanager is address-list. If you add something to the address-list entry it will cause a user’s IP address to be added to said list on the PPPoE server when they authenticate.

Usermanager router
First things first, we add the PPPoE server to the router list in user manager.

1
2
3
/tool user-manager router
add coa-port=1700 customer=admin disabled=no ip-address=192.168.0.1 log=\
    auth-fail name=test-pppoe shared-secret=test

Usermanager profile limit
The limit allows you to specify different additional options. We are adding a limit that dynamically adds a user’s IP address to an address-list upon authentication. In the below example the limit is named 1 and the address-list is named 1.

1
2
3
/tool user-manager profile limitation
add address-list=1 download-limit=0B group-name="" ip-pool="" name=1 \
    transfer-limit=0B upload-limit=0B uptime-limit=0s

Usermanager profile
We now create a profile for customers to use. We then associate the above limit with this profile.

1
2
3
4
5
6
/tool user-manager profile
add name=1 name-for-users="" override-shared-users=off price=0 starts-at=\
    logon validity=0s
/tool user-manager profile profile-limitation
add from-time=0s limitation=1 profile=1 till-time=23h59m59s weekdays=\
    sunday,monday,tuesday,friday,saturday

Usermanager user
Now create a user that will reference the created profile.

1
2
3
/tool user-manager user
add customer=admin disabled=no name=1 password=test shared-users=1 \
    wireless-enc-algo=none wireless-enc-key="" wireless-psk=""

Router config

IP address

1
2
/ip address
add address=192.168.0.1/24 interface=ether5

IP pool for pppoe server

1
2
/ip pool
add name=pool1 ranges=192.168.0.10-192.168.0.200

Setup ppp profile

1
2
/ppp profile
set 1 dns-server=8.8.8.8 local-address=192.168.0.1 remote-address=pool1

Configure pppoe server

1
2
3
/interface pppoe-server server
add authentication=pap,chap default-profile=default-encryption disabled=no \
    interface=ether5 service-name=service1

Set pppoe to use radius

1
2
/ppp aaa
set use-radius=yes

Setup radius profile and enable incoming radius.

1
2
3
4
/radius
add address=192.168.0.1 secret=test service=ppp
/radius incoming
set accept=yes

Setup mangle rules to mark connections based on address-lists from usermanager. Then packet mark based on connection marks.

1
2
3
4
5
6
7
/ip firewall mangle
add action=mark-connection chain=prerouting new-connection-mark=1 \
    src-address-list=1
add action=mark-packet chain=prerouting connection-mark=1 in-interface=ether5 \
    new-packet-mark=1-download passthrough=no
add action=mark-packet chain=prerouting connection-mark=1 new-packet-mark=\
    1-upload passthrough=no

Create in and out PCQs

1
2
3
4
5
/queue type
add kind=pcq name=1-down-pcq pcq-classifier=dst-address \
    pcq-dst-address6-mask=64 pcq-src-address6-mask=64
add kind=pcq name=1-up-pcq pcq-classifier=src-address pcq-dst-address6-mask=\
    64 pcq-src-address6-mask=64

Add the queues to the queue-tree structure

1
2
3
/queue tree
add name=1-download packet-mark=1-download parent=global-in
add name=1-upload packet-mark=1-upload parent=global-in

As you can see, this isn’t a 100% complete config, but it does give you a good starting place. I just can’t seem to come up with enough time to do anything these days 🙁

One Comment

leave a comment
  1. Red / Aug 20 2013

    Thanks a lot Bro.. we all don’t have enough time to do anything these days, Bless you and thanks again for your great lessons.

Leave a Comment

 

*