Using PCQ With PPPoE – Mikrotik
I came up with a method about 2 years ago to use PCQs with PPPoE instead of the traditional simple queue(SQ) method. As you guys know SQs are more resource intensive and as they grow they can delay packet delivery. Using PCQs can help the resources on heavily utilized routers.
Quick video of configuring everything:
Diagram used in this example
Usermanager
One of the options in usermanager is address-list. If you add something to the address-list entry it will cause a user’s IP address to be added to said list on the PPPoE server when they authenticate.
Usermanager router
First things first, we add the PPPoE server to the router list in user manager.
1 2 3 | /tool user-manager router
add coa-port=1700 customer=admin disabled=no ip-address=192.168.0.1 log=\
auth-fail name=test-pppoe shared-secret=test |
Usermanager profile limit
The limit allows you to specify different additional options. We are adding a limit that dynamically adds a user’s IP address to an address-list upon authentication. In the below example the limit is named 1 and the address-list is named 1.
1 2 3 | /tool user-manager profile limitation
add address-list=1 download-limit=0B group-name="" ip-pool="" name=1 \
transfer-limit=0B upload-limit=0B uptime-limit=0s |
Usermanager profile
We now create a profile for customers to use. We then associate the above limit with this profile.
1 2 3 4 5 6 | /tool user-manager profile
add name=1 name-for-users="" override-shared-users=off price=0 starts-at=\
logon validity=0s
/tool user-manager profile profile-limitation
add from-time=0s limitation=1 profile=1 till-time=23h59m59s weekdays=\
sunday,monday,tuesday,friday,saturday |
Usermanager user
Now create a user that will reference the created profile.
1 2 3 | /tool user-manager user
add customer=admin disabled=no name=1 password=test shared-users=1 \
wireless-enc-algo=none wireless-enc-key="" wireless-psk="" |
Router config
IP address
1 2 | /ip address add address=192.168.0.1/24 interface=ether5 |
IP pool for pppoe server
1 2 | /ip pool add name=pool1 ranges=192.168.0.10-192.168.0.200 |
Setup ppp profile
1 2 | /ppp profile set 1 dns-server=8.8.8.8 local-address=192.168.0.1 remote-address=pool1 |
Configure pppoe server
1 2 3 | /interface pppoe-server server
add authentication=pap,chap default-profile=default-encryption disabled=no \
interface=ether5 service-name=service1 |
Set pppoe to use radius
1 2 | /ppp aaa set use-radius=yes |
Setup radius profile and enable incoming radius.
1 2 3 4 | /radius add address=192.168.0.1 secret=test service=ppp /radius incoming set accept=yes |
Setup mangle rules to mark connections based on address-lists from usermanager. Then packet mark based on connection marks.
1 2 3 4 5 6 7 | /ip firewall mangle
add action=mark-connection chain=prerouting new-connection-mark=1 \
src-address-list=1
add action=mark-packet chain=prerouting connection-mark=1 in-interface=ether5 \
new-packet-mark=1-download passthrough=no
add action=mark-packet chain=prerouting connection-mark=1 new-packet-mark=\
1-upload passthrough=no |
Create in and out PCQs
1 2 3 4 5 | /queue type
add kind=pcq name=1-down-pcq pcq-classifier=dst-address \
pcq-dst-address6-mask=64 pcq-src-address6-mask=64
add kind=pcq name=1-up-pcq pcq-classifier=src-address pcq-dst-address6-mask=\
64 pcq-src-address6-mask=64 |
Add the queues to the queue-tree structure
1 2 3 | /queue tree add name=1-download packet-mark=1-download parent=global-in add name=1-upload packet-mark=1-upload parent=global-in |
As you can see, this isn’t a 100% complete config, but it does give you a good starting place. I just can’t seem to come up with enough time to do anything these days 🙁
Thanks a lot Bro.. we all don’t have enough time to do anything these days, Bless you and thanks again for your great lessons.