Работа Priority в Queues в Mikrotik

Базовая функциональность RouterOS
23q
Сообщения: 1
Зарегистрирован: 29 май 2019, 09:02

Работа Priority в Queues в Mikrotik

Сообщение 23q »

Добрый день! Есть созданные Queues.

Часть правил рулят внутри впн, часть снаружи.
Внутри туннеля запускаю скачивание по фтп
Изображение

Как видим уходит все правильно, загружает всю выделенную полосу.

Теперь снаружи туннеля запускаю веб-трафик, не прерывая загрузку фтп

Изображение

Подскажите почему падает скорость фтп? Ведь приоритет туннеля (соответственно и трафика внутри) выше чем веб трафика что снаружи (приоритет впн туннеля 2, а веб-трафика снаружи 3)

При чем приоретизация внутри туннеля работает:

Изображение

Я уже запутался окончательно. Помогите пожалуйста! :)

Конфиг:
/queue

Код: Выделить всё

/queue tree
add max-limit=20M name=in parent=global
add max-limit=20M name=out parent=global
/queue type
add kind=pcq name=SIP pcq-classifier=\
    src-address,dst-address,src-port,dst-port pcq-limit=10KiB pcq-rate=160k
/queue tree
add max-limit=10M name=wan_other_in packet-mark=wan_other_in parent=in queue=\
    pcq-download-default
add max-limit=10M name=wan_other_out packet-mark=wan_other_out parent=out \
    queue=pcq-upload-default
add max-limit=17M name=vpn_in packet-mark=vpn_in parent=in priority=2 queue=\
    pcq-download-default
add limit-at=17M max-limit=17M name=vpn_out packet-mark=vpn_out parent=out \
    priority=2 queue=pcq-upload-default
add max-limit=6M name=open_in packet-mark=open_in parent=in priority=5 queue=\
    pcq-download-default
add max-limit=6M name=open_out packet-mark=open_out parent=out priority=5 \
    queue=pcq-upload-default
add max-limit=5M name=service_out_wan packet-mark=service_out_wan parent=out \
    priority=1 queue=pcq-upload-default
add max-limit=5M name=service_in_wan packet-mark=service_in_wan parent=in \
    priority=1 queue=pcq-download-default
add max-limit=15M name=web_in packet-mark=web_in parent=in priority=3 queue=\
    pcq-download-default
add max-limit=20M name=web_out packet-mark=web_out parent=out priority=3 \
    queue=pcq-upload-default
add max-limit=15M name=nvr_in packet-mark=nvr_in parent=in priority=4 queue=\
    pcq-download-default
add max-limit=15M name=nvr_out packet-mark=nvr_out parent=out priority=4 \
    queue=pcq-upload-default
add max-limit=5M name=service_in packet-mark=service_in parent=vpn_in \
    priority=1 queue=pcq-download-default
add max-limit=5M name=service_out packet-mark=service_out parent=vpn_out \
    priority=1 queue=pcq-upload-default
add max-limit=10M name=sip_in packet-mark=sip_in parent=vpn_in priority=2 \
    queue=SIP
add max-limit=10M name=sip_out packet-mark=sip_out parent=vpn_out priority=2 \
    queue=SIP
add max-limit=17M name=1c_in packet-mark=1c_in parent=vpn_in priority=3 \
    queue=pcq-download-default
add max-limit=17M name=1c_out packet-mark=1c_out parent=vpn_out priority=3 \
    queue=pcq-upload-default
add max-limit=17M name=printer_in packet-mark=printer_in parent=vpn_in \
    priority=4 queue=pcq-download-default
add max-limit=17M name=printer_out packet-mark=printer_out parent=vpn_out \
    priority=4 queue=pcq-upload-default
add max-limit=17M name=rdp_vnc_in packet-mark=rdp_vnc_in parent=vpn_in \
    priority=5 queue=pcq-download-default
add max-limit=17M name=rdp_vnc_out packet-mark=rdp_vnc_out parent=vpn_out \
    priority=5 queue=pcq-upload-default
add max-limit=6M name=ftp_in packet-mark=ftp_in parent=vpn_in priority=6 \
    queue=pcq-download-default
add max-limit=6M name=ftp_out packet-mark=ftp_out parent=vpn_out priority=6 \
    queue=pcq-upload-default
add max-limit=17M name=vpn_all_in packet-mark=vpn_all_in parent=vpn_in queue=\
    pcq-download-default
add max-limit=17M name=vpn_all_out packet-mark=vpn_all_out parent=vpn_out \
    queue=pcq-upload-default
/ip firewall mangle

Код: Выделить всё

/ip firewall mangle
add action=mark-connection chain=prerouting comment=Open new-connection-mark=\
    open passthrough=no src-address=192.168.0.0/24
add action=mark-packet chain=forward connection-mark=open new-packet-mark=\
    open_in out-interface-list=wan passthrough=no
add action=mark-packet chain=forward connection-mark=open in-interface-list=\
    wan new-packet-mark=open_out passthrough=no
add action=mark-connection chain=prerouting comment=NVR dst-port=\
    1511 in-interface-list=wan new-connection-mark=nvr passthrough=\
    no protocol=tcp
add action=mark-packet chain=forward connection-mark=nvr new-packet-mark=\
    nvr_in out-interface-list=wan passthrough=no
add action=mark-packet chain=forward connection-mark=nvr in-interface-list=\
    wan new-packet-mark=nvr_out passthrough=no
add action=mark-connection chain=prerouting comment=WEB dst-port=80,443,8080 \
    new-connection-mark=web passthrough=no protocol=tcp src-address=\
    10.2.14.0/24
add action=mark-packet chain=forward connection-mark=web new-packet-mark=\
    web_in out-interface-list=wan passthrough=no
add action=mark-packet chain=forward connection-mark=web in-interface-list=\
    wan new-packet-mark=web_out passthrough=no
add action=mark-connection chain=prerouting comment=FTP dst-port=20,21 \
    new-connection-mark=ftp passthrough=no protocol=tcp
add action=mark-packet chain=forward connection-mark=ftp new-packet-mark=\
    ftp_in out-interface-list=vpn passthrough=no
add action=mark-packet chain=forward connection-mark=ftp in-interface-list=\
    vpn new-packet-mark=ftp_out passthrough=no
add action=mark-connection chain=prerouting comment=RDP_VNC dst-port=\
    3389,5900-5906,623 new-connection-mark=rdp_vnc passthrough=no protocol=\
    tcp
add action=mark-packet chain=forward connection-mark=rdp_vnc new-packet-mark=\
    rdp_vnc_in out-interface-list=vpn passthrough=no
add action=mark-packet chain=forward connection-mark=rdp_vnc \
    in-interface-list=vpn new-packet-mark=rdp_vnc_out passthrough=no
add action=mark-connection chain=prerouting comment=Printer dst-port=9100 \
    new-connection-mark=printer passthrough=no protocol=tcp
add action=mark-packet chain=forward connection-mark=printer new-packet-mark=\
    printer_in out-interface-list=vpn passthrough=no
add action=mark-packet chain=forward connection-mark=printer \
    in-interface-list=vpn new-packet-mark=printer_out passthrough=no
add action=mark-connection chain=prerouting comment=1C dst-port=\
    1540,1541,1560-1591 new-connection-mark=1c passthrough=no protocol=tcp
add action=mark-packet chain=forward connection-mark=1c new-packet-mark=1c_in \
    out-interface-list=vpn passthrough=no
add action=mark-packet chain=forward connection-mark=1c in-interface-list=vpn \
    new-packet-mark=1c_out passthrough=no
add action=mark-connection chain=prerouting comment=SIP dst-port=\
    5060,10000-20000 new-connection-mark=sip passthrough=no protocol=udp
add action=mark-packet chain=forward connection-mark=sip new-packet-mark=\
    sip_in out-interface-list=vpn passthrough=no
add action=mark-packet chain=forward connection-mark=sip in-interface-list=\
    vpn new-packet-mark=sip_out passthrough=no
add action=mark-connection chain=input comment=Service dst-port=\
    1111,1112,1113 new-connection-mark=service_in passthrough=no protocol=tcp
add action=mark-connection chain=input dst-port=53 new-connection-mark=\
    service_in passthrough=no protocol=udp
add action=mark-connection chain=input icmp-options=8:0 new-connection-mark=\
    service_in passthrough=no protocol=icmp
add action=mark-packet chain=prerouting connection-mark=service_in \
    in-interface-list=vpn new-packet-mark=service_in passthrough=no
add action=mark-packet chain=prerouting connection-mark=service_in \
    in-interface-list=wan new-packet-mark=service_in_wan passthrough=no
add action=mark-connection chain=output new-connection-mark=service_out \
    passthrough=no protocol=tcp src-port=1111,1112,1113
add action=mark-connection chain=output new-connection-mark=service_out \
    passthrough=no protocol=udp src-port=53
add action=mark-connection chain=output icmp-options=8:0 new-connection-mark=\
    service_out passthrough=no protocol=icmp
add action=mark-packet chain=postrouting connection-mark=service_out \
    new-packet-mark=service_out out-interface-list=vpn passthrough=no
add action=mark-packet chain=postrouting connection-mark=service_out \
    new-packet-mark=service_out_wan out-interface-list=wan passthrough=no
add action=mark-connection chain=input comment=VPN_mark dst-port=\
    1701,500,4500 new-connection-mark=vpn_in passthrough=no protocol=udp
add action=mark-connection chain=input new-connection-mark=vpn_in \
    passthrough=no protocol=ipsec-esp
add action=mark-connection chain=input new-connection-mark=vpn_in \
    passthrough=no protocol=ipsec-ah
add action=mark-packet chain=prerouting connection-mark=vpn_in \
    new-packet-mark=vpn_in passthrough=no
add action=mark-connection chain=output new-connection-mark=vpn_out \
    passthrough=no protocol=udp src-port=1701,500,4500
add action=mark-connection chain=output new-connection-mark=vpn_out \
    passthrough=no protocol=ipsec-ah
add action=mark-connection chain=output new-connection-mark=vpn_out \
    passthrough=no protocol=ipsec-esp
add action=mark-packet chain=postrouting connection-mark=vpn_out \
    new-packet-mark=vpn_out passthrough=no
add action=mark-packet chain=forward comment=VPN_other_mark new-packet-mark=\
    vpn_all_in out-interface-list=vpn passthrough=no
add action=mark-packet chain=forward in-interface-list=vpn new-packet-mark=\
    vpn_all_out passthrough=no
add action=mark-packet chain=forward comment=WAN_other_mark \
    in-interface-list=wan new-packet-mark=wan_other_in passthrough=no
add action=mark-packet chain=forward new-packet-mark=wan_other_out \
    out-interface-list=wan passthrough=no