Hello again.. Many of my friends using mikrotik devices in their network complains that whenever users starts downloading anything ping to their gateway (Mikrotik NAS) becomes unexceptionally high and gradually results in “Request timed out”.
After inspection I found that whenever users uses 100% of their allotted bandwidth, since we have not assigned any QOS(Quality of Service) for ping (ICMP Protocol) the request drops.
For this we need to create some mangle rules for marking connection and packet for ICMP requests and ICMP reply separately and then assign a simple queue mentioning the packet mark assigning a fixed bandwidth (say 512 kbps) for it. Then we can see even if users download at full bandwidth, the ping will be <1 ms to 2 ms max.
But unfortunately, hotspot users still faces a problem as when they log in the ICMP queue is moved below and thus reduces its priority. There is also a simple solution to it as we can simply add a script in user profile which will move the ICMP queue to the top(position 0) each time an user logs in.
Thanks a lot to Mr. Syed Jahanzaib for his valuable inputs.
Steps:
- From IP -> Firewall -> Mangle Create a rule for Chain Prerouting, protocol ICMP. (For ICMP Requests)
- In Action we will mark the connection and give a name – icmp-con.
- From IP -> Firewall -> Mangle Create a rule for Chain Postrouting, protocol ICMP. (For ICMP Reply)
- In Action we will mark the connection and give a name – icmp-con.
- Then again we will create a mangle rule for marking packets based on previously marked connections. First we will do it for prerouting chain.
- Then we will mark packets and give a name icmp-pkt.
- We will repeat the same for post routing chain.
- We will also mark the postrouting packets with same name.
- Check the order of the newly created rules. Make sure these rules are not blocked by any other mangle rules. It’s better to write them at the beginning.
- Create a queue with 512 kbps policy.
- Select packet mark as icmp-pkt and also select limit-at bandwidth.
- Make sure queue is at the top of any other queue.
- Create a script from System –> Scripts with the following source:
/queue simple move [find name="ICMP"] [:pick [find] 0]
- Then goto IP –> Hotspot –> User Profile. Select the desired profile and under scripts add the following:
/system script run moveICMP