No consigo optimizar el QoS...

Buenas tardes, he intentando probando muchas cosas, leídas tanto en este foro, como en Reddit y el foro oficial de mikrotik...

Pero no consigo evitar que el iptv se bloquee, incluso las consolas pierden paquetes (sin aumentar el ping del juego) cuando aprieto la conexión, con fast.com o con algún torrent con alguna iso de ubuntu...

Aquí una captura actual, con la cpu sobre 55% de uso, donde aun no está aprovechando toda la velocidad de la conexión y donde ya está parado el iptv.
El iptv va por tcp al puerto 25461, y no es problema de este, ya que al cerrar torrent o fast.com vuelve a ir con normalidad...

Me tiene loco esto ya, quizas el rb3011 se está empezando a agobiar xD

QUEUE TREE.png


Las reglas de mangle las tengo en pruebas tal como he visto por otro foro.

Código:
/ip firewall mangle add action=mark-connection chain=prerouting comment=ICMP connection-mark=no-mark connection-state=new new-connection-mark=ICMP passthro
ugh=yes protocol=icmp src-address-list="RED LAN-WG ADMIN"
/ip firewall mangle add action=mark-packet chain=prerouting comment=ICMP_MARK_DOWNLOAD connection-mark=ICMP in-interface-list=WAN-INTERNET new-packet-mark=
ICMP_MARK_DOWNLOAD passthrough=no
/ip firewall mangle add action=mark-packet chain=prerouting comment=ICMP_MARK_UPLOAD connection-mark=ICMP new-packet-mark=ICMP_MARK_UPLOAD passthrough=no
/ip firewall mangle add action=mark-connection chain=prerouting comment=DNS connection-mark=no-mark connection-state=new dst-port=53 new-connection-mark=DN
S passthrough=yes protocol=udp src-address-list="RED LAN-WG ADMIN"
/ip firewall mangle add action=mark-packet chain=prerouting comment=DNS_MARK_DOWNLOAD connection-mark=DNS in-interface-list=WAN-INTERNET new-packet-mark=DN
S_MARK_DOWNLOAD passthrough=no
/ip firewall mangle add action=mark-packet chain=prerouting comment=DNS_MARK_UPLOAD connection-mark=DNS new-packet-mark=DNS_MARK_UPLOAD passthrough=no
/ip firewall mangle add action=mark-connection chain=prerouting comment="XBOX LIVE - TCP" connection-mark=no-mark connection-state=new new-connection-mark=
"XBOX LIVE" passthrough=yes protocol=tcp src-address=192.168.30.8/31
/ip firewall mangle add action=mark-connection chain=prerouting comment="XBOX LIVE - TCP - DESCARGAS" connection-bytes=5000000-0 connection-mark="XBOX LIVE
" connection-rate=2M-500M new-connection-mark="STREAMING / DESCARGAS" passthrough=yes protocol=tcp
/ip firewall mangle add action=mark-connection chain=prerouting comment="XBOX LIVE - UDP" connection-mark=no-mark connection-state=new new-connection-mark=
"XBOX LIVE" passthrough=yes protocol=udp src-address=192.168.30.8/31
/ip firewall mangle add action=mark-connection chain=prerouting comment="XBOX LIVE - UDP - DESCARGAS" connection-bytes=5000000-0 connection-mark="XBOX LIVE
" connection-rate=2M-500M new-connection-mark="QUIC_STREAMING / DESCARGAS" passthrough=yes protocol=udp
/ip firewall mangle add action=mark-packet chain=prerouting comment="XBOX LIVE_MARK_DOWNLOAD" connection-mark="XBOX LIVE" in-interface-list=WAN-INTERNET ne
w-packet-mark="XBOX LIVE_MARK_DOWNLOAD" passthrough=no
/ip firewall mangle add action=mark-packet chain=prerouting comment="XBOX LIVE_MARK_UPLOAD" connection-mark="XBOX LIVE" new-packet-mark="XBOX LIVE_MARK_UPL
OAD" passthrough=no
/ip firewall mangle add action=mark-connection chain=prerouting comment="VOZIP - UDP - 5060-5062,10000-10050" connection-mark=no-mark connection-state=new
dst-port=5060-5062,10000-10050 new-connection-mark=VOZIP passthrough=yes protocol=udp src-address-list="RED LAN-WG ADMIN"
/ip firewall mangle add action=mark-packet chain=prerouting comment=VOZIP_MARK_DOWNLOAD connection-mark=VOZIP in-interface-list=WAN-INTERNET new-packet-mar
k=VOZIP_MARK_DOWNLOAD passthrough=no
/ip firewall mangle add action=mark-packet chain=prerouting comment=VOZIP_MARK_UPLOAD connection-mark=VOZIP new-packet-mark=VOZIP_MARK_UPLOAD passthrough=n
o
/ip firewall mangle add action=mark-connection chain=prerouting comment=IPTV connection-mark=no-mark connection-state=new dst-port=25461 new-connection-mar
k=IPTV passthrough=yes protocol=tcp src-address-list="RED LAN-WG ADMIN"
/ip firewall mangle add action=mark-packet chain=prerouting comment=IPTV_MARK_DOWNLOAD connection-mark=IPTV in-interface-list=WAN-INTERNET new-packet-mark=
IPTV_MARK_DOWNLOAD passthrough=no
/ip firewall mangle add action=mark-packet chain=prerouting comment=IPTV_MARK_UPLOAD connection-mark=IPTV new-packet-mark=IPTV_MARK_UPLOAD passthrough=no
/ip firewall mangle add action=mark-connection chain=prerouting comment=NAVEGACION connection-mark=no-mark connection-state=new dst-port=80,443 new-connect
ion-mark=NAVEGACION passthrough=yes protocol=tcp src-address-list="RED LAN-WG ADMIN"
/ip firewall mangle add action=mark-connection chain=prerouting comment="STREAMING - DESCARGAS" connection-bytes=5000000-0 connection-mark=NAVEGACION conne
ction-rate=2M-500M new-connection-mark="STREAMING / DESCARGAS" passthrough=yes protocol=tcp
/ip firewall mangle add action=mark-packet chain=prerouting comment="STREAMING / DESCARGAS_MARK_DOWNLOAD" connection-mark="STREAMING / DESCARGAS" in-interf
ace-list=WAN-INTERNET new-packet-mark="STREAMING / DESCARGAS_MARK_DOWNLOAD" passthrough=no
/ip firewall mangle add action=mark-packet chain=prerouting comment="STREAMING / UPLOAD_MARK_UPLOAD" connection-mark="STREAMING / DESCARGAS" new-packet-mar
k="STREAMING / UPLOAD_MARK_UPLOAD" passthrough=no
/ip firewall mangle add action=mark-packet chain=prerouting comment=NAVEGACION_MARK_DOWNLOAD connection-mark=NAVEGACION in-interface-list=WAN-INTERNET new-
packet-mark=NAVEGACION_MARK_DOWNLOAD passthrough=no
/ip firewall mangle add action=mark-packet chain=prerouting comment=NAVEGACION_MARK_UPLOAD connection-mark=NAVEGACION new-packet-mark=NAVEGACION_MARK_UPLOA
D passthrough=no
/ip firewall mangle add action=mark-connection chain=prerouting comment=QUIC connection-mark=no-mark connection-state=new dst-port=80,443 new-connection-ma
rk=QUIC passthrough=yes protocol=udp src-address-list="RED LAN-WG ADMIN"
/ip firewall mangle add action=mark-connection chain=prerouting comment="QUIC_STREAMING / DESCARGAS" connection-bytes=5000000-0 connection-mark=QUIC connec
tion-rate=2M-500M new-connection-mark="QUIC_STREAMING / DESCARGAS" passthrough=yes protocol=udp
/ip firewall mangle add action=mark-packet chain=prerouting comment=QUIC_MARK_DOWNLOAD connection-mark=QUIC in-interface-list=WAN-INTERNET new-packet-mark=
QUIC_MARK_DOWNLOAD passthrough=no
/ip firewall mangle add action=mark-packet chain=prerouting comment=QUIC_MARK_UPLOAD connection-mark=QUIC new-packet-mark=QUIC_MARK_UPLOAD passthrough=no
/ip firewall mangle add action=mark-packet chain=prerouting comment="QUIC_STREAMING / DESCARGAS_MARK_DOWNLOAD" connection-mark="QUIC_STREAMING / DESCARGAS"
 in-interface-list=WAN-INTERNET new-packet-mark="QUIC_STREAMING / DESCARGAS_MARK_DOWNLOAD" passthrough=no
/ip firewall mangle add action=mark-packet chain=prerouting comment="QUIC_STREAMING / UPLOAD_MARK_UPLOAD" connection-mark="QUIC_STREAMING / DESCARGAS" new-
packet-mark="QUIC_STREAMING / UPLOAD_MARK_UPLOAD" passthrough=no
/ip firewall mangle add action=mark-connection chain=prerouting comment=DANIEL connection-mark=no-mark connection-state=new in-interface=bridge-Daniel new-
connection-mark=DANIEL passthrough=yes
/ip firewall mangle add action=mark-packet chain=prerouting comment=DANIEL_MARK_DOWNLOAD connection-mark=DANIEL in-interface-list=WAN-INTERNET new-packet-m
ark=DANIEL_MARK_DOWNLOAD passthrough=no
/ip firewall mangle add action=mark-packet chain=prerouting comment=DANIEL_MARK_UPLOAD connection-mark=DANIEL new-packet-mark=DANIEL_MARK_UPLOAD passthroug
h=no
/ip firewall mangle add action=mark-connection chain=prerouting comment=CRISTIAN connection-mark=no-mark connection-state=new in-interface=bridge-Cristian
new-connection-mark=CRISTIAN passthrough=yes
/ip firewall mangle add action=mark-packet chain=prerouting comment=CRISTIAN_MARK_DOWNLOAD connection-mark=CRISTIAN in-interface-list=WAN-INTERNET new-pack
et-mark=CRISTIAN_MARK_DOWNLOAD passthrough=no
/ip firewall mangle add action=mark-packet chain=prerouting comment=CRISTIAN_MARK_UPLOAD connection-mark=CRISTIAN new-packet-mark=CRISTIAN_MARK_UPLOAD pass
through=no
/ip firewall mangle add action=mark-connection chain=prerouting comment=INVITADOS connection-mark=no-mark connection-state=new in-interface=bridge-Invitado
s new-connection-mark=INVITADOS passthrough=yes
/ip firewall mangle add action=mark-packet chain=prerouting comment=INVITADOS_MARK_DOWNLOAD connection-mark=INVITADOS in-interface-list=WAN-INTERNET new-pa
cket-mark=INVITADOS_MARK_DOWNLOAD passthrough=no
/ip firewall mangle add action=mark-packet chain=prerouting comment=INVITADOS_MARK_UPLOAD connection-mark=INVITADOS new-packet-mark=INVITADOS_MARK_UPLOAD p
assthrough=no
/ip firewall mangle add action=mark-connection chain=prerouting comment=DOMOTICA connection-mark=no-mark connection-state=new in-interface=bridge-IoT-WiFi
new-connection-mark=DOMOTICA passthrough=yes
/ip firewall mangle add action=mark-packet chain=prerouting comment=DOMOTICA_MARK_DOWNLOAD connection-mark=DOMOTICA in-interface-list=WAN-INTERNET new-pack
et-mark=DOMOTICA_MARK_DOWNLOAD passthrough=no
/ip firewall mangle add action=mark-packet chain=prerouting comment=DOMOTICA_MARK_UPLOAD connection-mark=DOMOTICA new-packet-mark=DOMOTICA_MARK_UPLOAD pass
through=no
/ip firewall mangle add action=mark-connection chain=prerouting comment=RESTO connection-mark=no-mark connection-state=new new-connection-mark=RESTO passth
rough=yes src-address-list="RED LAN-WG ADMIN"
/ip firewall mangle add action=mark-packet chain=prerouting comment=RESTO_MARK_DOWNLOAD connection-mark=RESTO in-interface-list=WAN-INTERNET new-packet-mar
k=RESTO_MARK_DOWNLOAD passthrough=no
/ip firewall mangle add action=mark-packet chain=prerouting comment=RESTO_MARK_UPLOAD connection-mark=RESTO new-packet-mark=RESTO_MARK_UPLOAD passthrough=n
o

A ver si veis algo que se me escape, no se si en las marcas de conexion no deba de marcar.
 
Buenas tardes, he intentando probando muchas cosas, leídas tanto en este foro, como en Reddit y el foro oficial de mikrotik...

Pero no consigo evitar que el iptv se bloquee, incluso las consolas pierden paquetes (sin aumentar el ping del juego) cuando aprieto la conexión, con fast.com o con algún torrent con alguna iso de ubuntu...

Aquí una captura actual, con la cpu sobre 55% de uso, donde aun no está aprovechando toda la velocidad de la conexión y donde ya está parado el iptv.
El iptv va por tcp al puerto 25461, y no es problema de este, ya que al cerrar torrent o fast.com vuelve a ir con normalidad...

Me tiene loco esto ya, quizas el rb3011 se está empezando a agobiar xD

Ver el adjunto 94791

Las reglas de mangle las tengo en pruebas tal como he visto por otro foro.

Código:
/ip firewall mangle add action=mark-connection chain=prerouting comment=ICMP connection-mark=no-mark connection-state=new new-connection-mark=ICMP passthro
ugh=yes protocol=icmp src-address-list="RED LAN-WG ADMIN"
/ip firewall mangle add action=mark-packet chain=prerouting comment=ICMP_MARK_DOWNLOAD connection-mark=ICMP in-interface-list=WAN-INTERNET new-packet-mark=
ICMP_MARK_DOWNLOAD passthrough=no
/ip firewall mangle add action=mark-packet chain=prerouting comment=ICMP_MARK_UPLOAD connection-mark=ICMP new-packet-mark=ICMP_MARK_UPLOAD passthrough=no
/ip firewall mangle add action=mark-connection chain=prerouting comment=DNS connection-mark=no-mark connection-state=new dst-port=53 new-connection-mark=DN
S passthrough=yes protocol=udp src-address-list="RED LAN-WG ADMIN"
/ip firewall mangle add action=mark-packet chain=prerouting comment=DNS_MARK_DOWNLOAD connection-mark=DNS in-interface-list=WAN-INTERNET new-packet-mark=DN
S_MARK_DOWNLOAD passthrough=no
/ip firewall mangle add action=mark-packet chain=prerouting comment=DNS_MARK_UPLOAD connection-mark=DNS new-packet-mark=DNS_MARK_UPLOAD passthrough=no
/ip firewall mangle add action=mark-connection chain=prerouting comment="XBOX LIVE - TCP" connection-mark=no-mark connection-state=new new-connection-mark=
"XBOX LIVE" passthrough=yes protocol=tcp src-address=192.168.30.8/31
/ip firewall mangle add action=mark-connection chain=prerouting comment="XBOX LIVE - TCP - DESCARGAS" connection-bytes=5000000-0 connection-mark="XBOX LIVE
" connection-rate=2M-500M new-connection-mark="STREAMING / DESCARGAS" passthrough=yes protocol=tcp
/ip firewall mangle add action=mark-connection chain=prerouting comment="XBOX LIVE - UDP" connection-mark=no-mark connection-state=new new-connection-mark=
"XBOX LIVE" passthrough=yes protocol=udp src-address=192.168.30.8/31
/ip firewall mangle add action=mark-connection chain=prerouting comment="XBOX LIVE - UDP - DESCARGAS" connection-bytes=5000000-0 connection-mark="XBOX LIVE
" connection-rate=2M-500M new-connection-mark="QUIC_STREAMING / DESCARGAS" passthrough=yes protocol=udp
/ip firewall mangle add action=mark-packet chain=prerouting comment="XBOX LIVE_MARK_DOWNLOAD" connection-mark="XBOX LIVE" in-interface-list=WAN-INTERNET ne
w-packet-mark="XBOX LIVE_MARK_DOWNLOAD" passthrough=no
/ip firewall mangle add action=mark-packet chain=prerouting comment="XBOX LIVE_MARK_UPLOAD" connection-mark="XBOX LIVE" new-packet-mark="XBOX LIVE_MARK_UPL
OAD" passthrough=no
/ip firewall mangle add action=mark-connection chain=prerouting comment="VOZIP - UDP - 5060-5062,10000-10050" connection-mark=no-mark connection-state=new
dst-port=5060-5062,10000-10050 new-connection-mark=VOZIP passthrough=yes protocol=udp src-address-list="RED LAN-WG ADMIN"
/ip firewall mangle add action=mark-packet chain=prerouting comment=VOZIP_MARK_DOWNLOAD connection-mark=VOZIP in-interface-list=WAN-INTERNET new-packet-mar
k=VOZIP_MARK_DOWNLOAD passthrough=no
/ip firewall mangle add action=mark-packet chain=prerouting comment=VOZIP_MARK_UPLOAD connection-mark=VOZIP new-packet-mark=VOZIP_MARK_UPLOAD passthrough=n
o
/ip firewall mangle add action=mark-connection chain=prerouting comment=IPTV connection-mark=no-mark connection-state=new dst-port=25461 new-connection-mar
k=IPTV passthrough=yes protocol=tcp src-address-list="RED LAN-WG ADMIN"
/ip firewall mangle add action=mark-packet chain=prerouting comment=IPTV_MARK_DOWNLOAD connection-mark=IPTV in-interface-list=WAN-INTERNET new-packet-mark=
IPTV_MARK_DOWNLOAD passthrough=no
/ip firewall mangle add action=mark-packet chain=prerouting comment=IPTV_MARK_UPLOAD connection-mark=IPTV new-packet-mark=IPTV_MARK_UPLOAD passthrough=no
/ip firewall mangle add action=mark-connection chain=prerouting comment=NAVEGACION connection-mark=no-mark connection-state=new dst-port=80,443 new-connect
ion-mark=NAVEGACION passthrough=yes protocol=tcp src-address-list="RED LAN-WG ADMIN"
/ip firewall mangle add action=mark-connection chain=prerouting comment="STREAMING - DESCARGAS" connection-bytes=5000000-0 connection-mark=NAVEGACION conne
ction-rate=2M-500M new-connection-mark="STREAMING / DESCARGAS" passthrough=yes protocol=tcp
/ip firewall mangle add action=mark-packet chain=prerouting comment="STREAMING / DESCARGAS_MARK_DOWNLOAD" connection-mark="STREAMING / DESCARGAS" in-interf
ace-list=WAN-INTERNET new-packet-mark="STREAMING / DESCARGAS_MARK_DOWNLOAD" passthrough=no
/ip firewall mangle add action=mark-packet chain=prerouting comment="STREAMING / UPLOAD_MARK_UPLOAD" connection-mark="STREAMING / DESCARGAS" new-packet-mar
k="STREAMING / UPLOAD_MARK_UPLOAD" passthrough=no
/ip firewall mangle add action=mark-packet chain=prerouting comment=NAVEGACION_MARK_DOWNLOAD connection-mark=NAVEGACION in-interface-list=WAN-INTERNET new-
packet-mark=NAVEGACION_MARK_DOWNLOAD passthrough=no
/ip firewall mangle add action=mark-packet chain=prerouting comment=NAVEGACION_MARK_UPLOAD connection-mark=NAVEGACION new-packet-mark=NAVEGACION_MARK_UPLOA
D passthrough=no
/ip firewall mangle add action=mark-connection chain=prerouting comment=QUIC connection-mark=no-mark connection-state=new dst-port=80,443 new-connection-ma
rk=QUIC passthrough=yes protocol=udp src-address-list="RED LAN-WG ADMIN"
/ip firewall mangle add action=mark-connection chain=prerouting comment="QUIC_STREAMING / DESCARGAS" connection-bytes=5000000-0 connection-mark=QUIC connec
tion-rate=2M-500M new-connection-mark="QUIC_STREAMING / DESCARGAS" passthrough=yes protocol=udp
/ip firewall mangle add action=mark-packet chain=prerouting comment=QUIC_MARK_DOWNLOAD connection-mark=QUIC in-interface-list=WAN-INTERNET new-packet-mark=
QUIC_MARK_DOWNLOAD passthrough=no
/ip firewall mangle add action=mark-packet chain=prerouting comment=QUIC_MARK_UPLOAD connection-mark=QUIC new-packet-mark=QUIC_MARK_UPLOAD passthrough=no
/ip firewall mangle add action=mark-packet chain=prerouting comment="QUIC_STREAMING / DESCARGAS_MARK_DOWNLOAD" connection-mark="QUIC_STREAMING / DESCARGAS"
in-interface-list=WAN-INTERNET new-packet-mark="QUIC_STREAMING / DESCARGAS_MARK_DOWNLOAD" passthrough=no
/ip firewall mangle add action=mark-packet chain=prerouting comment="QUIC_STREAMING / UPLOAD_MARK_UPLOAD" connection-mark="QUIC_STREAMING / DESCARGAS" new-
packet-mark="QUIC_STREAMING / UPLOAD_MARK_UPLOAD" passthrough=no
/ip firewall mangle add action=mark-connection chain=prerouting comment=DANIEL connection-mark=no-mark connection-state=new in-interface=bridge-Daniel new-
connection-mark=DANIEL passthrough=yes
/ip firewall mangle add action=mark-packet chain=prerouting comment=DANIEL_MARK_DOWNLOAD connection-mark=DANIEL in-interface-list=WAN-INTERNET new-packet-m
ark=DANIEL_MARK_DOWNLOAD passthrough=no
/ip firewall mangle add action=mark-packet chain=prerouting comment=DANIEL_MARK_UPLOAD connection-mark=DANIEL new-packet-mark=DANIEL_MARK_UPLOAD passthroug
h=no
/ip firewall mangle add action=mark-connection chain=prerouting comment=CRISTIAN connection-mark=no-mark connection-state=new in-interface=bridge-Cristian
new-connection-mark=CRISTIAN passthrough=yes
/ip firewall mangle add action=mark-packet chain=prerouting comment=CRISTIAN_MARK_DOWNLOAD connection-mark=CRISTIAN in-interface-list=WAN-INTERNET new-pack
et-mark=CRISTIAN_MARK_DOWNLOAD passthrough=no
/ip firewall mangle add action=mark-packet chain=prerouting comment=CRISTIAN_MARK_UPLOAD connection-mark=CRISTIAN new-packet-mark=CRISTIAN_MARK_UPLOAD pass
through=no
/ip firewall mangle add action=mark-connection chain=prerouting comment=INVITADOS connection-mark=no-mark connection-state=new in-interface=bridge-Invitado
s new-connection-mark=INVITADOS passthrough=yes
/ip firewall mangle add action=mark-packet chain=prerouting comment=INVITADOS_MARK_DOWNLOAD connection-mark=INVITADOS in-interface-list=WAN-INTERNET new-pa
cket-mark=INVITADOS_MARK_DOWNLOAD passthrough=no
/ip firewall mangle add action=mark-packet chain=prerouting comment=INVITADOS_MARK_UPLOAD connection-mark=INVITADOS new-packet-mark=INVITADOS_MARK_UPLOAD p
assthrough=no
/ip firewall mangle add action=mark-connection chain=prerouting comment=DOMOTICA connection-mark=no-mark connection-state=new in-interface=bridge-IoT-WiFi
new-connection-mark=DOMOTICA passthrough=yes
/ip firewall mangle add action=mark-packet chain=prerouting comment=DOMOTICA_MARK_DOWNLOAD connection-mark=DOMOTICA in-interface-list=WAN-INTERNET new-pack
et-mark=DOMOTICA_MARK_DOWNLOAD passthrough=no
/ip firewall mangle add action=mark-packet chain=prerouting comment=DOMOTICA_MARK_UPLOAD connection-mark=DOMOTICA new-packet-mark=DOMOTICA_MARK_UPLOAD pass
through=no
/ip firewall mangle add action=mark-connection chain=prerouting comment=RESTO connection-mark=no-mark connection-state=new new-connection-mark=RESTO passth
rough=yes src-address-list="RED LAN-WG ADMIN"
/ip firewall mangle add action=mark-packet chain=prerouting comment=RESTO_MARK_DOWNLOAD connection-mark=RESTO in-interface-list=WAN-INTERNET new-packet-mar
k=RESTO_MARK_DOWNLOAD passthrough=no
/ip firewall mangle add action=mark-packet chain=prerouting comment=RESTO_MARK_UPLOAD connection-mark=RESTO new-packet-mark=RESTO_MARK_UPLOAD passthrough=n
o

A ver si veis algo que se me escape, no se si en las marcas de conexion no deba de marcar.
Manda el export completo, y mañana le echo un vistazo. ¿No te has planteado hacerlo con colas simples, en lugar de un árbol de colas?

Saludos!
 
Manda el export completo, y mañana le echo un vistazo. ¿No te has planteado hacerlo con colas simples, en lugar de un árbol de colas?

Saludos!
Con colas simple lo intenté, pero fueron peores resultados, al menos lo que yo probé.

Aqui te dejo el export por si ves algo que se escape.
Código:
/caps-man channel
add band=2ghz-onlyn frequency=2412 name="Canales 2,4GHz" tx-power=19
add band=5ghz-onlyac frequency=5745 name="Canales 5GHz"
/interface bridge
add comment="BRIDGE CASA 30.0/24" name=CASA
add name=bridge-Cristian
add name=bridge-Daniel
add name=bridge-Invitados
add name=bridge-IoT-WiFi
/interface ethernet
set [ find default-name=ether1 ] comment=WAN
set [ find default-name=ether2 ] comment="NAS SYNOLOGY"
set [ find default-name=ether3 ] comment=ORDENADOR
set [ find default-name=ether4 ] comment=CONSOLA
set [ find default-name=ether5 ] comment="CONSOLA NI\D1OS"
set [ find default-name=ether6 ] comment="AP WIFI SALON"
set [ find default-name=ether8 ] comment="TOMA RED OFICINA"
set [ find default-name=ether9 ] comment="TOMA RED OFICINA"
set [ find default-name=ether10 ] comment="AP HABITACION - POE"
set [ find default-name=sfp1 ] disabled=yes
/interface wireguard
add listen-port=16880 mtu=1420 name=wireguard1-ROAMING
add listen-port=16881 mtu=1420 name=wireguard2-PtP
/caps-man datapath
add bridge=CASA client-to-client-forwarding=yes local-forwarding=no name=CASA
add bridge=bridge-Daniel client-to-client-forwarding=no local-forwarding=no name=DANIEL
add bridge=bridge-Cristian client-to-client-forwarding=no local-forwarding=no name=CRISTIAN
add bridge=bridge-IoT-WiFi client-to-client-forwarding=no local-forwarding=no name=WIFI-IoT
add bridge=bridge-Invitados client-to-client-forwarding=no local-forwarding=no name=INVITADOS
/caps-man security
add authentication-types=wpa2-psk encryption=aes-ccm group-encryption=aes-ccm name=WIFI-JERO
add authentication-types=wpa2-psk encryption=aes-ccm group-encryption=aes-ccm name=DANIEL
add authentication-types=wpa2-psk encryption=aes-ccm group-encryption=aes-ccm name=CRISTIAN
add authentication-types=wpa2-psk encryption=aes-ccm group-encryption=aes-ccm name=INVITADOS
add authentication-types=wpa2-psk encryption=aes-ccm group-encryption=aes-ccm name=WIFI-IoT
/caps-man configuration
add channel="Canales 2,4GHz" country=spain datapath=CASA mode=ap name=JERO-DYC security=WIFI-JERO ssid="Daniel y Cristian"
add channel="Canales 5GHz" country=no_country_set datapath=CASA mode=ap name=JERO-DYC-5GHz security=WIFI-JERO ssid="Daniel y Cristian"
add channel="Canales 2,4GHz" country=spain datapath=INVITADOS mode=ap name=INVITADOS security=INVITADOS ssid="WiFi Invitados"
add channel="Canales 2,4GHz" country=spain datapath=WIFI-IoT mode=ap name="WiFi - IoT" security=WIFI-IoT ssid="WiFi - IoT"
add channel="Canales 2,4GHz" country=spain datapath=DANIEL mode=ap name="WIFI DANIEL" security=DANIEL ssid="WiFi de Daniel"
add channel="Canales 2,4GHz" country=spain datapath=CRISTIAN mode=ap name="WIFI CRISTIAN" security=CRISTIAN ssid="WiFi de Cristian"
/interface list
add name=WAN-INTERNET
add name=LAN
add name=WIREGUARD
/interface lte apn
set [ find default=yes ] ip-type=ipv4 use-network-apn=no
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp_pool0 ranges=192.168.30.70-192.168.30.110
add name=dhcp_pool1 ranges=172.16.31.20-172.16.31.250
add name=dhcp_pool2 ranges=172.16.30.20-172.16.30.250
add name=dhcp_pool3 ranges=192.168.32.20-192.168.32.250
add name=dhcp_pool4 ranges=192.168.31.20-192.168.31.250
/ip dhcp-server
add address-pool=dhcp_pool0 interface=CASA lease-time=1h name=dhcp-casa
add address-pool=dhcp_pool1 interface=bridge-Cristian lease-time=1h name=dhcp-Cristian
add address-pool=dhcp_pool2 interface=bridge-Daniel lease-time=1h name=dhcp-Daniel
add address-pool=dhcp_pool3 interface=bridge-Invitados lease-time=1h name=dhcp-Invitados
add address-pool=dhcp_pool4 interface=bridge-IoT-WiFi lease-time=1h name=dhcp-IoT
/port
set 0 name=serial0
/interface pppoe-client
add add-default-route=yes disabled=no interface=ether1 max-mru=1492 max-mtu=1492 name="WAN FTTH" profile=default-encryption user=USUARIO
/queue type
add kind=fq-codel name=fq_codel
/queue tree
add max-limit=220M name="DOWNLOAD - QoS - CASA" parent=global queue=pcq-download-default
add max-limit=220M name="UPLOAD - QoS - CASA" parent=global queue=pcq-upload-default
add name="ICMP - DNS - DOWNLOAD" packet-mark=ICMP_MARK_DOWNLOAD parent="DOWNLOAD - QoS - CASA" priority=1 queue=pcq-download-default
add limit-at=5M max-limit=10M name="VOZIP - DOWNLOAD" packet-mark=VOZIP_MARK_DOWNLOAD parent="DOWNLOAD - QoS - CASA" priority=2 queue=\
    pcq-download-default
add name="NAVEGACION - DOWNLOAD" packet-mark=NAVEGACION_MARK_DOWNLOAD parent="DOWNLOAD - QoS - CASA" priority=4 queue=pcq-download-default
add name="QUICK - DOWNLOAD" packet-mark=QUIC_MARK_DOWNLOAD parent="DOWNLOAD - QoS - CASA" priority=4 queue=pcq-download-default
add limit-at=30M max-limit=60M name="IPTV - DOWNLOAD" packet-mark=IPTV_MARK_DOWNLOAD parent="DOWNLOAD - QoS - CASA" priority=3 queue=\
    pcq-download-default
add limit-at=50M max-limit=170M name="RESTO - DOWNLOAD" packet-mark=RESTO_MARK_DOWNLOAD parent="DOWNLOAD - QoS - CASA" queue=pcq-download-default
add name="XBOX LIVE - DOWNLOAD" packet-mark="XBOX LIVE_MARK_DOWNLOAD" parent="DOWNLOAD - QoS - CASA" priority=1 queue=fq_codel
add limit-at=85M max-limit=170M name="STREAMING / DESCARGAS - DOWNLOAD" packet-mark=\
    "STREAMING / DESCARGAS_MARK_DOWNLOAD,QUIC_STREAMING / DESCARGAS_MARK_DOWNLOAD" parent="DOWNLOAD - QoS - CASA" priority=7 queue=pcq-download-default
add name="ICMP - DNS - UPLOAD" packet-mark=ICMP_MARK_UPLOAD parent="UPLOAD - QoS - CASA" priority=1 queue=pcq-upload-default
add limit-at=5M max-limit=10M name="VOZIP - UPLOAD" packet-mark=VOZIP_MARK_UPLOAD parent="UPLOAD - QoS - CASA" priority=2 queue=pcq-upload-default
add name="NAVEGACION - UPLOAD" packet-mark=NAVEGACION_MARK_UPLOAD parent="UPLOAD - QoS - CASA" priority=4 queue=pcq-upload-default
add name="QUIC - UPLOAD" packet-mark=QUIC_MARK_UPLOAD parent="UPLOAD - QoS - CASA" priority=4 queue=pcq-upload-default
add limit-at=30M max-limit=60M name="IPTV - UPLOAD" packet-mark=IPTV_MARK_UPLOAD parent="UPLOAD - QoS - CASA" priority=3 queue=pcq-upload-default
add limit-at=50M max-limit=170M name="RESTO - UPLOAD" packet-mark=RESTO_MARK_UPLOAD parent="UPLOAD - QoS - CASA" queue=pcq-upload-default
add name="XBOX LIVE - UPLOAD" packet-mark="XBOX LIVE_MARK_UPLOAD" parent="UPLOAD - QoS - CASA" priority=1 queue=fq_codel
add limit-at=85M max-limit=170M name="STREAMING / SUBIDAS - UPLOAD" packet-mark="STREAMING / UPLOAD_MARK_UPLOAD,QUIC_STREAMING / UPLOAD_MARK_UPLOAD" \
    parent="UPLOAD - QoS - CASA" priority=7 queue=pcq-upload-default
add name="DNS - DOWNLOAD" packet-mark=DNS_MARK_DOWNLOAD parent="DOWNLOAD - QoS - CASA" priority=1 queue=pcq-download-default
add name="DNS - UPLOAD" packet-mark=DNS_MARK_UPLOAD parent="UPLOAD - QoS - CASA" priority=1 queue=pcq-upload-default
add limit-at=5M max-limit=20M name="DANIEL - DOWNLOAD" packet-mark=DANIEL_MARK_DOWNLOAD parent="DOWNLOAD - QoS - CASA" priority=6 queue=\
    pcq-download-default
add limit-at=5M max-limit=10M name="DANIEL - UPLOAD" packet-mark=DANIEL_MARK_UPLOAD parent="UPLOAD - QoS - CASA" priority=6 queue=pcq-upload-default
add limit-at=5M max-limit=20M name="CRISTIAN - DOWNLOAD" packet-mark=CRISTIAN_MARK_DOWNLOAD parent="DOWNLOAD - QoS - CASA" priority=6 queue=\
    pcq-download-default
add limit-at=5M max-limit=10M name="CRISTIAN - UPLOAD" packet-mark=CRISTIAN_MARK_UPLOAD parent="UPLOAD - QoS - CASA" priority=6 queue=pcq-upload-default
add limit-at=5M max-limit=10M name="INVITADOS - DOWNLOAD" packet-mark=INVITADOS_MARK_DOWNLOAD parent="DOWNLOAD - QoS - CASA" priority=7 queue=\
    pcq-download-default
add limit-at=5M max-limit=10M name="INVITADOS - UPLOAD" packet-mark=INVITADOS_MARK_UPLOAD parent="UPLOAD - QoS - CASA" priority=7 queue=\
    pcq-upload-default
add limit-at=3M max-limit=5M name="DOMOTICA - DOWNLOAD" packet-mark=DOMOTICA_MARK_DOWNLOAD parent="DOWNLOAD - QoS - CASA" queue=pcq-download-default
add limit-at=3M max-limit=5M name="DOMOTICA - UPLOAD" packet-mark=DOMOTICA_MARK_UPLOAD parent="UPLOAD - QoS - CASA" queue=pcq-upload-default
/system logging action
add disk-file-name=WarningLog name=WarningDiskLog target=disk
add disk-file-name=ErrorLog name=ErrorDiskLog target=disk
add disk-file-name=InfoLog name=InfoDiskLog target=disk
add disk-file-name=CriticalLog name=CriticalDiskLog target=disk
/user group
set full policy=local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,password,web,sniff,sensitive,api,romon,dude,rest-api
/caps-man access-list
add action=accept allow-signal-out-of-range=5s disabled=no interface=any signal-range=-79..120 ssid-regexp=""
add action=reject allow-signal-out-of-range=5s disabled=no interface=any ssid-regexp=""
/caps-man manager
set ca-certificate=auto certificate=auto enabled=yes require-peer-certificate=yes upgrade-policy=suggest-same-version
/caps-man provisioning
add action=create-dynamic-enabled master-configuration=JERO-DYC-5GHz name-format=identity radio-mac=
add action=create-dynamic-enabled master-configuration=JERO-DYC-5GHz name-format=identity radio-mac=
add action=create-dynamic-enabled master-configuration=JERO-DYC name-format=identity radio-mac= slave-configurations=\
    "INVITADOS,WiFi - IoT,WIFI DANIEL,WIFI CRISTIAN"
add action=create-dynamic-enabled master-configuration=JERO-DYC name-format=identity radio-mac= slave-configurations=\
    "INVITADOS,WiFi - IoT,WIFI DANIEL,WIFI CRISTIAN"
/interface bridge port
add bridge=CASA ingress-filtering=no interface=ether2
add bridge=CASA ingress-filtering=no interface=ether3
add bridge=CASA ingress-filtering=no interface=ether4
add bridge=CASA ingress-filtering=no interface=ether5
add bridge=CASA ingress-filtering=no interface=ether6
add bridge=CASA ingress-filtering=no interface=ether7
add bridge=CASA ingress-filtering=no interface=ether9
add bridge=CASA ingress-filtering=no interface=ether8
add bridge=CASA interface=ether10
/ip neighbor discovery-settings
set discover-interface-list=LAN
/ip settings
set max-neighbor-entries=8192 tcp-syncookies=yes
/ipv6 settings
set disable-ipv6=yes max-neighbor-entries=8192
/interface detect-internet
set detect-interface-list=WAN-INTERNET
/interface l2tp-server server
set authentication=mschap2 use-ipsec=required
/interface list member
add interface="WAN FTTH" list=WAN-INTERNET
add interface=CASA list=LAN
add interface=wireguard1-ROAMING list=WIREGUARD
add interface=wireguard2-PtP list=WIREGUARD
/interface ovpn-server server
set auth=sha1,md5
/ip address
add address=192.168.30.1/24 comment="RED JERO - ADMIN" interface=CASA network=192.168.30.0
add address=172.16.10.1/24 comment=WIREGUARD-ROAMING interface=wireguard1-ROAMING network=172.16.10.0
add address=172.16.20.1/24 comment=WIREGUARD-PtP interface=wireguard2-PtP network=172.16.20.0
add address=192.168.31.1/24 comment="RED IoT" interface=bridge-IoT-WiFi network=192.168.31.0
add address=192.168.32.1/24 comment="RED INVITADOS" interface=bridge-Invitados network=192.168.32.0
add address=172.16.30.1/24 comment="RED DE DANIEL" interface=bridge-Daniel network=172.16.30.0
add address=172.16.31.1/24 comment="RED DE CRISTIAN" interface=bridge-Cristian network=172.16.31.0
/ip dhcp-server lease
add address=192.168.30.254 client-id=1:c8:2a:1 comment=IMAC mac-address= server=dhcp-casa
add address=192.168.30.200 client-id=1:20:17: comment="TV LG SALON - CABLE" mac-address= server=dhcp-casa
add address=192.168.30.9 client-id=1:28:16: comment="ONE X" mac-address= server=dhcp-casa
add address=192.168.30.11 client-id=1:dc:2c:6 mac-address= server=dhcp-casa
/ip dhcp-server network
add address=172.16.30.0/24 comment="DHCP DE DANIEL" dns-server=94.140.14.15,94.140.15.16 gateway=172.16.30.1
add address=172.16.31.0/24 comment="DHCP DE CRISTIAN" dns-server=94.140.14.15,94.140.15.16 gateway=172.16.31.1
add address=192.168.30.0/24 comment="SERVIDOR DHCP DE CASA CON DNS LOCAL MIKROTIK" dns-server=45.90.28.22,45.90.30.22 gateway=192.168.30.1
add address=192.168.31.0/24 comment="DHCP IoT" dns-server=1.1.1.2,1.0.0.2 gateway=192.168.31.1
add address=192.168.32.0/24 comment="DHCP INVITADOS" dns-server=94.140.14.15,94.140.15.16 gateway=192.168.32.1
/ip dns
set cache-size=10240KiB use-doh-server=https://dns.nextdns.io/xxxxx/xxxx verify-doh-cert=yes
/ip dns static
add address=45.90.xx.0 name=dns.nextdns.io
add address=45.90.xx.0 name=dns.nextdns.io
add address=2axx:xxxx:: name=dns.nextdns.io type=AAAA
add address=2ax:xxxx:: name=dns.nextdns.io type=AAAA
/ip firewall address-list
add address=192.168.31.0/24 comment=IoT-WiFi list="TRAFICO AISLADO TOTALMENTE"
add address=192.168.32.0/24 comment=INVITADOS list="TRAFICO AISLADO TOTALMENTE"
add address=172.16.30.0/24 comment="RED DE DANIEL" list="TRAFICO AISLADO TOTALMENTE"
add address=172.16.31.0/24 comment="RED DE CRISTIAN" list="TRAFICO AISLADO TOTALMENTE"
add address=192.168.30.0/24 comment="RED DE CASA" list="RED LAN-WG ADMIN"
add address=172.16.10.0/24 comment="RED WIREGUARD ROAMING" list="RED LAN-WG ADMIN"
/ip firewall filter
add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment="WIREGUARD ACCEPT" dst-port=16880-16881 in-interface-list=WAN-INTERNET log-prefix="CONEXION WIREGUARD ACEPTADA" \
    protocol=udp
add action=drop chain=input comment="defconf: drop all not coming from LAN" src-address-list="!RED LAN-WG ADMIN"
add action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new in-interface-list=\
    WAN-INTERNET
add action=reject chain=forward comment="SOLO ACCESO A INTERNET" out-interface-list=!WAN-INTERNET reject-with=icmp-net-prohibited src-address-list=\
    "TRAFICO AISLADO TOTALMENTE"
/ip firewall mangle
add action=mark-connection chain=prerouting comment=ICMP connection-mark=no-mark connection-state=new new-connection-mark=ICMP passthrough=yes protocol=\
    icmp src-address-list="RED LAN-WG ADMIN"
add action=mark-packet chain=prerouting comment=ICMP_MARK_DOWNLOAD connection-mark=ICMP in-interface-list=WAN-INTERNET new-packet-mark=\
    ICMP_MARK_DOWNLOAD passthrough=no
add action=mark-packet chain=prerouting comment=ICMP_MARK_UPLOAD connection-mark=ICMP new-packet-mark=ICMP_MARK_UPLOAD passthrough=no
add action=mark-connection chain=prerouting comment=DNS connection-mark=no-mark connection-state=new dst-port=53 new-connection-mark=DNS passthrough=yes \
    protocol=udp src-address-list="RED LAN-WG ADMIN"
add action=mark-packet chain=prerouting comment=DNS_MARK_DOWNLOAD connection-mark=DNS in-interface-list=WAN-INTERNET new-packet-mark=DNS_MARK_DOWNLOAD \
    passthrough=no
add action=mark-packet chain=prerouting comment=DNS_MARK_UPLOAD connection-mark=DNS new-packet-mark=DNS_MARK_UPLOAD passthrough=no
add action=mark-connection chain=prerouting comment="XBOX LIVE - TCP" connection-mark=no-mark connection-state=new new-connection-mark="XBOX LIVE" \
    passthrough=yes protocol=tcp src-address=192.168.30.8/31
add action=mark-connection chain=prerouting comment="XBOX LIVE - TCP - DESCARGAS" connection-bytes=5000000-0 connection-mark="XBOX LIVE" \
    connection-rate=2M-500M new-connection-mark="STREAMING / DESCARGAS" passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting comment="XBOX LIVE - UDP" connection-mark=no-mark connection-state=new new-connection-mark="XBOX LIVE" \
    passthrough=yes protocol=udp src-address=192.168.30.8/31
add action=mark-connection chain=prerouting comment="XBOX LIVE - UDP - DESCARGAS" connection-bytes=5000000-0 connection-mark="XBOX LIVE" \
    connection-rate=2M-500M new-connection-mark="QUIC_STREAMING / DESCARGAS" passthrough=yes protocol=udp
add action=mark-packet chain=prerouting comment="XBOX LIVE_MARK_DOWNLOAD" connection-mark="XBOX LIVE" in-interface-list=WAN-INTERNET new-packet-mark=\
    "XBOX LIVE_MARK_DOWNLOAD" passthrough=no
add action=mark-packet chain=prerouting comment="XBOX LIVE_MARK_UPLOAD" connection-mark="XBOX LIVE" new-packet-mark="XBOX LIVE_MARK_UPLOAD" passthrough=\
    no
add action=mark-connection chain=prerouting comment="VOZIP - UDP - 5060-5062,10000-10050" connection-mark=no-mark connection-state=new dst-port=\
    5060-5062,10000-10050 new-connection-mark=VOZIP passthrough=yes protocol=udp src-address-list="RED LAN-WG ADMIN"
add action=mark-packet chain=prerouting comment=VOZIP_MARK_DOWNLOAD connection-mark=VOZIP in-interface-list=WAN-INTERNET new-packet-mark=\
    VOZIP_MARK_DOWNLOAD passthrough=no
add action=mark-packet chain=prerouting comment=VOZIP_MARK_UPLOAD connection-mark=VOZIP new-packet-mark=VOZIP_MARK_UPLOAD passthrough=no
add action=mark-connection chain=prerouting comment=IPTV connection-mark=no-mark connection-state=new dst-port=25461 new-connection-mark=IPTV \
    passthrough=yes protocol=tcp src-address-list="RED LAN-WG ADMIN"
add action=mark-packet chain=prerouting comment=IPTV_MARK_DOWNLOAD connection-mark=IPTV in-interface-list=WAN-INTERNET new-packet-mark=\
    IPTV_MARK_DOWNLOAD passthrough=no
add action=mark-packet chain=prerouting comment=IPTV_MARK_UPLOAD connection-mark=IPTV new-packet-mark=IPTV_MARK_UPLOAD passthrough=no
add action=mark-connection chain=prerouting comment=NAVEGACION connection-mark=no-mark connection-state=new dst-port=80,443 new-connection-mark=\
    NAVEGACION passthrough=yes protocol=tcp src-address-list="RED LAN-WG ADMIN"
add action=mark-connection chain=prerouting comment="STREAMING - DESCARGAS" connection-bytes=5000000-0 connection-mark=NAVEGACION connection-rate=\
    2M-500M new-connection-mark="STREAMING / DESCARGAS" passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting comment="STREAMING / DESCARGAS_MARK_DOWNLOAD" connection-mark="STREAMING / DESCARGAS" in-interface-list=\
    WAN-INTERNET new-packet-mark="STREAMING / DESCARGAS_MARK_DOWNLOAD" passthrough=no
add action=mark-packet chain=prerouting comment="STREAMING / UPLOAD_MARK_UPLOAD" connection-mark="STREAMING / DESCARGAS" new-packet-mark=\
    "STREAMING / UPLOAD_MARK_UPLOAD" passthrough=no
add action=mark-packet chain=prerouting comment=NAVEGACION_MARK_DOWNLOAD connection-mark=NAVEGACION in-interface-list=WAN-INTERNET new-packet-mark=\
    NAVEGACION_MARK_DOWNLOAD passthrough=no
add action=mark-packet chain=prerouting comment=NAVEGACION_MARK_UPLOAD connection-mark=NAVEGACION new-packet-mark=NAVEGACION_MARK_UPLOAD passthrough=no
add action=mark-connection chain=prerouting comment=QUIC connection-mark=no-mark connection-state=new dst-port=80,443 new-connection-mark=QUIC \
    passthrough=yes protocol=udp src-address-list="RED LAN-WG ADMIN"
add action=mark-connection chain=prerouting comment="QUIC_STREAMING / DESCARGAS" connection-bytes=5000000-0 connection-mark=QUIC connection-rate=2M-500M \
    new-connection-mark="QUIC_STREAMING / DESCARGAS" passthrough=yes protocol=udp
add action=mark-packet chain=prerouting comment=QUIC_MARK_DOWNLOAD connection-mark=QUIC in-interface-list=WAN-INTERNET new-packet-mark=\
    QUIC_MARK_DOWNLOAD passthrough=no
add action=mark-packet chain=prerouting comment=QUIC_MARK_UPLOAD connection-mark=QUIC new-packet-mark=QUIC_MARK_UPLOAD passthrough=no
add action=mark-packet chain=prerouting comment="QUIC_STREAMING / DESCARGAS_MARK_DOWNLOAD" connection-mark="QUIC_STREAMING / DESCARGAS" \
    in-interface-list=WAN-INTERNET new-packet-mark="QUIC_STREAMING / DESCARGAS_MARK_DOWNLOAD" passthrough=no
add action=mark-packet chain=prerouting comment="QUIC_STREAMING / UPLOAD_MARK_UPLOAD" connection-mark="QUIC_STREAMING / DESCARGAS" new-packet-mark=\
    "QUIC_STREAMING / UPLOAD_MARK_UPLOAD" passthrough=no
add action=mark-connection chain=prerouting comment=DANIEL connection-mark=no-mark connection-state=new in-interface=bridge-Daniel new-connection-mark=\
    DANIEL passthrough=yes
add action=mark-packet chain=prerouting comment=DANIEL_MARK_DOWNLOAD connection-mark=DANIEL in-interface-list=WAN-INTERNET new-packet-mark=\
    DANIEL_MARK_DOWNLOAD passthrough=no
add action=mark-packet chain=prerouting comment=DANIEL_MARK_UPLOAD connection-mark=DANIEL new-packet-mark=DANIEL_MARK_UPLOAD passthrough=no
add action=mark-connection chain=prerouting comment=CRISTIAN connection-mark=no-mark connection-state=new in-interface=bridge-Cristian \
    new-connection-mark=CRISTIAN passthrough=yes
add action=mark-packet chain=prerouting comment=CRISTIAN_MARK_DOWNLOAD connection-mark=CRISTIAN in-interface-list=WAN-INTERNET new-packet-mark=\
    CRISTIAN_MARK_DOWNLOAD passthrough=no
add action=mark-packet chain=prerouting comment=CRISTIAN_MARK_UPLOAD connection-mark=CRISTIAN new-packet-mark=CRISTIAN_MARK_UPLOAD passthrough=no
add action=mark-connection chain=prerouting comment=INVITADOS connection-mark=no-mark connection-state=new in-interface=bridge-Invitados \
    new-connection-mark=INVITADOS passthrough=yes
add action=mark-packet chain=prerouting comment=INVITADOS_MARK_DOWNLOAD connection-mark=INVITADOS in-interface-list=WAN-INTERNET new-packet-mark=\
    INVITADOS_MARK_DOWNLOAD passthrough=no
add action=mark-packet chain=prerouting comment=INVITADOS_MARK_UPLOAD connection-mark=INVITADOS new-packet-mark=INVITADOS_MARK_UPLOAD passthrough=no
add action=mark-connection chain=prerouting comment=DOMOTICA connection-mark=no-mark connection-state=new in-interface=bridge-IoT-WiFi \
    new-connection-mark=DOMOTICA passthrough=yes
add action=mark-packet chain=prerouting comment=DOMOTICA_MARK_DOWNLOAD connection-mark=DOMOTICA in-interface-list=WAN-INTERNET new-packet-mark=\
    DOMOTICA_MARK_DOWNLOAD passthrough=no
add action=mark-packet chain=prerouting comment=DOMOTICA_MARK_UPLOAD connection-mark=DOMOTICA new-packet-mark=DOMOTICA_MARK_UPLOAD passthrough=no
add action=mark-connection chain=prerouting comment=RESTO connection-mark=no-mark connection-state=new new-connection-mark=RESTO passthrough=yes \
    src-address-list="RED LAN-WG ADMIN"
add action=mark-packet chain=prerouting comment=RESTO_MARK_DOWNLOAD connection-mark=RESTO in-interface-list=WAN-INTERNET new-packet-mark=\
    RESTO_MARK_DOWNLOAD passthrough=no
add action=mark-packet chain=prerouting comment=RESTO_MARK_UPLOAD connection-mark=RESTO new-packet-mark=RESTO_MARK_UPLOAD passthrough=no
/ip firewall nat
add action=masquerade chain=srcnat comment="MASQUERADE WAN FTTH PPPOE" out-interface="WAN FTTH"
add action=dst-nat chain=dstnat comment="3074 TCP - CONSOLA" dst-port=3074 in-interface-list=WAN-INTERNET protocol=tcp to-addresses=192.168.30.9
add action=dst-nat chain=dstnat comment="3074 UDP - CONSOLA" dst-port=3074 in-interface-list=WAN-INTERNET protocol=udp to-addresses=192.168.30.9
add action=dst-nat chain=dstnat comment="56783 TCP - CONSOLA NI\D1OS" dst-port=56783 in-interface-list=WAN-INTERNET protocol=tcp to-addresses=\
    192.168.30.8
add action=dst-nat chain=dstnat comment="56783 UDP - CONSOLA NI\D1OS" dst-port=56783 in-interface-list=WAN-INTERNET protocol=udp to-addresses=\
    192.168.30.8
/ip firewall service-port
set sip disabled=yes
set udplite disabled=yes
set dccp disabled=yes
set sctp disabled=yes
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www address=192.168.30.0/24,10.100.0.0/24 disabled=yes
set ssh disabled=yes
set api disabled=yes
set winbox address=192.168.30.0/24,172.16.10.0/24 port=8289
set api-ssl disabled=yes
/lcd
set backlight-timeout=never default-screen=stat-slideshow read-only-mode=yes touch-screen=disabled
/lcd interface
set ether2 disabled=yes
set ether3 disabled=yes
set ether4 disabled=yes
set ether5 disabled=yes
set sfp1 disabled=yes
set ether6 disabled=yes
set ether7 disabled=yes
set ether8 disabled=yes timeout=5s
set ether9 disabled=yes
set ether10 disabled=yes
/system clock
set time-zone-name=Europe/Madrid
/system identity
set name=JeRo-Casa
/system logging
set 0 action=InfoDiskLog
set 1 action=ErrorDiskLog
set 2 action=WarningDiskLog
set 3 action=CriticalDiskLog
/system ntp client
set enabled=yes
/system ntp client servers
add address=es.pool.ntp.org
add address=0.europe.pool.ntp.org
/system package update
set channel=long-term

Buenas noches compañeros!
 
La implementación parece correcta. Sin embargo, sigo dudando del marcado de paquetes IPTV. En una comunicación multicast, normalmente hay dos flujos de datos separados: el de control que establece la conexión (que puede ser perfectamente ese tráfico tcp al puerto 25461), y el flujo de datos, que es normalmente UDP. Analiza la lista de conexiones del desco cuando pones IPTV a funcionar, verás como no sólo está esa conexión TCP. Lo puedes hacer desde la lista de conexiones en IP -> Firewall -> Connections, o usando torch sobre la interfaz donde conecte el desco. Se me ocurre que marques el tráfico con origen la IP del desco y tipo de destino = multicast, para capturar también ese flujo, como parte del mismo tipo de marcado.

Saludos!
 
La implementación parece correcta. Sin embargo, sigo dudando del marcado de paquetes IPTV. En una comunicación multicast, normalmente hay dos flujos de datos separados: el de control que establece la conexión (que puede ser perfectamente ese tráfico tcp al puerto 25461), y el flujo de datos, que es normalmente UDP. Analiza la lista de conexiones del desco cuando pones IPTV a funcionar, verás como no sólo está esa conexión TCP. Lo puedes hacer desde la lista de conexiones en IP -> Firewall -> Connections, o usando torch sobre la interfaz donde conecte el desco. Se me ocurre que marques el tráfico con origen la IP del desco y tipo de destino = multicast, para capturar también ese flujo, como parte del mismo tipo de marcado.

Saludos!
Después de un ratito de visionado, estos son los resultados.
Captura.PNG
 
Cuando está la IPTV traficando chicha, con el visionado, ¿no se te ponene esas transmisisiones UDP que caen en la marca "resto" con bastante tráfico?

Saludos!
 
Cuando está la IPTV traficando chicha, con el visionado, ¿no se te ponene esas transmisisiones UDP que caen en la marca "resto" con bastante tráfico?

Saludos!
Que va, es zerotier que lo tenia abierto en el portátil (pero no conectado)
Aquí ahora con el zerotier cerrado, las ips marcadas con navegación son todas de microsoft, la de dns es mi servidor dns.
Aquí lo ves tirando del 25461
Captura.PNG
 
Buenos días, me da que va a ser que el rb3011 no da para más... Tiene picos de 91-92% de uso de CPU cuando está al máximo descargando.
 
No creo que sean las colas lo que le tire abajo. Son bastantes, pero tienes 1GB de Ram en ese equipo, y 1,4G de CPU, que no es poco. Y el marcado de paquetes, a simple vista, parece correcto (marcas primero conexión con passthrough + marcas paquetes sin él, correcto).

Prueba a hacerle un tool -> profile a ver dónde se va la CPU. Apuesto a que la escritura en disco de los logs tiene parte de culpa.

Saludos!
 
No creo que sean las colas lo que le tire abajo. Son bastantes, pero tienes 1GB de Ram en ese equipo, y 1,4G de CPU, que no es poco. Y el marcado de paquetes, a simple vista, parece correcto (marcas primero conexión con passthrough + marcas paquetes sin él, correcto).

Prueba a hacerle un tool -> profile a ver dónde se va la CPU. Apuesto a que la escritura en disco de los logs tiene parte de culpa.

Saludos!
Buenos dias! adjunto captura del profile.
 

Adjuntos

  • cpu.PNG
    cpu.PNG
    16.4 KB · Visitas: 104
Pues aunque parezca mentira, el rb3011 no da para mas....

He bajado todo, limite en el parent 50 megas, y todo ajustado a esto...
He puesto torrent, fast.com, archivo desde ovh y dos conexiones iptv a la vez, cpu no pasa del 40% pero va como la seda!!!

Iré subiendo velocidades hasta que vea donde está el aguante.
 

Adjuntos

  • funcionando.PNG
    funcionando.PNG
    51.4 KB · Visitas: 85
El limite, pasando de aqui ya va todo a su bola sin respetar los limites, con estos ajustes va todo perfecto, me imagino que el rb3011 aunque tenga su giga de ram y su dual core... le falta chicha, y el rb4011 agotado :cry:

Luego me pondré y lo haré de otra manera, limitando las consolas y sin el queue tree, para aprovechar la velocidad completa de la conexión.
TERMINADO_QOS.PNG
 
Última edición:
Hola, ¿conseguiste afinarlo? ¿crees que es un problema de potencia bruta que se solucionaría con el 4011? Estaba pensando en comprarme un 3011... sobre el papel no desmerece.
 
Hola, ¿conseguiste afinarlo? ¿crees que es un problema de potencia bruta que se solucionaría con el 4011? Estaba pensando en comprarme un 3011... sobre el papel no desmerece.
Hola, llegué a la conclusión de que el rb3011 con la V7 no daba para mas...

Al final simple queue y fasttrack en los equipos que me interesaban (consola y mi pc...)
 
Hola, llegué a la conclusión de que el rb3011 con la V7 no daba para mas...

Al final simple queue y fasttrack en los equipos que me interesaban (consola y mi pc...)
Buenas compi, estoy teniendo problemas de pixelación que pueden ir por aquí. Estoy intentando implementar algunas colas simples o un árbol de colas pero en este caso en un hex que lógicamente es más limitado que un 3011. Al tener fasttrack en el PC si haces una descarga gorda o un test de velocidad ¿la IPTV no se te pixela? Podrías decirme como lo configuraste exactamente, me vendría de perlas si consigo que la tele no se pixele y mantengo una velocidad decente en el PC. Ahora mismo lo que tengo... no me sube de ~150Mbps ninguno de los PC's, curiosamente subida da más... no me preguntes por qué porque estoy tratando de entenderlo pero no lo entiendo:

1669675579838.png


Además si habilito fasttrack entonces no me funcionan las queues ¿cómo haces para que convivan?

Gracias de antemano.
 
Buenas compi, estoy teniendo problemas de pixelación que pueden ir por aquí. Estoy intentando implementar algunas colas simples o un árbol de colas pero en este caso en un hex que lógicamente es más limitado que un 3011. Al tener fasttrack en el PC si haces una descarga gorda o un test de velocidad ¿la IPTV no se te pixela? Podrías decirme como lo configuraste exactamente, me vendría de perlas si consigo que la tele no se pixele y mantengo una velocidad decente en el PC. Ahora mismo lo que tengo... no me sube de ~150Mbps ninguno de los PC's, curiosamente subida da más... no me preguntes por qué porque estoy tratando de entenderlo pero no lo entiendo:

Ver el adjunto 101577

Además si habilito fasttrack entonces no me funcionan las queues ¿cómo haces para que convivan?

Gracias de antemano.
Buenas tardes! Al final lo tuve que casi dejar por imposible, el rb3011 no daba para mas, el fasttrack lo tengo activado para un selección de dispositivos, los demás los tengo limitados por colas simples.

Para tener fasttrack en los dispositivos "elegidos" lo que hice fue crear un address list con las ip de los dispositivos que me interesan y en fasttrack elegir esas adress list, los que no estén en esa lista pasan por las colas simple.
 
Buenas tardes! Al final lo tuve que casi dejar por imposible, el rb3011 no daba para mas, el fasttrack lo tengo activado para un selección de dispositivos, los demás los tengo limitados por colas simples.

Para tener fasttrack en los dispositivos "elegidos" lo que hice fue crear un address list con las ip de los dispositivos que me interesan y en fasttrack elegir esas adress list, los que no estén en esa lista pasan por las colas simple.
Ok, le echaré un ojo a ver cómo hacerlo. Aunque en mi caso me sirve con dar prioridad al tráfico de IPTV en un escenario de red saturada, lo que pasa que no doy con la tecla... no sin pasar de 1GB que se paga a tener un capado de >200Mbps... en cuanto deshabilito fasttrack es lo que da de sí el hex, eso comprobado 100%.
 
Arriba