Default usernames and passwords are significant security vulnerabilities on any internet facing device. It’s a…
Implement Rate Limits on MikroTik Gear.
Whether it’s for your home network, lab, or your customers’ home routers, rate limiting always comes in handy. Queues and queue trees can solve problems such as buffer bloat, maxing out monthly bandwidth cap, oversaturation of your network, etc.
In this article, we will focus on a very simple limiting download/upload of the network, but the same principle can be applied in different (e.g. per device) scenarios, and the best part is – with RemoteWinBox, you can do this from the comfort of your bed, couch, favorite restaurant, or any other place where you have internet access!
Step 1: Use a configured RemoteWinBox router to log into WinBox to apply rate-limiting.
Step 2: Due to MikroTik’s packet flow (refer to https://wiki.mikrotik.com/wiki/Manual:Packet_Flow), the first thing that needs to be addressed is a particular firewall filter rule called FastTrack. In a MikroTik’s default configuration for a home router, fasttracking is enabled which boosts performance by allowing packets to bypass the rest of the firewall for established & related connections. Bypassing the firewall would result in skipping our rate limit, so we’ll start by disabling FastTrack.
To disable fasttracking, open a new terminal (if you’re a CLI kind of person) and use the following command: /ip firewall filter disable [find action=fasttrack-connection]
Alternately, use the screenshot and find the “defconf: fasttrack” commented rule and hit the red X to disable it.
Step 3: Add a simple queue to apply rate-limiting. /queue simple add max-limit=10M/10M name=myQueue queue=pcq-upload-default pcq-download-default target=192.168.88.0/24 # note that target would be an IP address or a subnet of the network you’re rate-limiting. By MikroTik’s default, this value is 192.168.88.0/24 to cover all the devices on the LAN.
To prevent any future confusion, it is worth noting that the values for max-limit are respectively upload/download, and in this case, I set the rate-limiting at 10Mbps for upload, and 10Mbps for download.
After applying the queue, your Queue List should looks like this:
Step 4 (if applicable): If you notice that your queue didn’t go into effect, the problem may be in the connection tracking, so run the command below to clear out the connection tracking table: /ip firewall connection remove [find]
And that is how to do a simple rate limiting on MikroTik routers! Hopefully this read was informative, or a reminder to implement this important piece into your network.