How to configure dynamic queue on Mikrotik routers using Queue Tree.

If you are a network administrator/engineer, then the Mikrotik  Queue Tree has got to be your coolest way of sharing
your limited bandwidth among your users in such a way that the bandwidth
allocated to a group or a user, becomes available for others if the user to whom
the bandwidth was allocated is not available at that time.

inexperienced net admins do, is to use simple queue to allocate bandwidth for
individuals, groups or subnets. While this method seems to work, it is
inefficient because, if you have a 2Mbps link out of which you have allocated
1Mbps to group A and 1Mbps to group B, group A will be confined to a maximum
bandwidth speed of 1Mbps even if no user from group B is on the network. That
is a waste of bandwidth that could have been automatically allocated to group A
since no one is using it at that time.
In this
demonstration, I will assume I have a 5Mbps link that needs to be shared among
three groups: the Directors(2Mbps), Managers(2Mbps), and Others(1Mbps). The queue will be configured in a way that in the absence bandwidth utilization from the
Directors, their allocated bandwidth will go to the managers, making sure they
have 4Mbps, and if for any reason the Directors and the managers are not on the
network, the “Others” group gets to use the entire 5Mbps. However,
each group will be confined to their allocated bandwidth, as long as there is
at least one user from each group on the network.
To achieve
this, I am going to use queue tree on my Mikrotik RB750. I will create an address
list for each group, and any user whose IP address is entered in any group,
becomes a member of that group and automatically inherits the policies applied
to the group.
To create
address lists, do the follow: Click on IP>>Firewall>>Address
list>>Add>>name of address-list>>users IP address.

Once a name has been entered for an address list, that
name is stored on the router. To add more IP addresses to that address list,  simple
click on the arrow beside name and choose the address list, then add the IP
address of the user you want to add to that address list. Repeat the steps
highlighted in the image above to create more address lists (Managers and
Having created the address lists, next thing is for us to
match users’ packets using mangle rules. To do this, Click on
IP>>Firewall>>Mangle>> Click on the add sign. The chain
should be left at pre-routing, click on the advance tab, click on the arrow
beside “source address list” and choose one of your earlier created address list;
Directors, click on action and choose mark connection, then enter a name for the
connection; a name like “Directors-Conn”. Click on apply and Ok. To
get the packet for the group named Directors, again, go to
IP>>Firewall>>Mangle>>add, click on connection mark and
choose the one you just created; “Directors-Conn”, click on the
action tab, click on mark packets and enter a name for the packets;
“Directors-Packs” Repeat these steps two more times for the two
remaining groups- Managers and Others. See steps in the images below:
The images above are for the connection marks, to mark
the packets, click on IP>>Firewall>>Mangle>> click on add,
leave the chain as pre-routing,
click on the arrow beside connection mark and choose the connection whose
packets you want to mark, click on the action tab, click on the arrow beside
action and choose mark packet, enter a name for the packet, and click on “apply”
and “Ok”. See the steps in the images below.

Repeat the above
for the other groups.
Now, that
we have our packets marked, let’s head to Queue Tree
and configure our dynamic queue. To do that, simply click on Queue>>Queue
Tree>>Add. First you create a queue for your subscribed bandwidth. That
is like the total available bandwidth. Mine is 5Mbps.
Next, we create for different groups, starting with the
“Directors” group. In
Queue Tree, click on add, enter a name for the queue, parent should be total (the
total available bandwidth queue created above), choose the packet mark for the
group, enter the a value for the group’s limit when other group users are on
the network (limit at) and a value for the maximum bandwidth the group can
enjoy when the other groups are not on the network (Max limit)
the steps above for Mangers, and Others. If you do everything right, you will
have an output similar to the image below.
For this to work very well, make sure the priority for
“Directors is lower the that of ” Managers” which is in turn
lower than that of “Others” For example, Directors priority should be
5, mangers 6, while Others should be left at the default which is 8. The lower
the priority number, the higher. This will make sure that the Directors will
take up the bandwidth allocated to Others ahead of “Managers” if no
user from the “Others” group is on the network.
Most people usually configure queues for download and upload packets. I have found such method to be a waste of time as it doesn’t work.  The method used in this demonstration works for both download and upload packed.  

Feel free to drop your questions in the comment box. Thanks for reading and stay safe.

Spread the love


Ashioma Michael, a BSc (Computer Science)., MTCNA, CCNA, and CCNP holder with many years of industry-proven experience in network design, implementation and optimization. He has tutored and guided many professionals towards obtaining their Cisco certifications. Mike works as a senior network engineer with one of the leading internet service providers in West Africa.

Leave a Reply

Your email address will not be published. Required fields are marked *