====== QoS - dwa łącza i kolejki drzewiaste ======

Schemat:

{{ ::mangle_example.png?direct&600 |}}

Komendy Mikrotika do w/w konfiguracji i łącz o przepustowości 20/20Mbps i 50/10Mbps:
<file>
/ip firewall mangle
add action=mark-packet chain=prerouting comment="QoS wan2" connection-mark=wan2-serv-conn new-packet-mark=wan2-serv-packets passthrough=no
add action=mark-packet chain=prerouting connection-mark=wan2-lan-conn new-packet-mark=wan2-lan-packets passthrough=no
add action=mark-packet chain=prerouting connection-mark=wan2-wifi-conn new-packet-mark=wan2-wifi-packets passthrough=no
add action=jump chain=forward connection-state=new jump-target=wan2-src out-interface=eth7
add action=jump chain=wan2-src jump-target=wan2-serv src-address=10.0.0.0/24
add action=mark-connection chain=wan2-serv new-connection-mark=wan2-serv-conn passthrough=yes
add action=mark-packet chain=wan2-serv connection-mark=wan2-serv-conn new-packet-mark=wan2-serv-packets passthrough=no
add action=jump chain=wan2-src jump-target=wan2-lan src-address=10.0.1.0/24
add action=mark-connection chain=wan2-lan new-connection-mark=wan2-lan-conn passthrough=yes
add action=mark-packet chain=wan2-lan connection-mark=wan2-lan-conn new-packet-mark=wan2-lan-packets passthrough=no
add action=jump chain=wan2-src jump-target=wan2-wifi src-address=10.0.2.0/24
add action=mark-connection chain=wan2-wifi new-connection-mark=wan2-wifi-conn passthrough=yes
add action=mark-packet chain=wan2-wifi connection-mark=wan2-wifi-conn new-packet-mark=wan2-wifi-packets passthrough=no
add action=jump chain=forward connection-state=new in-interface=eth7 jump-target=wan2-dst
add action=jump chain=wan2-dst dst-address=10.0.0.0/24 jump-target=wan2-serv
add action=jump chain=wan1-dst dst-address=10.0.1.0/24 jump-target=wan2-lan
add action=mark-packet chain=prerouting comment="QoS wan1" connection-mark=wan1-serv-conn new-packet-mark=wan1-serv-packets passthrough=no
add action=mark-packet chain=prerouting connection-mark=wan1-lan-conn new-packet-mark=wan1-lan-packets passthrough=no
add action=mark-packet chain=prerouting connection-mark=wan1-wifi-conn new-packet-mark=wan1-wifi-packets passthrough=no
add action=jump chain=forward connection-state=new jump-target=wan1-src out-interface=sfp1
add action=jump chain=wan1-src jump-target=wan1-serv src-address=10.0.0.0/24
add action=mark-connection chain=wan1-serv new-connection-mark=wan1-serv-conn passthrough=yes
add action=mark-packet chain=wan1-serv connection-mark=wan1-serv-conn new-packet-mark=wan1-serv-packets passthrough=no
add action=jump chain=wan1-src jump-target=wan1-lan src-address=10.0.1.0/24
add action=mark-connection chain=wan1-lan new-connection-mark=wan1-lan-conn passthrough=yes
add action=mark-packet chain=wan1-lan connection-mark=wan1-lan-conn new-packet-mark=wan1-lan-packets passthrough=no
add action=jump chain=wan1-src jump-target=wan1-wifi src-address=10.0.2.0/24
add action=mark-connection chain=wan1-wifi new-connection-mark=wan1-wifi-conn passthrough=yes
add action=mark-packet chain=wan1-wifi connection-mark=wan1-wifi-conn new-packet-mark=wan1-wifi-packets passthrough=no
add action=jump chain=forward connection-state=new in-interface=sfp1-wan-wan1 jump-target=wan1-dst
add action=jump chain=wan1-dst dst-address=10.0.0.0/24 jump-target=wan1-serv
add action=jump chain=wan2-dst dst-address=10.0.1.0/24 jump-target=wan2-lan
/queue tree
add max-limit=10M name=wan2-upload parent=eth7
add limit-at=4M max-limit=10M name=wan2-upload-lan packet-mark=wan2-lan-packets parent=wan2-upload priority=2 queue=pcq-upload-default
add limit-at=4M max-limit=10M name=wan2-upload-serv packet-mark=wan2-serv-packets parent=wan2-upload priority=1 queue=pcq-upload-default
add limit-at=1M max-limit=10M name=wan2-upload-wifi packet-mark=wan2-wifi-packets parent=wan2-upload priority=4 queue=pcq-upload-default
add max-limit=20M name=wan1-upload parent=sfp1
add limit-at=4M max-limit=20M name=wan1-upload-serv packet-mark=wan1-serv-packets parent=wan1-upload priority=1 queue=pcq-upload-default
add limit-at=4M max-limit=20M name=wan1-upload-lan packet-mark=wan1-lan-packets parent=wan1-upload priority=2 queue=pcq-upload-default
add limit-at=1M max-limit=20M name=wan1-upload-wifi packet-mark=wan1-wifi-packets parent=wan1-upload priority=4 queue=pcq-upload-default
add max-limit=1024M name=serv parent=eth2
add limit-at=8M max-limit=50M name=serv-wan2 packet-mark=wan2-serv-packets parent=serv priority=1 queue=pcq-download-default
add limit-at=8M max-limit=20M name=serv-wan1 packet-mark=wan1-serv-packets parent=serv priority=1 queue=pcq-download-default
add max-limit=1024M name=lan parent=eth3
add limit-at=8M max-limit=20M name=lan-wan1 packet-mark=wan1-lan-packets parent=lan priority=2 queue=pcq-download-default
add limit-at=8M max-limit=50M name=lan-wan2 packet-mark=wan2-lan-packets parent=lan priority=2 queue=pcq-download-default
add max-limit=1024M name=wifi parent=eth5-wifi
add limit-at=2M max-limit=50M name=wifi-wan2 packet-mark=wan2-wifi-packets parent=wifi priority=4 queue=pcq-download-default
add limit-at=2M max-limit=20M name=wifi-wan1 packet-mark=wan1-wifi-packets parent=wifi priority=4 queue=pcq-download-default
</file>

W firewallu nie dodaliśmy markowania pakietów, jak by ktoś się łączyć do sieci wifi ponieważ nie założyłem, że przekierowania portów będą dotyczyły sieci wifi.

Objaśnienie:
  * eth2 - serwery,
  * eth3 - userzy,
  * eth5 - wifi,
  * eth7 - ISP2,
  * sfp1 - ISP1.

Zagwarantowałem łącze dla podsieci:
  * serwerowej: 8/4Mbps (priorytet 1) - 10.0.0.0/24,
  * userów: 8/4Mbps  (priorytet 2) - 10.0.1.0/24,
  * wifi: 2/1Mbps (priorytet 4) - 10.0.2.0/24.