[minipost] Mikrotik QoS Prioritization Example

If you ever hosted any internet service at home and/or had some network application using your Internet connection upload and disturbing your other activities, one very common example (but not actually my situation) is when running torrent traffic making your Internet games lag because uncontrolled torrents take away the upload bandwidth. Then you should consider making the applications you want to have priority (games, voice, video) against the other not so sensitive stuff (torrent, http, etc… ).

In theory, you need to prioritize different packets leaving from your router for the Internet to solve this situation. So lets do this on an example home network I created very simply for the sake of this article. On the next picture below, you see a typical home network. With example 100Mbit LAN and 3Mbits Internet upload.

Example Topology

Also with no other traffic, when someone tries to download a file from any LAN system, he can use the full speed. As visible below:

Uploading file from LAN system

Ok, now what happens when both the internal users and the networkgeekstuff.com server starts to send packets at full speed to the internet? Well, there is no priority to any of the traffic streams, therefore the router will make both share the upload equally.


From a practical example test again downloading files from both networkgeekstuff.com and a random LAN system:

Uploading file from LAN system -> equal share of uplink
Uploading file from networkgeekstuff system -> equal share of uplink

Creating priority for upload traffic on Mikrotik RB450

Ok, now I have showed you the problem, now for the solution. From the 3128kbps upload traffic, I would like to make these statements implemented:

  • Networkgeekstuff.com server can make full use of the upload when no other traffic is using it
  • Networkgeekstuff.com server has a reservation of 320kbps, this is exclusive for it.
  • Other LAN systems have priority over Networkgeekstuff.com and can fully use whole upload bandwidth.

Configuration is three step process, classify->mark->prioritize:

1) We have to classify the two types of traffic we want to manipulate

/ip firewall mangle
add  chain=postrouting action=mark-connection \
 new-connection-mark=networkgeekstuff.com_upload_packet \
 passthrough=yes protocol=tcp \
 out-interface=ether1 src-port=80

add  chain=postrouting action=mark-connection \
 new-connection-mark=LAN_upload_packet \
 passthrough=yes src-address= \

2) Then we have to mark the packets in each connection

/ip firewall mangle
add  chain=postrouting action=mark-packet \
 passthrough=no out-interface=ether1 \

add  chain=postrouting action=mark-packet \
 new-packet-mark=LAN_upload_packet_mark passthrough=no \

3) Now we create a priority tree

/queue tree
add max-limit=3128k name=QoS_OVERALL parent=ether1
add name=QoS_LAN parent=QoS_OVERALL priority=1 packet-mark=LAN_upload_packet_mark
add name=QoS_NetworkGeekStuff parent=QoS_OVERALL priority=8 \
 packet-mark=networkgeekstuff.com_upload_packet_mark limit-at=320k max-limit=3128k

Explanation is definitely needed on the 3rd part. As you see we give priority=1 (best) to the LAN marked packets and priority=8 (worst) to the networkgeekstuff.com upload traffic. Additionally you can notice that I have given the networkgeekstuff.com a reservation by using limit-at=320k, this means that there is no limit applied to the traffic if the traffic only uses less than 320kbps of bandwith. But also the max-limit=3128k tells the router to limit this traffic for maximum bandwidth (yes, it doesn’t make sense, but this parameter has to be set otherwise the configuration line is not actually working).

Results of the implementation

If you didn’t made a mistake, right now the traffic should behave a little like this:


Also the practical tests I managed to get and I hope they are self-explanatory, just notice how networkgeekstuff.com upload only gets around 40kbps and the other upload gets almost all remaining bandwidth.

Uploading file from LAN system -> system gets priority on uplink
Uploading file from networkgeekstuff system -> limited priority to only reserved 320bps (40kBps)

More reading on Mikrotik QoS

I must say that I admit to not providing much explanation on why the configuration is the way I made it, the point is that Mikrotik guys made a very nice explanations on how to do QoS on their router themselves that is available behind these links:


Again, I hope this helps anyone a little. I didn’t wanted this to become an extensive explanation into Mikrotik QoS as there are better sources on this purpose available (as mentioned on the above section). But it can serve as a quick reference to solve one very common situation on small networks sharing both users and hosted services.

Peter Havrila , published on


  1. Pingback: Anonymous
  2. Please see my work in progress at the MikroTik forums, it is entitled “Using RouterOS to prioritize (Qos) traffic for a Class C network”.

  3. Thank you very much for this clear, simple and concise explanation of prioritization on Mikrotik. I just have 2 questions:

    1) Why did you mark the traffic in the postrouting chain and not the prerouting chain?
    2) If we wanted to prioritize download traffic, would we mark the traffic in the prerouting chain?

    Thank you. I look forward to your reply. 🙂

    1. Hello Julius,

      1) I used postrouting because the I used “out-interface=ether1” in the mangle table filtering rules. Out-interface cannot be used in prerouting table because routing table was not yet searched by Mikrotik for exit port for the packet. And I used out-interface because my LAN is connected on several ports (eth2+eth3+eth4) and using prerouting would mean that I have to put this marking to all LAN interfaces separately.
      2) You cannot really prioritize “incoming” traffic in real life because you do not have control on your internet provider router to configure it what packets to send towards you with better priority ;). From principle and from theory prioritization is “outgoing interface function”. If you want to limit someone on your network downloading too much, you can only speed limit his traffic on incoming internet interface and prioritize only in outgoing direction on your LAN interface.

      Hope this helps,

      1. Thank you Peter for your prompt reply.

        Its clear now…..Prioritize on the out-interface and limit on the in-interface. Well explained.

        Cheerz! 🙂


Comments are closed.