Skip to main content

Monitoring and Controlling Bandwidth on a MikroTik Router

Limiting bandwidth available to specific device(s) on MikroTik routers.

Having moved back to the Texas Hill Country, I'm on an LTE internet connection for both work and home, forcing me to be more cautious with my bandwidth consuption. This was driven by my inability to limit bandwith / video quality when using the Amazon Prime Video client on a Roku 3 -- a 45 minute episode of Justified burned about 1.25GB of data.

Unlike Netflix, I could find no mechanism with which I could limit video quality on Prime Video, either on the Roku 3 client on in my Amazon account. These notes document my forray into brute-force bandwidth throttling for Prime Video on a Roku 3.

Monitoring Bandwidth

I'm using a MikroTik OmniTik 5 ac router / access point. For an inexpensive piece of equipment, it offers some tremendous functionality. Relevant in this context is it's support for Cisco's NetFlow, which can stream network performance/protocol/endpoint information to a remote monitoring system for subsequent display/analysis.

For a monitoring system, I chose to use ntop (not ntopng), as it was the easiest to get running via macports.

Configuring ntop

I installed ntop via macports. After installation, I ran it via the following command:

ntop --user khe --db-file-path "$HOME/ntop"

It can be configured via macports to start as a service at boot time.

Once it's running, it can be accessed via browser at http://localhost:3000.

Using the web interface, configure ntop to accept NetFlow data from the MikroTik:

  • Plugins->NetFlow->Activate
  • Plugins->NetFlow->Configure->AddNetFlowDevice
    • Enter MikroTik as the NetFlow Device, click Set Interface Name
    • Enter 2055 as the Local Collector UDP Port, click Set Port
    • Enter the MikroTik router's address/netmask as the Virtual NetFlow Interface Network Addres, click Set Interface Address.
  • Admin->SwitchNIC, click NetFlow device

At this point, ntop is listening for NetFlow data on port 2055.

Configuring the MikroTik Router

Although I have an OmniTik router, these instructions will apply to any MikroTik router running RouterOS 6. Enter the following RouterOS commands via ssh or WinBox:

 /ip traffic-flow set enabled=yes interfaces=all
 /ip traffic-flow target add dst-address= port=2055 version=5

The IP address shown is that of the machine running ntop.

Using ntop to Monitor Bandwidth/Traffic

Once RouterOS is configured, data should appear in ntop. If it doesn't, check Utils->ViewLog for possible hints about the problem.

Using ntop is simple. For example, browsing to browsing to IP->Summary->Traffic will display bandwidth usage by IP. Within the Network Traffic page, clicking on an IP will display detailed information about traffic to/from the IP.

Controlling Bandwidth

I am new to RouterOS; it's quite possible there are better ways to accomplish my goal.

Apparently the key to any of the bandwith limiting mechanisms is the fasttrack feature. When fasttrack is enabled, many portions of the typical packet flow within the switch are bypassed. This seemingly includes bandwidth control, among many other things. This explains why a number of my early attempts at controlling bandwidth failed.

Disable fasttrack

The first step, then, is to disable fasttrack. This can reduce router performance due to the increased packet processing overhead, but my network is lightly used overall and I had to find some way to control bandwidth. To disable fasttrack, run the command /ip firewall filter print and look for the rule that starts ;;; defconf: fasttrack. In my case, it was rule #7.

To disable fasttrack, disable it's firewall rule via: /ip firewall filter disable numbers=7.

There are at least two ways to control bandwidth by IP. One involves the creation of a Queue which is linked to the IP. The other involves using DHCP settings to limit bandwidth. I chose the latter because either approach involves ensuring the target device has a stable static IP.

Limit Bandwidth via DHCP

I chose 256Kb/s as a starting point; this is about 115MB/hour. This represents at least a ten-fold decrease in bandwidth utilization for APV. I found that NetFlix would function at even lower rates but that Prime Video would not. This setting provides a suitably pixelated image on both services, making it apparent that bandwidth is being throttled.

I should point out that this approach throttles bandwidth to anything accessing the network from the Roku -- Prime Video, Netflix, HULU, whatever... -- it's a pretty blunt instrument.

  1. Find the IP and MAC of the device you wish to rate limit. In my case, the Roku had already been on the network and had a DHCP lease. Find it by:

    /ip dhcp-server lease print
  2. Use the IP and MAC from the previous step and change it to a static IP and set a rate limit:

    /ip dhcp-server lease
    add address= address-lists="" dhcp-option="" disabled=no
    insert-queue-before=first mac-address=B0:A7:37:EB:E6:29 rate-limit=256k

Although I'm using ntop to monitor bandwidth conumption overall long-term, it leaves a little to be desired if one is tweaking RouterOS settings and looking for near-real-time data. RouterOS can help here. Graphs are available in both WinBox and the web interface. I actually prefer the web interface for this as the axes are well labeled, whereas there are no units labels on the WinBox graphs.

With the RouterOS in WebFig mode, click on 'Interfaces', choose the relevant interface, and scroll to the bottom of the page for real-time bandwidth graphs. I haven't been able to find a built-in way to graph bandwidth for IP addresses.

Note that when looking at an individual interface, the 'Overall Stats' tab shows cumulative Tx/Rx data. It also allows the counters to be reset. Depending upon your situation, this may be all you need, allowing one to dispense with ntop.

I expect to add a Plex client to the Roku in a month or so. At that time, I'll have to revisit this plan. Granting the Roku unlimited bandwidth when accessing a local Plex server may require revisiting the use of Queues.