Limit Video Streaming Speeds with Mikrotik

Streaming video can take up a lot of the bandwidth your ISP provides you. In fact, if you have less than a 10Mbps internet connection, a couple of simultaneous video streams can potentially slow down any other type of internet usage significantly. However, with this guide and a mikrotik router, you can limit video-streaming bandwidth so that it doesn’t eat up all of your available bandwidth.

The act of limiting bandwidth for certain activities or applications goes by a lot of different names: traffic shaping, QOS, throttling and bandwidth shaping are amongst the most common. Whatever you want to call it, we’re going to limit how fast Youtube and/or Netflix traffic can go, which allows you to reserve some of your bandwidth for other activities.

How it works

This guide covers how to create a self-propagating list of IP addresses used by Netflix / Youtube for video streaming, and automatically limit the speeds used by those IPs for networks or individual IP addresses that you can specify. Here are the config settings for those who prefer them:

[admin@MikroTik] > queue simple print
name=”YOUTUBE” target= parent=none packet-marks=Youtube priority=8/8 queue=default/default
limit-at=0/0 max-limit=50M/10M burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s bucket-size=0.1/0.1

name=”NETFLIX” target= parent=none packet-marks=Netflix priority=8/8 queue=default/default
limit-at=0/0 max-limit=50M/10M burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s bucket-size=0.1/0.1

[admin@MikroTik] > ip firewall mangle print
;;; Mark Youtube
chain=forward action=mark-packet new-packet-mark=Youtube passthrough=no src-address-list=Youtube log=no

;;; Mark Netflix
chain=forward action=mark-packet new-packet-mark=Netflix passthrough=no src-address-list=Netflix log=no

chain=prerouting action=add-dst-to-address-list address-list=Youtube address-list-timeout=30m
log=no log-prefix=””

chain=prerouting action=add-dst-to-address-list address-list=Youtube address-list-timeout=30m log=no log-prefix=””

chain=prerouting action=add-dst-to-address-list address-list=Netflix address-list-timeout=30m log=no log-prefix=””

The pasted config is setup as follows:

  • It creates two separate IP address lists: Netflix & Youtube. Each list stores IP addresses for 30 minutes as they’re discovered / used.
  • Traffic from IPs on those lists are marked with ‘Youtube’ and ‘Netflix’, which these are used for the Simple Queue rules to limit speeds
  • Simple queues are set for 10Mbps download and 50Mbps upload speeds and affect the network.

I’m assuming just about any Mikrotik router can perform theses tasks. I currently use this dual-band router and highly recommend you stick with dual-band versus buying a 2.4Ghz-only router. However, I know that you can run this on the cheap-o, ~$25 baby-blue 2.4Ghz router…. which may be fine for non-WiFi usage or WiFi usage within a single room.

Here’s a breakdown of the steps to create the rules so that you can limit Youtube and/or Netflix traffic on your network. This guide uses Winbox, but I assume that Webfig should be similar.

Creating Mangle Rules

We need to create a few mangle rules, and first off we’ll create those that build our IP address lists. We’ll start with the Youtube list.

To create a new mangle rule, go to IP > Firewall > Mangle, then press the ‘+’ sign:

Create Mikrotik Mangle Rule with Prerouting

In the new mangle rule window, under General > Chain, choose prerouting:

New mangle rule - prerouting chain selection

Click on the Advanced tab, and under content, type in ‘’:

Adding content filed for advanced mangle rule

Click on the Action tab, then choose ‘add dst to address list’ as the action, type ‘Youtube’ as the address list. The default timeout setting of 10 minutes is fine to leave as is.

Created destination address list - Mikrotik router

Once that’s set, click ‘Apply’ or ‘Ok’. The above rule will identify all the IP addresses for the domain and put them in a list called ‘Youtube’. You can see some of those IPs after browsing under IP > Firewall > Address Lists, and it’ll look something like this:

Mangle rule created Youtube address list in Mikrotik

Copying mangle rule with Mikrotik + Winbox
However, most or all of the actual video streaming takes place using, and we’ll need to create a second rule for that. Mikrotik makes it simple to duplicate rules, so you can just double-click on the first mangle rule created, then click ‘Copy’ as is shown to the right.

Once you create the second rule (the copy), you only need to edit one spot: under Advanced > Content, change ‘’ to ‘’:

Modify copied mangle rule

Then press Apply once you’ve changed that. Before moving further forward, a personal preference (and probably a good practice) is to leave a comment on the rules. A comment is like a short, personal note. Here’s an example alongside what it looks like when mixed with other rules:

Mikrotik mangle rule - comments in list

Comments are not necessary, but may help minimize confusion in some cases.

Mangle rule for the Netflix address list

The steps for creating a Netflix address list mangle rule is the same as Youtube as shown above. So, I won’t post screenshots, rather I’ll walk through the steps.

  1. Create a new mangle rule – IP > Firewall > Mangle > + sign
  2. Under the General tab, choose Chain > prerouting
  3. Under the Advanced tab, type into the Content field
  4. Under the Action tab, choose Action > add dst to address list, type Netflix in address list field
  5. Press ‘Ok’

Marking Youtube & Netflix traffic

In order to easily use simple queue rules to limit video-streaming traffic speeds, you need to mark traffic that originates from our address lists. We do this with a couple of mangle rules. I’ll walk through the Youtube settings with screenshots and post written instructions for Netflix as before.

Create a new mangle rule: IP > Firewall > Mangle > + sign, and under the General tab, choose Chain > forward:

Creating Youtube packet mark mangle rule

Under the Advanced tab, choose ‘Youtube’ from the Src. Address List dropdown menu:

Selecting Youtube address list for packet marks

Under the Action tab, choose Action > mark packet, then write in Youtube in the New Packet Mark field:

Marking Youtube IP list traffic packets

Press Ok or Apply to save the settings.

To setup the Netflix rule:

  1. Create a new mangle rule – IP > Firewall > Mangle > + sign
  2. Under the General tab, choose Chain > forward
  3. Under the Advanced tab, choose ‘Netflix’ from the Src. Address List dropdown field
  4. Under the Action tab, choose Action > mark packet, type Netflix in the New Packet Mark field
  5. Press ‘Ok’

Creating Simple Queue Rules

The simple queue rules are where this all comes together: it’s the final set of configurations that determine how fast, or how slow, your Youtube or Netflix video streams can go.

Create a new simple queue rule by clicking Queues > Simple Queues > + sign.

Your settings will differ from mine possibly, but here’s the General tab in my Youtube simple queue rule:

Youtube simple queue rule for traffic shaping

Pertinent to this guide,

  • Name is an identifier for the rule. I chose YOUTUBE.
  • Target is the IP network or individual address that is affected by this rule.
  • Target download is the maximum download speed IPs in the Youtube address list can use in aggregate to the target IP(s). There is a dropdown menu there,
    or you can write in your own speed (5M, 750k, etc)

Under the Advanced tab, choose Youtube from the Packet Mark dropdown menu:

Choosing packet mark for Simple Queue rule

Press ‘Ok’, then create a new rule for Netflix.

  1. Create a new simple queue rule: Queues > Simple Queues > + sign
  2. Under the General tab, add a Name, Target and Download speed under Max Limit
  3. Under the Advanced tab, choose Netflix from the Packet Mark dropdown menu
  4. Press ‘Ok’

That’s all there is to it.

Additional Information

I discovered the URLs to Youtube & Netflix CDNs (content delivery networks – video streaming servers) by looking at connections while streaming video. Explaining how to do this isn’t fitting for this site and well outside the scope of this guide. If these services start using new URLs, they won’t automatically be captured. Further, if Youtube or Netflix use IP-address based CDNs for streaming, which I didn’t see in setting this up, these would not show up in the address list automatically.

You can create a mangle rule for (copy the rule, replace with, which will enforce the speed limits on the domain along with video streaming. I purposely did not do this whereas I did with due to observations in how they behave. Your experience may differ.

If there’s interest, I can probably add some more video streaming services to the list. It’s really straightforward once you understand how it works, you just need to determine the URLs used by streaming services for their video, and plug that in to build the address list(s) and queuing rules.

If you have any questions, feel free to post them and I’ll do what I can to answer them.

Related Articles:

Posted on Published

18 Replies to “Limit Video Streaming Speeds with Mikrotik”

  1. Hi There,
    Good article something I was looking for. Just wondering why you create an IP list and not just simply have one mangle rule to mark the packets and then queue the marked packets?

    1. Mostly because of the way I figured out how to do it: build the IP list first, then figure out how to make the rest of it work. But, I also like being able to look at the list of IPs and seeing how may the services use.

  2. hi dear

    would you please help me regarding centos 8 proxy server add with load blanencer with 6x wan and one is lan and running PPPoE and hotspot

    1. If you have a specific question along these lines with a Mikrotik, I might recommend trying Reddit:

      I’ve had hit and miss success on Mikrotik forums. I’ve played around with hotspot and have setup a form of multiwan, I don’t think I’d have the right experience to really help you with your question.

  3. hi, this worked well for me but is there a way of setting the speed for individual streams rather than them all together.
    for example if i have 5 users at the same time and set download to 10mb then they all share the 10mb. is there a way to give them all 3mb individually. thanks

    1. Sorry for the delay. With everyone at home lately, my workload has increased significantly.

      You’d want to use PCQ queues to accomplish that:

      Edit May 31, 2020 – here’s a guide:

      This would allow each user to get roughly the same speeds. It does seem to work pretty well.

      I don’t have the setup or time to test at the moment, but you’ll probably want to create two new queue types (Queues > Queue Types)

      type name: pcq_download
      kind: pcq
      Rate: 10M
      Classifier: Dst. Address

      type name: pcq_upload
      kind: pcq
      Rate: 5M
      Classifier: Src. Address

      I’ve left the other fields as-is and am not sure how to optimize that if needed.

      Then, go to the simple queue rule, under Advanced, for the upload and download queue type (toward bottom, above Parent), and choose pcq_download and pcq_upload for their respective sides.

      That should allow one user to take advantage of the full speed while splitting the speed fairly as more users are added.

      Once I can test this out, I’ll add it to the above as it’s probably useful for multi-user homes without 100Mbps+ internet available.

      1. hi there good evening. can we use the same strategy for all the games instead of relying heavily on ports. so just do it in queue maybe queue tree or simple queue and ip/mangle just like above. I am hoping the queue algorithm will be good enough with its pcq-default to handle all the games better than using ports. thanks and hope to hear from you master soon.

        1. I don’t think I understand what you’re asking. I don’t see ports being specified in this article or the one linked to in the comment you replied to. Possibly a translation issue?

          You’ll need to clarify before I can give you a better answer. However, if you’re just looking to share all speed fairly in your local network, you can use this:

          If you want to limit speeds on any video streaming service your local network might access, you’ll need to find the URLs to the services or CDN URLs for each service, then add like the above to have the Mikrotik build the IP lists.

    2. sure, add different queues for each client capped at 3mb individually, or for a range of ips, and a global queue for a max global limit if you want

  4. Hi, I followed your above guide but the address list isn’t populating for either Youtube or Netflix. I’m just using the default configuration that comes on the Mikrotik router on a test bench and added your rules above.

    Is there something I am missing or possibly something blocking it in the default mikrotik config?

    1. Sorry for the delay in responding. The only thing I can think of is possibly fasttrack being enabled could cause that. It’s just a guess, but simple queues do not work with fasttrack enabled that I’d found, it’s possible that bypasses some of the mangle / filter rules.

  5. I think that connection marking will have a better impact on resources (cpu) because the initial mark will proceed any subsequent packets. I’ve tested your approach with this and seems to work. Thanks for the info!

  6. Excellent work. I wish I can get a fully configured router script I can just upload to a new router. Its so complicated for a newbie like me on routeros. I bought a hex rb750br3 and working on configuring it with all the necessary packages included hotspot/userman and a few UAP APs.

    1. I think a fully configured script from a third party would be problematic. Importing configs to hardware other than what it was exported from could cause weirdness. Certainly it might work, but I think the potential is greater for more problems to be created than resolved.

      That said, I wish there was better straightforward documentation to do some of these things. The hit-and-miss Mikrotik wiki is oftentimes not helpful when trying to learn how to do something simple that doesn’t exactly match their examples. Especially for people without a background in networking or limited familiarity with their OS. And, though there’s a ton of information online about doing different things with Mikrotik, they are scattered all over the internet and many (many) of them are old and no longer applicable with current-version RouterOS.

      Kind of a mini-rant, but I feel your pain. I enjoy the process of figuring things out, but would prefer a quicker method to getting something working than hours of trial and error. Glad this was useful for you.

Leave a Reply

Your email address will not be published. Required fields are marked *