CDN Management

CDN Management is how ProxPanel separates CDN traffic (Cloudflare, Akamai, local mirror servers, gaming CDNs) from regular Internet traffic and lets you offer subscribers extra speed or a higher quota specifically for CDN downloads.

The implementation is MikroTik-specific. ProxPanel creates and maintains PCQ (Per-Connection Queueing) queue types, mangle rules to mark packets, and simple queues with parent-of-parent structure on the router. When you change settings here and click Sync to MikroTik, the router config is rewritten to match.

How to get here

Sidebar → CDN. Direct URL: /cdn.

Requires cdn.view. Most installs restrict edit to admins. CDN Port Rules and CDN Bandwidth Rules are sub-pages.

Layout

Sub-page	Purpose
CDN Profiles	Each profile is one set of subnets + speeds + PCQ config. You typically have 1–3 profiles (e.g. “Local Mirrors”, “Cloudflare”, “Steam”).
CDN FUP tiers	On each Service, the CDN FUP tiers (3 daily + 3 monthly) controlling speed step-down for CDN traffic specifically.
CDN Port Rules	Port-direction-speed rules with optional DSCP marking.
CDN Bandwidth Rules	Time-windowed multipliers for CDN traffic (like Bandwidth Rules but PCQ-scoped).

CDN profile fields

Field	Notes
Name*	Display name, e.g. `Cloudflare`.
Subnets	Comma- or newline-separated CIDR list (e.g. `104.16.0.0/12, 172.64.0.0/13`). Newlines are normalised to commas server-side.
Download Speed / Upload Speed (kb)	Default speed for CDN-flagged traffic. Used as the per-user CDN simple-queue rate.
NAS IDs	Comma-separated NAS IDs this profile syncs to. Empty = all active NAS.
PCQ Enabled	If on, ProxPanel maintains a PCQ queue type on the router (`pcq-rate=N`, classify by `src-address` for download, `dst-address` for upload).
PCQ Target Pools	When PCQ is on, restricts classification to traffic to/from these MikroTik pool ranges. Auto-fills from the linked Service’s `pool_name` (v1.0.242–243).
Auto-Sync	If on, ProxPanel re-pushes whenever a profile changes. If off, you must click Sync to MikroTik manually.
Is Active	Master on/off. Disabling removes all related queues from the router on next sync.

CDN FUP tiers

On each service, the CDN FUP section defines speed step-downs for CDN-traffic only, independent of the main FUP. Three daily tiers and three monthly tiers, each with:

Threshold (bytes)
Download speed (kb)
Upload speed (kb)

QuotaSync tracks cdn_monthly_download_used, cdn_monthly_upload_used, cdn_daily_download_used, cdn_daily_upload_used separately from the main quota counters. When a CDN tier crosses, ProxPanel rewrites the CDN-specific MikroTik queue’s max-limit; the main internet queue is untouched.

CDN-traffic accounting uses MikroTik /tool/torch (v1.0.250) — Torch is run on each user’s PPPoE interface and traffic with remote IPs matching the profile’s subnets is counted. The previous approach (connection-tracking) returned zero on NAT’d networks; Torch works regardless.

CDN Port Rules

A port rule limits speed for traffic to/from a specific TCP/UDP port. Examples: limit BitTorrent ports to 5 Mbps; cap port 443 to 50 Mbps; boost gaming port 27015 to 100 Mbps.

Field	Notes
Name	Display name.
Port	TCP/UDP port number, or empty when Direction = dscp.
Protocol	`tcp`, `udp`, or `both`.
Direction	`src` (upload — local port matches), `dst` (download — remote port matches), `both`, or `dscp` (DSCP-only mode, see below).
Speed (kb)	Target rate for the simple queue.
NAS Target	Optional — restrict the rule to a specific NAS.

When synced, ProxPanel creates on the router:

A PCQ queue type named after the rule.
A mangle rule in the forward chain (not postrouting — packet marks have to be set BEFORE simple queues, fixed in earlier release) that matches the port and sets a packet-mark.
A simple queue at position 0 (top priority, so it processes traffic before per-user queues).

DSCP-only direction

Direction = dscp is a special case that creates a mangle rule in the postrouting chain with chain=postrouting, dscp=N and no port/protocol matching. The Port field is hidden, and a DSCP value input (0–63) is shown instead. Useful for marking traffic for downstream QoS without rate-limiting at the BNG.

Sync to MikroTik

The Sync to MikroTik button on each profile / port rule pushes the current config to one or more NAS devices. The button replaces an earlier broken every-5-minute auto-sync service (removed in v1.0.247 because it hammered the MikroTik API).

What sync does, in order, for each NAS:

Open the API connection.
Read the existing PCQ types, mangle rules, simple queues that ProxPanel manages.
Diff against the desired state.
Add new objects with deterministic names (proxpanel-<profile>-<direction>).
Update existing ones with /set.
Remove ones no longer needed.
Move the new simple queue to position 0 so it has priority over user queues.

Sync is idempotent — running it twice in a row is a no-op the second time. If sync fails partway through, retrying picks up where it left off.

Live CDN traffic graph

On the Subscribers list, each online row has a CDN graph icon. Clicking it opens a live chart showing CDN-tagged Mbps over the last few minutes. The data is fetched from GetCDNTrafficViaTorch which:

Runs /tool/torch interface=<pppoe>-username duration=2s on the NAS.
Filters by remote IPs in any CDN profile’s subnets.
Returns total bytes/sec as a rate (not a delta — cdn_is_rate = true tells the frontend not to compute deltas).

Pre-v1.0.250 this used connection-tracking and returned zero on NAT’d or non-conntrack-enabled networks. Torch works everywhere.

CDN Bandwidth Rules

Same UX as global Bandwidth Rules but scoped to CDN PCQ queues. A CDN-NIGHT-BOOST rule with multiplier 200% running 23:00–07:00 doubles every CDN PCQ rate during those hours.

Stacks with regular Bandwidth Rules:

The regular Bandwidth Rule changes the main per-user simple queue.
The CDN Bandwidth Rule changes the per-profile PCQ rate.
A subscriber inside both windows sees both effects.

Common workflows

Set up a “Local mirrors free” CDN profile

Add Profile → name Local-Mirrors.
Subnets — paste the local mirror IPs/CIDRs.
Speed (download / upload) — high enough that they effectively never limit (1000000 kb = 1 Gbps).
PCQ Enabled, target pools auto-fill.
Save → Sync to MikroTik.
On each Service, set CDN FUP tier thresholds high so the user can pull tens of GB from local mirrors without affecting their main quota.

Throttle BitTorrent system-wide to 5 Mbps

CDN → Port Rules → Add.
Name Bittorrent-Cap, Ports 6881-6999, Protocol both, Direction both, Speed 5000.
NAS Target — leave blank for global, or pick a specific one.
Save → Sync. Mangle rule + PCQ + position-0 simple queue go live on the router.

Boost Cloudflare downloads at night (Cloudflare CDN profile + bandwidth rule)

Make sure a Cloudflare CDN profile exists with the right subnets.
CDN → Bandwidth Rules → Add Rule.
Name CF-NIGHT, Window 23:00 → 07:00, Download Multiplier 300, scope to the Cloudflare profile.
Auto-Apply ON. Save.
Sync if not auto-syncing. Every 30 s during the window, the Cloudflare PCQ rate triples.

Permissions

Permission	Effect
`cdn.view`	Page loads.
`cdn.create` / `cdn.edit` / `cdn.delete`	Standard CRUD.
Admin role	Required for Sync to MikroTik (writes to the router).

Services & Plans — defines the CDN FUP tier thresholds and speeds applied per subscriber.
Bandwidth Rules — companion system for time-based speed changes on the main queue.
NAS / Routers — where the API credentials used for sync are configured.
Subscribers — Live CDN graph icon on each online row.
FUP Counters — main-FUP view; CDN FUP is tracked separately.