Manual:Connection Rate: Difference between revisions
Line 8: | Line 8: | ||
Connection Rate calculates speed of connection based on change of "connection-bytes". Connection Rate is recalculated every second and do not have any averages. | Connection Rate calculates speed of connection based on change of "connection-bytes". Connection Rate is recalculated every second and do not have any averages. | ||
Both options "connection-bytes" and "connection-rate" work only with TCP and UDP traffic. (you need to specify protocol to activate these options) | |||
You can specify range of speed that you like to capture. | You can specify range of speed that you like to capture. |
Revision as of 15:23, 17 September 2009
Introduction
Connection Rate is a firewall matcher that allow to capture traffic based on speed of connection.
Theory
Each entry in connection tracking table represent bidirectional communication. Every time packet gets associated to particular entry, packet size value (including IP header) is added to "connection-bytes" value for this entry.
Connection Rate calculates speed of connection based on change of "connection-bytes". Connection Rate is recalculated every second and do not have any averages.
Both options "connection-bytes" and "connection-rate" work only with TCP and UDP traffic. (you need to specify protocol to activate these options)
You can specify range of speed that you like to capture.
ConnectionRate ::= [!]From-To From,To ::= 0..4294967295 (integer number)
Example
These rules will capture TCP/UDP traffic that was going trough the router when connection speed was below 100kbps
/ip firewall filter add action=accept chain=forward connection-rate=0-100k protocol=tcp add action=accept chain=forward connection-rate=0-100k protocol=udp
Notes
Connection Rate is available in RouterOS since v3.30. This option was introduced to allow capture traffic intensive connections.
Application Example - Traffic Prioritization
Task is to set lower priority to all "heavy" traffic (such as P2P,HTTP,FTP downloads) and prioritize VOIP and HTTP browsing and online gaming.
Lets assume that normal browsing connection is less than 500kB long. And VOIP requires no more than 200kbps speed.
Quick Start for Impatient
/ip firewall mangle add chain=forward action=mark-connection connection-mark=!heavy_traffic_conn \ new-connection-mark=all_conn add chain=forward action=mark-connection connection-bytes=2000000-0 \ connection-mark=all_conn connection-rate=1M-4294967295 \ new-connection-mark=heavy_traffic_conn protocol=tcp add chain=forward action=mark-connection connection-bytes=2000000-0 \ connection-mark=all_conn connection-rate=1M-4294967295 \ new-connection-mark=heavy_traffic_conn protocol=udp add chain=forward action=mark-packet connection-mark=heavy_traffic_conn \ new-packet-mark=heavy_traffic passthrough=no add chain=forward action=mark-packet connection-mark=all_conn \ new-packet-mark=other_traffic passthrough=no /queue tree add name=upload parent=public max-limit=6M add name=other_upload parent=upload limit-at=4M max-limit=6M \ packet-mark=other_traffic priority=1 add name=heavy_upload parent=upload limit-at=2M max-limit=6M \ packet-mark=heavy_traffic priority=8 add name=download parent=local max-limit=6M add name=other_download parent=download limit-at=4M max-limit=6M \ packet-mark=other_traffic priority=1 add name=heavy_download parent=download limit-at=2M max-limit=6M \ packet-mark=heavy_traffic priority=8
Explanation
IP Firewall mangle
Queue
/