How to apply different limits for Local/Overseas traffic: Difference between revisions

From MikroTik Wiki
Jump to navigation Jump to search
No edit summary
No edit summary
Line 45: Line 45:


/ queue simple
/ queue simple
add name="queue1" target-addresses=192.168.100.254/32 dst-address=0.0.0.0/0 \
add name="Oversea" target-addresses=192.168.100.254/32 dst-address=0.0.0.0/0 \
     interface=all parent=none packet-marks="Oversea traffic" direction=both \
     interface=all parent=none packet-marks="Oversea traffic" direction=both \
     priority=8 queue=default-small/default-small limit-at=0/0 \
     priority=8 queue=default-small/default-small limit-at=0/0 \
     max-limit=256000/256000 total-queue=default-small disabled=yes
     max-limit=256000/256000 total-queue=default-small disabled=no
add name="queue4" target-addresses=192.168.100.254/32 dst-address=0.0.0.0/0 \
add name="Local Country" target-addresses=192.168.100.254/32 dst-address=0.0.0.0/0 \
     interface=all parent=none packet-marks="Local Traffic" direction=both \
     interface=all parent=none packet-marks="Local Country Traffic" direction=both \
     priority=8 queue=default-small/default-small limit-at=0/0 \
     priority=8 queue=default-small/default-small limit-at=0/0 \
     max-limit=1024000/1024000 total-queue=default-small disabled=yes
     max-limit=1024000/1024000 total-queue=default-small disabled=no
</pre>
</pre>


==Explanation==
==Explanation==
===Address-list===
===Address-list===
First we create Local country address-list, where are placed list of network numbers belonging to ISPs in Latvia (any other country network addresses can be used instead).
Full address-list configuration is not included (too many address-list entries), but address-list idea is clear.
Networks added to the list 'Latvia':
<pre>
/ ip firewall address-list
add list=Latvia address=159.148.0.0/16 comment="" disabled=no
add list=Latvia address=193.41.195.0/24 comment="" disabled=no
add list=Latvia address=193.41.33.0/24 comment="" disabled=no
add list=Latvia address=193.41.45.0/24 comment="" disabled=no
add list=Latvia address=193.68.64.0/19 comment="" disabled=no
add list=Latvia address=193.108.29.0/24 comment="" disabled=no
add list=Latvia address=193.108.144.0/22 comment="" disabled=no
add list=Latvia address=193.108.185.0/24 comment="" disabled=no
add list=Latvia address=193.109.211.0/24 comment="" disabled=no
add list=Latvia address=193.109.85.0/24 comment="" disabled=no
add list=Latvia address=193.110.8.0/23 comment="" disabled=no
add list=Latvia address=193.110.164.0/23 comment="" disabled=no
...
add list=Latvia address=193.111.244.0/22 comment="" disabled=no
</pre>
Note, it's much easier to create/edit such list with Excel or any other similar program.
===Mangle===
First we add rule to mark connections that belong to local router's subnet (192.168.100.0/24).
Second rule marks connections between local subnet and overseas networks. Third rule marks oversea packets and exclude them from mangle table (passtrough=no). Finally, the last rule places packet mark on all packets that belong to Local country traffic.
<pre>
/ ip firewall mangle
add chain=prerouting src-address=192.168.100.0/24 action=mark-connection \
    new-connection-mark="Con Entire Traffic" passthrough=yes \
    comment="Mark-connection All Traffic" disabled=no
add chain=prerouting src-address=192.168.100.0/24 connection-mark="Con Entire \
    Traffic" dst-address-list=!Latvia action=mark-connection \
    new-connection-mark="Con Oversea" passthrough=yes comment="Mark-connection \
    Oversea Traffic" disabled=no
add chain=prerouting connection-mark="Con Oversea" action=mark-packet \
    new-packet-mark="Oversea traffic" passthrough=no comment="Mark-packet \
    Oversea Traffic" disabled=no
add chain=prerouting action=mark-packet new-packet-mark="Local Country Traffic" \
    passthrough=no comment="Mark-packet Local Country Traffic" disabled=no
</pre>
===Simple Queue===
Queue configuration is quite simple in the particular case.
192.168.100.254 is the local network host.
First rule sets limit to Oversea traffic for the particular host. Respectively second simple queue set limit for Local country traffic.
<pre>
/ queue simple
add name="Oversea" target-addresses=192.168.100.254/32 dst-address=0.0.0.0/0 \
    interface=all parent=none packet-marks="Oversea traffic" direction=both \
    priority=8 queue=default-small/default-small limit-at=0/0 \
    max-limit=256000/256000 total-queue=default-small disabled=no
add name="Local Country" target-addresses=192.168.100.254/32 dst-address=0.0.0.0/0 \
    interface=all parent=none packet-marks="Local Country Traffic" direction=both \
    priority=8 queue=default-small/default-small limit-at=0/0 \
    max-limit=1024000/1024000 total-queue=default-small disabled=no
</pre>

Revision as of 15:41, 26 September 2006

Introduction

Let us consider the scenario, when you want to apply different limit to Local and Oversea traffic. Oversea traffic - traffic that doesn't belong to the Local country traffic.

To distinguish oversea traffic from Local country traffic, we will use 'mangle marks' and 'address-list' features. It will place appropriate marks to the packets to/from the Local country and Oversea networks. Local traffic is 'latvian traffic' in the particular example, list of network numbers belonging to ISPs in Latvia can be extracted from file: http://www.nic.lv/local.net

Note, 'address-list' entries should be replaced with respective addresses, if your router isn't located in Latvia. To find the actual list of network numbers belonging to your country, use Google or any other resources.

Simple queues will limit data rate for the Local country traffic and Oversea traffic.

Quick Start for Impatient

Configuration export from the router:

/ ip firewall address-list 
add list=Latvia address=159.148.0.0/16 comment="" disabled=no 
add list=Latvia address=193.41.195.0/24 comment="" disabled=no 
add list=Latvia address=193.41.33.0/24 comment="" disabled=no 
add list=Latvia address=193.41.45.0/24 comment="" disabled=no 
add list=Latvia address=193.68.64.0/19 comment="" disabled=no 
add list=Latvia address=193.108.29.0/24 comment="" disabled=no 
add list=Latvia address=193.108.144.0/22 comment="" disabled=no 
add list=Latvia address=193.108.185.0/24 comment="" disabled=no 
add list=Latvia address=193.109.211.0/24 comment="" disabled=no 
add list=Latvia address=193.109.85.0/24 comment="" disabled=no 
add list=Latvia address=193.110.8.0/23 comment="" disabled=no 
add list=Latvia address=193.110.164.0/23 comment="" disabled=no 
...
add list=Latvia address=193.111.244.0/22 comment="" disabled=no 

/ ip firewall mangle 
add chain=prerouting src-address=192.168.100.0/24 action=mark-connection \
    new-connection-mark="Con Entire Traffic" passthrough=yes \
    comment="Mark-connection All Traffic" disabled=no 
add chain=prerouting src-address=192.168.100.0/24 connection-mark="Con Entire \
    Traffic" dst-address-list=!Latvia action=mark-connection \
    new-connection-mark="Con Oversea" passthrough=yes comment="Mark-connection \
    Oversea Traffic" disabled=no 
add chain=prerouting connection-mark="Con Oversea" action=mark-packet \
    new-packet-mark="Oversea traffic" passthrough=no comment="Mark-packet \
    Oversea Traffic" disabled=no 
add chain=prerouting action=mark-packet new-packet-mark="Local Country Traffic" \
    passthrough=no comment="Mark-packet Local Country Traffic" disabled=no 

/ queue simple
add name="Oversea" target-addresses=192.168.100.254/32 dst-address=0.0.0.0/0 \
    interface=all parent=none packet-marks="Oversea traffic" direction=both \
    priority=8 queue=default-small/default-small limit-at=0/0 \
    max-limit=256000/256000 total-queue=default-small disabled=no 
add name="Local Country" target-addresses=192.168.100.254/32 dst-address=0.0.0.0/0 \
    interface=all parent=none packet-marks="Local Country Traffic" direction=both \
    priority=8 queue=default-small/default-small limit-at=0/0 \
    max-limit=1024000/1024000 total-queue=default-small disabled=no 

Explanation

Address-list

First we create Local country address-list, where are placed list of network numbers belonging to ISPs in Latvia (any other country network addresses can be used instead). Full address-list configuration is not included (too many address-list entries), but address-list idea is clear. Networks added to the list 'Latvia':

/ ip firewall address-list 
add list=Latvia address=159.148.0.0/16 comment="" disabled=no 
add list=Latvia address=193.41.195.0/24 comment="" disabled=no 
add list=Latvia address=193.41.33.0/24 comment="" disabled=no 
add list=Latvia address=193.41.45.0/24 comment="" disabled=no 
add list=Latvia address=193.68.64.0/19 comment="" disabled=no 
add list=Latvia address=193.108.29.0/24 comment="" disabled=no 
add list=Latvia address=193.108.144.0/22 comment="" disabled=no 
add list=Latvia address=193.108.185.0/24 comment="" disabled=no 
add list=Latvia address=193.109.211.0/24 comment="" disabled=no 
add list=Latvia address=193.109.85.0/24 comment="" disabled=no 
add list=Latvia address=193.110.8.0/23 comment="" disabled=no 
add list=Latvia address=193.110.164.0/23 comment="" disabled=no 
...
add list=Latvia address=193.111.244.0/22 comment="" disabled=no 

Note, it's much easier to create/edit such list with Excel or any other similar program.

Mangle

First we add rule to mark connections that belong to local router's subnet (192.168.100.0/24). Second rule marks connections between local subnet and overseas networks. Third rule marks oversea packets and exclude them from mangle table (passtrough=no). Finally, the last rule places packet mark on all packets that belong to Local country traffic.

/ ip firewall mangle 
add chain=prerouting src-address=192.168.100.0/24 action=mark-connection \
    new-connection-mark="Con Entire Traffic" passthrough=yes \
    comment="Mark-connection All Traffic" disabled=no 
add chain=prerouting src-address=192.168.100.0/24 connection-mark="Con Entire \
    Traffic" dst-address-list=!Latvia action=mark-connection \
    new-connection-mark="Con Oversea" passthrough=yes comment="Mark-connection \
    Oversea Traffic" disabled=no 
add chain=prerouting connection-mark="Con Oversea" action=mark-packet \
    new-packet-mark="Oversea traffic" passthrough=no comment="Mark-packet \
    Oversea Traffic" disabled=no 
add chain=prerouting action=mark-packet new-packet-mark="Local Country Traffic" \
    passthrough=no comment="Mark-packet Local Country Traffic" disabled=no 

Simple Queue

Queue configuration is quite simple in the particular case. 192.168.100.254 is the local network host. First rule sets limit to Oversea traffic for the particular host. Respectively second simple queue set limit for Local country traffic.

/ queue simple
add name="Oversea" target-addresses=192.168.100.254/32 dst-address=0.0.0.0/0 \
    interface=all parent=none packet-marks="Oversea traffic" direction=both \
    priority=8 queue=default-small/default-small limit-at=0/0 \
    max-limit=256000/256000 total-queue=default-small disabled=no
add name="Local Country" target-addresses=192.168.100.254/32 dst-address=0.0.0.0/0 \
    interface=all parent=none packet-marks="Local Country Traffic" direction=both \
    priority=8 queue=default-small/default-small limit-at=0/0 \
    max-limit=1024000/1024000 total-queue=default-small disabled=no