Manual:NTH in RouterOS: Difference between revisions

From MikroTik Wiki
Jump to navigation Jump to search
(New page: =NTH in RouterOS 3.x= In v3.0 it is a little different implementation of NTH. It has only two parameters 'every' and 'packet'. ==How it works in v3.0== Every rule has its own counter. Wh...)
 
No edit summary
Line 1: Line 1:
=NTH in RouterOS 3.x=
In v3.0 it is a little different implementation of NTH. It has only two parameters 'every' and 'packet'.
In v3.0 it is a little different implementation of NTH. It has only two parameters 'every' and 'packet'.


==How it works in v3.0==
==How it works in v3.0==
Every rule has its own counter. When rule receives packet counter for current rule is increased by one. If counter matches value of 'every' packet will be matched and counter will be set to zero. It means that passthrough option must be enabled, so that NTH matcher will be able to see all packets even if they are already matched by previous rules.
Every rule has its own counter. When rule receives packet counter for current rule is increased by one. If counter matches value of 'every' packet will be matched and counter will be set to zero.


If passthrough is not set then packets will be marked as follows:
If passthrough is not set then packets will be marked as follows:
Line 17: Line 15:
</pre>
</pre>


If more than one rule is needed, then passthrough should be set so that following rules can see all packets.
If more than one rule is needed, then there are two ways to match packets:
* first rule sees all packets and matches 1/3 of all, second rule sees 2/3 of packets and matches 1/2, third rule sees and matches all packets that passed through first two rules ( 1/3 of all packets ).
<pre>
/ip firewall mangle
add action=mark-packet chain=prerouting new-packet-mark=AAA nth=3,1 passthrough=no;
add action=mark-packet chain=prerouting new-packet-mark=BBB nth=2,1 passthrough=no;
add action=mark-packet chain=prerouting new-packet-mark=CCC ;
</pre>
 
* all rules can see all packets and each rule matches every 3-rd packet.
<pre>
<pre>
/ip firewall mangle  
/ip firewall mangle  

Revision as of 08:16, 9 November 2007

In v3.0 it is a little different implementation of NTH. It has only two parameters 'every' and 'packet'.

How it works in v3.0

Every rule has its own counter. When rule receives packet counter for current rule is increased by one. If counter matches value of 'every' packet will be matched and counter will be set to zero.

If passthrough is not set then packets will be marked as follows:

  • first rule nth=2,1 rule will match every first packet of 2, hence, 50% of all the traffic that is matched by the rules
  • second rule if passthrough=no will match ONLY 25% of traffic because in 3.0 you need only one rule to catch traffic not like 2.9

Example

Now it is possible to match 50% of all traffic only with one rule:

/ip firewall mangle
add action=mark-packet chain=prerouting new-packet-mark=AAA nth=2,1;

If more than one rule is needed, then there are two ways to match packets:

  • first rule sees all packets and matches 1/3 of all, second rule sees 2/3 of packets and matches 1/2, third rule sees and matches all packets that passed through first two rules ( 1/3 of all packets ).
/ip firewall mangle 
add action=mark-packet chain=prerouting new-packet-mark=AAA nth=3,1 passthrough=no;
add action=mark-packet chain=prerouting new-packet-mark=BBB nth=2,1 passthrough=no;
add action=mark-packet chain=prerouting new-packet-mark=CCC ;
  • all rules can see all packets and each rule matches every 3-rd packet.
/ip firewall mangle 
add action=mark-packet chain=prerouting new-packet-mark=AAA nth=3,1 passthrough=yes;
add action=mark-packet chain=prerouting new-packet-mark=BBB nth=3,2 passthrough=yes;
add action=mark-packet chain=prerouting new-packet-mark=CCC nth=3,3 passthrough=yes;