Difference between revisions of "Queue Tree with more than two interfaces"

From MikroTik Wiki
Jump to: navigation, search
 
m (Mangle Setup: Fix spelling)
 
(14 intermediate revisions by 5 users not shown)
Line 1: Line 1:
 
== Basic Setup==
 
== Basic Setup==
This page will tak about how to make QUEUE TREE in RouterOS that with Masquerading for more than two interfaces.
+
This page will talk about how to make QUEUE TREE in RouterOS that with Masquerading for more than two interfaces. It's for sharing internet connection among users on each interfaces.
In manual this possibility isn't writted
+
In manual this possibility isn't written.
 +
 
 +
----
  
 
First, let's set the basic setting first. I'm using a machine with 3 or more network interfaces:
 
First, let's set the basic setting first. I'm using a machine with 3 or more network interfaces:
  
  admin@instaler] > in pr
+
  [admin@instaler] > in pr
 
  #    NAME      TYPE    RX-RATE    TX-RATE    MTU   
 
  #    NAME      TYPE    RX-RATE    TX-RATE    MTU   
 
  0  R public    ether  0          0          1500  
 
  0  R public    ether  0          0          1500  
  1  R lan        wlan    0          0          1500
+
  1  R wifi1      wlan    0          0          1500
 +
2  R wifi2      wlan    0          0          1500
 +
3  R wifi3      wlan    0          0          1500
  
And this is the IP Address for each interface:
+
And this is the IP Addresses for each interface:
  
 
  [admin@instaler] > ip ad pr
 
  [admin@instaler] > ip ad pr
 
  Flags: X - disabled, I - invalid, D - dynamic  
 
  Flags: X - disabled, I - invalid, D - dynamic  
 
  #  ADDRESS          NETWORK      BROADCAST      INTERFACE
 
  #  ADDRESS          NETWORK      BROADCAST      INTERFACE
  0  192.168.0.217/24  192.168.0.0  192.168.0.255 public 
+
  0  10.20.1.0/24     10.20.1.0    10.20.1.255    public 
  1 172.21.1.1/24     172.21.1.0   172.21.1.255   lan
+
1 10.10.2.0/24      10.10.2.0   10.10.2.255    wifi1
 +
2 10.10.3.0/24      10.10.3.0   10.10.3.255   wifi2
 +
  3 10.10.4.0/24     10.10.4.0   10.10.4.255   wifi3
  
Don't forget to set the transparant web-proxy
+
On the public you can add NAT or proxy if you want.
 
 
[admin@instaler] > ip web-proxy pr
 
                enabled: yes
 
            src-address: 0.0.0.0
 
                    port: 3128
 
                hostname: "proxy"
 
      transparent-proxy: yes
 
            parent-proxy: 0.0.0.0:0
 
    cache-administrator: "webmaster"
 
        max-object-size: 4096KiB
 
            cache-drive: system
 
          max-cache-size: none
 
      max-ram-cache-size: unlimited
 
                  status: running
 
      reserved-for-cache: 0KiB
 
  reserved-for-ram-cache: 154624KiB
 
 
 
==Firewall NAT==
 
Make 2 NAT rules, 1 for Masquerading, and the other for redirecting transparant proxy.
 
 
 
[admin@instaler] ip firewall nat> pr
 
Flags: X - disabled, I - invalid, D - dynamic
 
0  chain=srcnat out-interface=public
 
    src-address=172.21.1.0/24 action=masquerade
 
1  chain=dstnat in-interface=lan src-address=172.21.1.0/24
 
    protocol=tcp dst-port=80 action=redirect to-ports=3128
 
  
 
==Mangle Setup==
 
==Mangle Setup==
Line 50: Line 30:
 
And now is the most important part in this case.
 
And now is the most important part in this case.
  
As we will make Queue for uplink and downlink traffic, we need 2 packet-mark. In this example, we use "test-up" for uplink traffic, and "test-down" for downlink traffic.
+
We need to mark our users. One connection for upload and second for download. In this example I add mangle for one user. At the end I add mangle for local transmission because I don't QoS local traffic among users. But for user I need to separate upload and download.
 
+
For uplink traffic, it's quite simple. We need only one rule, using SRC-ADDRESS and IN-INTERFACE parameters, and using PREROUTING chain. Rule number #0.
+
  [admin@instaler] ip firewall mangle> print
 
 
But for downlink, we have to make sevaral rules. As we use masquerading, we need Connection Mark, named as "test-conn". Rule no #1.
 
 
 
Then we have to make 2 more rules. First rule is for non-HTTP connection / direct connection. We use chain forward, as the data traveling through the router. Rule no #2.
 
 
 
The second rule is for data coming from web-proxy to the client. We use OUTPUT chain, as the data coming from internal process in the router itself. Rule no #3.
 
 
 
For both rules (no #2 and #3) we named it "test-down".
 
 
 
Please be aware, we use passthrough only for connection mark (rule no #1).
 
 
 
  [admin@instaler] > ip firewall mangle print
 
 
  Flags: X - disabled, I - invalid, D - dynamic  
 
  Flags: X - disabled, I - invalid, D - dynamic  
  0   ;;; UP TRAFFIC
+
    disabled=no
    chain=prerouting in-interface=lan
+
  0 chain=forward src-address=10.10.2.36 action=mark-connection \
    src-address=172.21.1.0/24 action=mark-packet
+
    new-connection-mark=users-userU passthrough=yes comment="" disabled=no  
    new-packet-mark=test-up passthrough=no  
+
  1 chain=forward dst-address=10.10.2.36 action=mark-connection \
+
    new-connection-mark=users-userD passthrough=yes comment="" disabled=no
  1   ;;; CONN-MARK
+
  2 chain=forward connection-mark=users-userU action=mark-packet \
    chain=forward src-address=172.21.1.0/24
+
    new-packet-mark=userU passthrough=yes comment="" disabled=no  
    action=mark-connection  
+
  3 chain=forward connection-mark=users-userD action=mark-packet \
    new-connection-mark=test-conn passthrough=yes  
+
    new-packet-mark=userD passthrough=yes comment="" disabled=no  
 
  2   ;;; DOWN-DIRECT CONNECTION
 
    chain=forward in-interface=public
 
    connection-mark=test-conn action=mark-packet  
 
    new-packet-mark=test-down passthrough=no  
 
 
  3   ;;; DOWN-VIA PROXY
 
    chain=output out-interface=lan
 
    dst-address=172.21.1.0/24 action=mark-packet  
 
    new-packet-mark=test-down passthrough=no
 
  
 +
98  chain=forward src-address=10.10.0.0/16 dst-address=10.10.0.0/16
 +
    action=mark-connection new-connection-mark=users-lokal passthrough=yes
 +
99  chain=forward connection-mark=users-lokal action=mark-packet
 +
    new-packet-mark=lokalTrafic passthrough=yes
  
 
==Queue Tree Setup==
 
==Queue Tree Setup==
And now, the queue tree setting. We need one rule for downlink and one rule for uplink. Be careful when choosing the parent. for downlink traffic, we use parent "lan", the interface name for local network. And for uplink, we are using parent "global-in".
+
And now, the queue tree setting. We need one rule for downlink and one rule for uplink. Be careful when choosing the parent. for downlink traffic, we use parent "global-out", because we have two or more downloading interfaces. And for uplink, we are using parent "public", we want QoS uplink traffic. (I'm using pcq-up and download from manual) This example is for 2Mb/1Mb
  
 
  [admin@instaler] > queue tree pr
 
  [admin@instaler] > queue tree pr
 
  Flags: X - disabled, I - invalid  
 
  Flags: X - disabled, I - invalid  
  0  name="downstream" parent=lan packet-mark=test-down
+
  0  name="Download" parent=global-out packet-mark="" limit-at=0
    limit-at=32000 queue=default priority=8
+
    queue=pcq-download priority=1 max-limit=2000000 burst-limit=0  
    max-limit=32000 burst-limit=0  
 
 
     burst-threshold=0 burst-time=0s  
 
     burst-threshold=0 burst-time=0s  
 
1  name="upstream" parent=global-in
 
    packet-mark=test-up limit-at=32000
 
    queue=default priority=8
 
    max-limit=32000 burst-limit=0
 
    burst-threshold=0 burst-time=0s
 
  
You can use those mangle also with PCQ.
+
1  name="Upload" parent=WGW packet-mark="" limit-at=0 queue=pcq-upload
 +
    priority=1 max-limit=1000000 burst-limit=0 burst-threshold=0
 +
    burst-time=0s
 +
 
 +
Now we add our user:
  
Any question, you can contact me at : info(at)mikrotik(dot)co(dot)id
+
2  name="user10D" parent=Download packet-mark=userD limit-at=0
 +
    queue=pcq-download priority=5 max-limit=0 burst-limit=0
 +
    burst-threshold=0 burst-time=0s
  
Valens Riyadi
+
3  name="user10U" parent=Upload packet-mark=userU limit-at=0
 +
    queue=pcq-upload priority=5 max-limit=0 burst-limit=0 burst-threshold=0
 +
    burst-time=0s
 +
[[Category:QoS]]

Latest revision as of 16:41, 2 September 2010

Basic Setup

This page will talk about how to make QUEUE TREE in RouterOS that with Masquerading for more than two interfaces. It's for sharing internet connection among users on each interfaces. In manual this possibility isn't written.


First, let's set the basic setting first. I'm using a machine with 3 or more network interfaces:

[admin@instaler] > in pr
#    NAME       TYPE    RX-RATE    TX-RATE    MTU  
0  R public     ether   0          0          1500 
1  R wifi1      wlan    0          0          1500
2  R wifi2      wlan    0          0          1500
3  R wifi3      wlan    0          0          1500

And this is the IP Addresses for each interface:

[admin@instaler] > ip ad pr
Flags: X - disabled, I - invalid, D - dynamic 
#  ADDRESS           NETWORK      BROADCAST      INTERFACE
0  10.20.1.0/24      10.20.1.0    10.20.1.255    public   
1  10.10.2.0/24      10.10.2.0    10.10.2.255    wifi1
2  10.10.3.0/24      10.10.3.0    10.10.3.255    wifi2
3  10.10.4.0/24      10.10.4.0    10.10.4.255    wifi3

On the public you can add NAT or proxy if you want.

Mangle Setup

And now is the most important part in this case.

We need to mark our users. One connection for upload and second for download. In this example I add mangle for one user. At the end I add mangle for local transmission because I don't QoS local traffic among users. But for user I need to separate upload and download.

[admin@instaler] ip firewall mangle> print
Flags: X - disabled, I - invalid, D - dynamic 
    disabled=no 
0 chain=forward src-address=10.10.2.36 action=mark-connection \
   new-connection-mark=users-userU passthrough=yes comment="" disabled=no 
1 chain=forward dst-address=10.10.2.36 action=mark-connection \
   new-connection-mark=users-userD passthrough=yes comment="" disabled=no 
2 chain=forward connection-mark=users-userU action=mark-packet \
   new-packet-mark=userU passthrough=yes comment="" disabled=no 
3 chain=forward connection-mark=users-userD action=mark-packet \
   new-packet-mark=userD passthrough=yes comment="" disabled=no 
98  chain=forward src-address=10.10.0.0/16 dst-address=10.10.0.0/16 
    action=mark-connection new-connection-mark=users-lokal passthrough=yes 
99  chain=forward connection-mark=users-lokal action=mark-packet 
    new-packet-mark=lokalTrafic passthrough=yes

Queue Tree Setup

And now, the queue tree setting. We need one rule for downlink and one rule for uplink. Be careful when choosing the parent. for downlink traffic, we use parent "global-out", because we have two or more downloading interfaces. And for uplink, we are using parent "public", we want QoS uplink traffic. (I'm using pcq-up and download from manual) This example is for 2Mb/1Mb

[admin@instaler] > queue tree pr
Flags: X - disabled, I - invalid 
0   name="Download" parent=global-out packet-mark="" limit-at=0 
    queue=pcq-download priority=1 max-limit=2000000 burst-limit=0 
    burst-threshold=0 burst-time=0s 
1   name="Upload" parent=WGW packet-mark="" limit-at=0 queue=pcq-upload 
    priority=1 max-limit=1000000 burst-limit=0 burst-threshold=0 
    burst-time=0s 

Now we add our user:

2   name="user10D" parent=Download packet-mark=userD limit-at=0 
    queue=pcq-download priority=5 max-limit=0 burst-limit=0 
    burst-threshold=0 burst-time=0s 
3   name="user10U" parent=Upload packet-mark=userU limit-at=0 
    queue=pcq-upload priority=5 max-limit=0 burst-limit=0 burst-threshold=0 
    burst-time=0s