Traffic Priortization, RouterOS QoS Implemetation

From MikroTik Wiki
Revision as of 18:49, 17 February 2009 by NetworkPro (talk | contribs)
Jump to: navigation, search

Bridge Setup

We have a Bridge: 

/interface bridge
add name=ALLOT

With the Public and Local interfaces as ports: 

/interface bridge port
add bridge=ALLOT interface=INTERNAL
add bridge=ALLOT interface=EXTERNAL

We want traffic to pass through RouterOS facilities so we can mangle it etc. 

/interface bridge settings
set use-ip-firewall=yes

Mangle Setup

Here we mark the packets for the different traffic: 

/ip firewall mangle
add action=mark-packet chain=forward new-packet-mark=icmp passthrough=no protocol=icmp
add action=mark-packet chain=forward dst-port=443 new-packet-mark=ssl passthrough=no protocol=tcp
add action=mark-packet chain=forward new-packet-mark=p2p p2p=all-p2p passthrough=no
add action=mark-packet chain=forward new-packet-mark=udp-100 packet-size=0-100 passthrough=no protocol=udp
add action=mark-packet chain=forward new-packet-mark=upd-500 packet-size=100-500 passthrough=no protocol=udp
add action=mark-packet chain=forward new-packet-mark=upd-other passthrough=no protocol=udp
add action=mark-packet chain=forward dst-port=1863 new-packet-mark=msn-messenger passthrough=no protocol=tcp
add action=mark-packet chain=forward dst-port=110 new-packet-mark=pop3 passthrough=no protocol=tcp
add action=mark-packet chain=forward dst-port=25 new-packet-mark=smtp passthrough=no protocol=tcp
add action=mark-packet chain=forward dst-port=143 new-packet-mark=imap passthrough=no protocol=tcp
add action=mark-packet chain=forward new-packet-mark=gre passthrough=no protocol=gre
add action=mark-packet chain=forward new-packet-mark=ipsec-esp passthrough=no protocol=ipsec-esp
add action=mark-packet chain=forward new-packet-mark=ipsec-ah passthrough=no protocol=ipsec-ah
add action=mark-packet chain=forward new-packet-mark=ipencap passthrough=no protocol=ipencap
add action=mark-packet chain=forward new-packet-mark=ipip passthrough=no protocol=ipip
add action=mark-packet chain=forward new-packet-mark=Youtube passthrough=no src-address-list=Youtube
add action=mark-packet chain=forward dst-port=80 new-packet-mark=http passthrough=no protocol=tcp
add action=mark-packet chain=forward connection-bytes=1-512000 new-packet-mark=0bytes passthrough=yes
add action=mark-packet chain=forward connection-bytes=512000-1000000 new-packet-mark=1Mbyte passthrough=yes
add action=mark-packet chain=forward connection-bytes=1000000-3000000 new-packet-mark=3Mbyte passthrough=yes
add action=mark-packet chain=forward connection-bytes=3000000-6000000 new-packet-mark=6Mbyte passthrough=yes
add action=mark-packet chain=forward connection-bytes=6000000-30000000 new-packet-mark=30Mbyte passthrough=yes
add action=mark-packet chain=forward connection-bytes=30000000-60000000 new-packet-mark=60Mbytes passthrough=yes
add action=mark-packet chain=forward connection-bytes=60000000-0 new-packet-mark=Infinite passthrough=yes

Queue Tree

This is the Queue Tree that manages the marked packets. 

/queue tree
add limit-at=550000000 max-limit=550000000 name=OVERALL parent=INTERNAL priority=5 queue=default
add limit-at=0 max-limit=0 name=PRIO1 parent=OVERALL priority=1 queue=default
add limit-at=0 max-limit=0 name=PRIO3 parent=OVERALL priority=3 queue=default
add limit-at=0 max-limit=0 name=PRIO5 parent=OVERALL priority=5 queue=default
add limit-at=0 max-limit=0 name=PRIO7 parent=OVERALL priority=7 queue=default
add limit-at=0 max-limit=0 name=PRIO8 parent=OVERALL priority=8 queue=default
add limit-at=0 max-limit=0 name=UDP parent=OVERALL priority=1 queue=default
add limit-at=0 max-limit=0 name=Youtube packet-mark=Youtube parent=PRIO7 priority=7 queue= Youtube_down
add limit-at=0 max-limit=0 name=PRIO6 parent=OVERALL priority=6 queue=default
add limit-at=0 max-limit=0 name=30Mbyte packet-mark=30Mbyte parent=PRIO6 priority=6 queue=default
add disabled=yes limit-at=22000000 max-limit=22000000 name=PRIO8-19h parent=INTERNAL priority=3 queue=default
add limit-at=0 max-limit=0 name=Infinite-19h packet-mark=Infinite parent=PRIO8-19h priority=8 queue=default
add limit-at=0 max-limit=0 name=P2P-19h packet-mark=p2p parent=PRIO8-19h priority=8 queue=default
add limit-at=0 max-limit=0 name=GRE-19h packet-mark=gre parent=PRIO8-19h priority=8 queue=default
add limit-at=0 max-limit=0 name=IPENCAP-19h packet-mark=ipencap parent=PRIO8-19h priority=8 queue= default
add limit-at=0 max-limit=0 name=IPIP-19h packet-mark=ipip parent=PRIO8-19h priority=8 queue=default
add limit-at=0 max-limit=0 name=IPSEC-AH-19h packet-mark=ipsec-ah parent=PRIO8-19h priority=8 queue=default
add limit-at=0 max-limit=0 name=IPSEC-ESP-19h packet-mark=ipsec-esp parent=PRIO8-19h priority=8 queue=default
add limit-at=0 max-limit=0 name=PRIO4 parent=OVERALL priority=4 queue=default
add limit-at=0 max-limit=0 name=60Mbyte packet-mark=60Mbytes parent=PRIO7 priority=7 queue=default
add limit-at=0 max-limit=0 name=IPKO80 packet-mark=ipko180packet parent=PRIO1 priority=1 queue= default
add limit-at=0 max-limit=0 name=HTTP packet-mark=http parent=PRIO1 priority=1 queue=default
add limit-at=0 max-limit=0 name=SSL packet-mark=ssl parent=PRIO1 priority=1 queue=default
add limit-at=0 max-limit=0 name=UDP-100 packet-mark=udp-100 parent=UDP priority=1 queue=default
add limit-at=0 max-limit=0 name=ICMP packet-mark=icmp parent=PRIO1 priority=1 queue=default
add limit-at=0 max-limit=0 name=POP3 packet-mark=pop3 parent=PRIO1 priority=1 queue=default
add limit-at=0 max-limit=0 name=SMTP packet-mark=smtp parent=PRIO1 priority=1 queue=default
add limit-at=0 max-limit=0 name=IMAP packet-mark=imap parent=PRIO1 priority=1 queue=default
add limit-at=0 max-limit=0 name=0-512 packet-mark=0bytes parent=PRIO1 priority=1 queue=default
add limit-at=0 max-limit=0 name=1Mbyte packet-mark=1Mbyte parent=PRIO3 priority=3 queue=default
add limit-at=0 max-limit=0 name=3Mbyte packet-mark=3Mbyte parent=PRIO4 priority=4 queue=default
add limit-at=0 max-limit=0 name=6Mbyte packet-mark=6Mbyte parent=PRIO5 priority=5 queue=default
add limit-at=0 max-limit=0 name=Infinite packet-mark=Infinite parent=PRIO8 priority=8 queue=default
add limit-at=0 max-limit=0 name=MSN-MESSENGER packet-mark=msn-messenger parent=PRIO1 priority=1 queue=default
add limit-at=0 max-limit=0 name=GRE packet-mark=gre parent=PRIO8 priority=8 queue=default
add limit-at=0 max-limit=0 name=IPSEC-ESP packet-mark=ipsec-esp parent=PRIO8 priority=8 queue= default
add limit-at=0 max-limit=0 name=IPSEC-AH packet-mark=ipsec-ah parent=PRIO8 priority=8 queue=default
add limit-at=0 max-limit=0 name=P2P packet-mark=p2p parent=PRIO8 priority=8 queue=default
add limit-at=0 max-limit=0 name=IPENCAP packet-mark=ipencap parent=PRIO8 priority=8 queue=default
add limit-at=0 max-limit=0 name=IPIP packet-mark=ipip parent=PRIO8 priority=8 queue=default
add limit-at=0 max-limit=0 name=UDP-500 packet-mark=upd-500 parent=UDP priority=3 queue=default
add limit-at=0 max-limit=0 name=UDP-Other packet-mark=upd-other parent=UDP priority=8 queue=default

Scripts for changing Quee Tree at different times of day

We have some very useful scripts that change the Queue Tree at different times of the day: 

/system script
add name=Day source="/queue tree enable PRIO8; /queue tree disable PRIO8-19h; /system scheduler disable Night; /system scheduler disable Overall-Night"
add name=Night source=":global checkrate [/queue tree get PRIO8 rate]\r\ \n:local rate 20000000\r\ \n\r\ \n:if  ( \$checkrate < \$rate ) do={\r\ \n     /queue tree enable PRIO8-19h; /queue tree disable PRIO8\r\ \n}\r\ \n\r\ \n:if  ( \$checkrate > \$rate ) do={\r\ \n     /queue tree enable PRIO8; /queue tree disable PRIO8-19h\r\ \n}"
add name=Enable-Night source= "system scheduler enable Night; /system scheduler enable Overall-Night"
add name=Overall-Night source=":global checkrate [/queue tree get OVERALL rate]\r\ \n:local rate 510000000\r\ \n\r\ \n:if  ( \$checkrate < \$rate ) do={\r\ \n     /queue tree enable PRIO8; /queue tree disable PRIO8-19h\r\ \n}\r\ \n"

And the schedules that activate the scripts: 

/system scheduler
add interval=1d name=Day on-event=Day start-time=01:00:00
add disabled=yes interval=15m name=Night on-event=Night start-time=19:00:00
add interval=1d name=Enable-Night on-event=Enable-Night start-time=18:55:00
add disabled=yes interval=15m name=Overall-Night on-event=Overall-Night start-time=19:10:00
Retrieved from "https://wiki.mikrotik.com/index.php?title=Traffic_Priortization,_RouterOS_QoS_Implemetation&oldid=10937"