Traffic Priortization, RouterOS QoS Implemetation

From MikroTik Wiki
Revision as of 23:41, 17 February 2009 by Fatonk (talk | contribs)
Jump to: navigation, search

Bridge Setup

We have a Bridge:

/interface bridge
add name=ALLOT

With the Public and Local interfaces as ports:

/interface bridge port
add bridge=ALLOT interface=INTERNAL
add bridge=ALLOT interface=EXTERNAL

We want traffic to pass through RouterOS facilities so we can mangle it etc.

/interface bridge settings
set use-ip-firewall=yes

Address-List for most of the Youtube, Metacafe, Youporn, Redtube etc.

/ip firewall address-list
add address=208.117.224.0/24 comment="" disabled=no list=Youtube
add address=208.117.225.0/24 comment="" disabled=no list=Youtube
add address=208.117.228.0/24 comment="" disabled=no list=Youtube
add address=208.117.229.0/24 comment="" disabled=no list=Youtube
add address=208.117.232.0/24 comment="" disabled=no list=Youtube
add address=208.117.233.0/24 comment="" disabled=no list=Youtube
add address=208.117.234.0/24 comment="" disabled=no list=Youtube
add address=208.117.238.0/24 comment="" disabled=no list=Youtube
add address=208.65.152.0/24 comment="" disabled=no list=Youtube
add address=208.65.153.0/24 comment="" disabled=no list=Youtube
add address=208.65.154.0/24 comment="" disabled=no list=Youtube
add address=64.15.112.0/20 comment="" disabled=no list=Youtube
add address=208.117.236.0/24 comment="" disabled=no list=Youtube
add address=74.125.96.0/19 comment="" disabled=no list=Youtube
add address=72.14.221.0/24 comment="" disabled=no list=Youtube
add address=84.53.128.0/18 comment=Redtube disabled=no list=Youtube
add address=87.248.192.0/19 comment=Youporn disabled=no list=Youtube
add address=216.155.128.0/19 comment=Redtube disabled=no list=Youtube
add address=208.73.208.0/21 comment=Redtube disabled=no list=Youtube
add address=66.55.140.0/23 comment=Redtube disabled=no list=Youtube
add address=74.125.208.0/24 comment="" disabled=no list=Youtube 

== Mangle Setup ==
'''Here we mark the packets for the different traffic:'''
<pre>
/ip firewall mangle
add action=mark-packet chain=forward new-packet-mark=icmp passthrough=no protocol=icmp
add action=mark-packet chain=forward dst-port=443 new-packet-mark=ssl passthrough=no protocol=tcp
add action=mark-packet chain=forward new-packet-mark=p2p p2p=all-p2p passthrough=no
add action=mark-packet chain=forward new-packet-mark=udp-100 packet-size=0-100 passthrough=no protocol=udp
add action=mark-packet chain=forward new-packet-mark=upd-500 packet-size=100-500 passthrough=no protocol=udp
add action=mark-packet chain=forward new-packet-mark=upd-other passthrough=no protocol=udp
add action=mark-packet chain=forward dst-port=1863 new-packet-mark=msn-messenger passthrough=no protocol=tcp
add action=mark-packet chain=forward dst-port=110 new-packet-mark=pop3 passthrough=no protocol=tcp
add action=mark-packet chain=forward dst-port=25 new-packet-mark=smtp passthrough=no protocol=tcp
add action=mark-packet chain=forward dst-port=143 new-packet-mark=imap passthrough=no protocol=tcp
add action=mark-packet chain=forward new-packet-mark=gre passthrough=no protocol=gre
add action=mark-packet chain=forward new-packet-mark=ipsec-esp passthrough=no protocol=ipsec-esp
add action=mark-packet chain=forward new-packet-mark=ipsec-ah passthrough=no protocol=ipsec-ah
add action=mark-packet chain=forward new-packet-mark=ipencap passthrough=no protocol=ipencap
add action=mark-packet chain=forward new-packet-mark=ipip passthrough=no protocol=ipip
add action=mark-packet chain=forward new-packet-mark=Youtube passthrough=no src-address-list=Youtube
add action=mark-packet chain=forward dst-port=80 new-packet-mark=http passthrough=no protocol=tcp
add action=mark-packet chain=forward connection-bytes=1-512000 new-packet-mark=0bytes passthrough=yes
add action=mark-packet chain=forward connection-bytes=512000-1000000 new-packet-mark=1Mbyte passthrough=yes
add action=mark-packet chain=forward connection-bytes=1000000-3000000 new-packet-mark=3Mbyte passthrough=yes
add action=mark-packet chain=forward connection-bytes=3000000-6000000 new-packet-mark=6Mbyte passthrough=yes
add action=mark-packet chain=forward connection-bytes=6000000-30000000 new-packet-mark=30Mbyte passthrough=yes
add action=mark-packet chain=forward connection-bytes=30000000-60000000 new-packet-mark=60Mbytes passthrough=yes
add action=mark-packet chain=forward connection-bytes=60000000-0 new-packet-mark=Infinite passthrough=yes

Queue Type =

PCQ will be used only for Youtube and other web video

/queue type
add kind=pcq name=Youtube_down pcq-classifier=src-port,dst-port pcq-limit=50
pcq-rate=400000 pcq-total-limit=2000


== Queue Tree ==
'''This is the Queue Tree that manages the marked packets.'''
<pre>
/queue tree
add limit-at=550000000 max-limit=550000000 name=OVERALL parent=INTERNAL priority=5 queue=default
add limit-at=0 max-limit=0 name=PRIO1 parent=OVERALL priority=1 queue=default
add limit-at=0 max-limit=0 name=PRIO3 parent=OVERALL priority=3 queue=default
add limit-at=0 max-limit=0 name=PRIO5 parent=OVERALL priority=5 queue=default
add limit-at=0 max-limit=0 name=PRIO7 parent=OVERALL priority=7 queue=default
add limit-at=0 max-limit=0 name=PRIO8 parent=OVERALL priority=8 queue=default
add limit-at=0 max-limit=0 name=UDP parent=OVERALL priority=1 queue=default
add limit-at=0 max-limit=0 name=Youtube packet-mark=Youtube parent=PRIO7 priority=7 queue= Youtube_down
add limit-at=0 max-limit=0 name=PRIO6 parent=OVERALL priority=6 queue=default
add limit-at=0 max-limit=0 name=30Mbyte packet-mark=30Mbyte parent=PRIO6 priority=6 queue=default
add disabled=yes limit-at=22000000 max-limit=22000000 name=PRIO8-19h parent=INTERNAL priority=3 queue=default
add limit-at=0 max-limit=0 name=Infinite-19h packet-mark=Infinite parent=PRIO8-19h priority=8 queue=default
add limit-at=0 max-limit=0 name=P2P-19h packet-mark=p2p parent=PRIO8-19h priority=8 queue=default
add limit-at=0 max-limit=0 name=GRE-19h packet-mark=gre parent=PRIO8-19h priority=8 queue=default
add limit-at=0 max-limit=0 name=IPENCAP-19h packet-mark=ipencap parent=PRIO8-19h priority=8 queue= default
add limit-at=0 max-limit=0 name=IPIP-19h packet-mark=ipip parent=PRIO8-19h priority=8 queue=default
add limit-at=0 max-limit=0 name=IPSEC-AH-19h packet-mark=ipsec-ah parent=PRIO8-19h priority=8 queue=default
add limit-at=0 max-limit=0 name=IPSEC-ESP-19h packet-mark=ipsec-esp parent=PRIO8-19h priority=8 queue=default
add limit-at=0 max-limit=0 name=PRIO4 parent=OVERALL priority=4 queue=default
add limit-at=0 max-limit=0 name=60Mbyte packet-mark=60Mbytes parent=PRIO7 priority=7 queue=default
add limit-at=0 max-limit=0 name=IPKO80 packet-mark=ipko180packet parent=PRIO1 priority=1 queue= default
add limit-at=0 max-limit=0 name=HTTP packet-mark=http parent=PRIO1 priority=1 queue=default
add limit-at=0 max-limit=0 name=SSL packet-mark=ssl parent=PRIO1 priority=1 queue=default
add limit-at=0 max-limit=0 name=UDP-100 packet-mark=udp-100 parent=UDP priority=1 queue=default
add limit-at=0 max-limit=0 name=ICMP packet-mark=icmp parent=PRIO1 priority=1 queue=default
add limit-at=0 max-limit=0 name=POP3 packet-mark=pop3 parent=PRIO1 priority=1 queue=default
add limit-at=0 max-limit=0 name=SMTP packet-mark=smtp parent=PRIO1 priority=1 queue=default
add limit-at=0 max-limit=0 name=IMAP packet-mark=imap parent=PRIO1 priority=1 queue=default
add limit-at=0 max-limit=0 name=0-512 packet-mark=0bytes parent=PRIO1 priority=1 queue=default
add limit-at=0 max-limit=0 name=1Mbyte packet-mark=1Mbyte parent=PRIO3 priority=3 queue=default
add limit-at=0 max-limit=0 name=3Mbyte packet-mark=3Mbyte parent=PRIO4 priority=4 queue=default
add limit-at=0 max-limit=0 name=6Mbyte packet-mark=6Mbyte parent=PRIO5 priority=5 queue=default
add limit-at=0 max-limit=0 name=Infinite packet-mark=Infinite parent=PRIO8 priority=8 queue=default
add limit-at=0 max-limit=0 name=MSN-MESSENGER packet-mark=msn-messenger parent=PRIO1 priority=1 queue=default
add limit-at=0 max-limit=0 name=GRE packet-mark=gre parent=PRIO8 priority=8 queue=default
add limit-at=0 max-limit=0 name=IPSEC-ESP packet-mark=ipsec-esp parent=PRIO8 priority=8 queue= default
add limit-at=0 max-limit=0 name=IPSEC-AH packet-mark=ipsec-ah parent=PRIO8 priority=8 queue=default
add limit-at=0 max-limit=0 name=P2P packet-mark=p2p parent=PRIO8 priority=8 queue=default
add limit-at=0 max-limit=0 name=IPENCAP packet-mark=ipencap parent=PRIO8 priority=8 queue=default
add limit-at=0 max-limit=0 name=IPIP packet-mark=ipip parent=PRIO8 priority=8 queue=default
add limit-at=0 max-limit=0 name=UDP-500 packet-mark=upd-500 parent=UDP priority=3 queue=default
add limit-at=0 max-limit=0 name=UDP-Other packet-mark=upd-other parent=UDP priority=8 queue=default

Scripts for changing Quee Tree at different times of day

We have some very useful scripts that change the Queue Tree at different times of the day:

/system script
add name=Day source="/queue tree enable PRIO8; /queue tree disable PRIO8-19h; /system scheduler disable Night; /system scheduler disable Overall-Night"
add name=Night source=":global checkrate [/queue tree get PRIO8 rate]\r\ \n:local rate 20000000\r\ \n\r\ \n:if  ( \$checkrate < \$rate ) do={\r\ \n     /queue tree enable PRIO8-19h; /queue tree disable PRIO8\r\ \n}\r\ \n\r\ \n:if  ( \$checkrate > \$rate ) do={\r\ \n     /queue tree enable PRIO8; /queue tree disable PRIO8-19h\r\ \n}"
add name=Enable-Night source= "system scheduler enable Night; /system scheduler enable Overall-Night"
add name=Overall-Night source=":global checkrate [/queue tree get OVERALL rate]\r\ \n:local rate 510000000\r\ \n\r\ \n:if  ( \$checkrate < \$rate ) do={\r\ \n     /queue tree enable PRIO8; /queue tree disable PRIO8-19h\r\ \n}\r\ \n"

And the schedules that activate the scripts:

/system scheduler
add interval=1d name=Day on-event=Day start-time=01:00:00
add disabled=yes interval=15m name=Night on-event=Night start-time=19:00:00
add interval=1d name=Enable-Night on-event=Enable-Night start-time=18:55:00
add disabled=yes interval=15m name=Overall-Night on-event=Overall-Night start-time=19:10:00