Traffic Priortization, RouterOS QoS Implemetation

From MikroTik Wiki
Revision as of 10:41, 18 February 2009 by Fatonk (talk | contribs)
Jump to: navigation, search

This QoS setup will limit only the Download traffic, no rules are applied for Upload traffic since I didn't had any need for it, I'm not reaching upload limit. This shaper I have installed only for Residential users, who are limited at 550 Mbit/s of overall Bandwidth, what includes around 12000 users online with different rates limited 1 Mbit/s and 2 Mbit/s per user. The idea behind the scripts is for allowing different limits Day and Night, to give to the lowest priority to reach at least 22 Mbit/s after businesses hours, when buissnes clients do not use much bandwidth. For web video (youtube ...) 400 Kbit/s per user will e served using PCQ.

Bridge Setup

First, We create a bridge interface and name it as you like, I have named it ALLOT:

/interface bridge
add name=ALLOT

After that, assign ports to the bridge INTERNAL as a Local interface and EXTERNAL as Publc interface:

/interface bridge port
add bridge=ALLOT interface=INTERNAL
add bridge=ALLOT interface=EXTERNAL

Than the last thing about bridge is to enable ip firewall on it, so we can mangle.

/interface bridge settings
set use-ip-firewall=yes

For web video services, create Address-List for most of the Youtube, Metacafe, Youporn, Redtube etc.

/ip firewall address-list
add address=208.117.224.0/24 comment="" disabled=no list=Youtube
add address=208.117.225.0/24 comment="" disabled=no list=Youtube
add address=208.117.228.0/24 comment="" disabled=no list=Youtube
add address=208.117.229.0/24 comment="" disabled=no list=Youtube
add address=208.117.232.0/24 comment="" disabled=no list=Youtube
add address=208.117.233.0/24 comment="" disabled=no list=Youtube
add address=208.117.234.0/24 comment="" disabled=no list=Youtube
add address=208.117.238.0/24 comment="" disabled=no list=Youtube
add address=208.65.152.0/24 comment="" disabled=no list=Youtube
add address=208.65.153.0/24 comment="" disabled=no list=Youtube
add address=208.65.154.0/24 comment="" disabled=no list=Youtube
add address=64.15.112.0/20 comment="" disabled=no list=Youtube
add address=208.117.236.0/24 comment="" disabled=no list=Youtube
add address=74.125.96.0/19 comment="" disabled=no list=Youtube
add address=72.14.221.0/24 comment="" disabled=no list=Youtube
add address=84.53.128.0/18 comment=Redtube disabled=no list=Youtube
add address=87.248.192.0/19 comment=Youporn disabled=no list=Youtube
add address=216.155.128.0/19 comment=Redtube disabled=no list=Youtube
add address=208.73.208.0/21 comment=Redtube disabled=no list=Youtube
add address=66.55.140.0/23 comment=Redtube disabled=no list=Youtube
add address=74.125.208.0/24 comment="" disabled=no list=Youtube

Mangle Setup

Here we mark the packets for the different traffic, be carefull to keep this order:

/ip firewall mangle
add action=mark-packet chain=forward new-packet-mark=icmp passthrough=no protocol=icmp
add action=mark-packet chain=forward dst-port=443 new-packet-mark=ssl passthrough=no protocol=tcp
add action=mark-packet chain=forward new-packet-mark=p2p p2p=all-p2p passthrough=no
add action=mark-packet chain=forward new-packet-mark=udp-100 packet-size=0-100 passthrough=no protocol=udp
add action=mark-packet chain=forward new-packet-mark=upd-500 packet-size=100-500 passthrough=no protocol=udp
add action=mark-packet chain=forward new-packet-mark=upd-other passthrough=no protocol=udp
add action=mark-packet chain=forward dst-port=1863 new-packet-mark=msn-messenger passthrough=no protocol=tcp
add action=mark-packet chain=forward dst-port=110 new-packet-mark=pop3 passthrough=no protocol=tcp
add action=mark-packet chain=forward dst-port=25 new-packet-mark=smtp passthrough=no protocol=tcp
add action=mark-packet chain=forward dst-port=143 new-packet-mark=imap passthrough=no protocol=tcp
add action=mark-packet chain=forward new-packet-mark=gre passthrough=no protocol=gre
add action=mark-packet chain=forward new-packet-mark=ipsec-esp passthrough=no protocol=ipsec-esp
add action=mark-packet chain=forward new-packet-mark=ipsec-ah passthrough=no protocol=ipsec-ah
add action=mark-packet chain=forward new-packet-mark=ipencap passthrough=no protocol=ipencap
add action=mark-packet chain=forward new-packet-mark=ipip passthrough=no protocol=ipip
add action=mark-packet chain=forward new-packet-mark=Youtube passthrough=no src-address-list=Youtube
add action=mark-packet chain=forward dst-port=80 new-packet-mark=http passthrough=no protocol=tcp
add action=mark-packet chain=forward connection-bytes=1-512000 new-packet-mark=0bytes passthrough=yes
add action=mark-packet chain=forward connection-bytes=512000-1000000 new-packet-mark=1Mbyte passthrough=yes
add action=mark-packet chain=forward connection-bytes=1000000-3000000 new-packet-mark=3Mbyte passthrough=yes
add action=mark-packet chain=forward connection-bytes=3000000-6000000 new-packet-mark=6Mbyte passthrough=yes
add action=mark-packet chain=forward connection-bytes=6000000-30000000 new-packet-mark=30Mbyte passthrough=yes
add action=mark-packet chain=forward connection-bytes=30000000-60000000 new-packet-mark=60Mbytes passthrough=yes
add action=mark-packet chain=forward connection-bytes=60000000-0 new-packet-mark=Infinite passthrough=yes

Queue Type

PCQ will be used only for Youtube and other web video

/queue type
add kind=pcq name=Youtube_down pcq-classifier=src-port,dst-port pcq-limit=50
pcq-rate=400000 pcq-total-limit=2000


Queue Tree

This is the Queue Tree that manages the marked packets.

/queue tree
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=550000000 max-limit=550000000 name=OVERALL packet-mark="" 
parent=INTERNAL priority=5 queue=default
	add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=PRIO1 packet-mark="" parent=OVERALL priority=1 queue=default
		add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=0-512 packet-mark=0bytes parent=PRIO1 priority=1 queue=default
		add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=ICMP packet-mark=icmp parent=PRIO1 priority=1 queue=default
		add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=POP3 packet-mark=pop3 parent=PRIO1 priority=1 queue=default
		add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=SMTP packet-mark=smtp parent=PRIO1 priority=1 queue=default
		add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=IMAP packet-mark=imap parent=PRIO1 priority=1 queue=default
		add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=HTTP packet-mark=http parent=PRIO1 priority=1 queue=default
		add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=SSL packet-mark=ssl parent=PRIO1 priority=1 queue=default
		add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=MSN-MESSENGER packet-mark=msn-messenger parent=PRIO1 priority=1
		queue=default
	add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=PRIO3 packet-mark="" parent=OVERALL priority=3 queue=default
		add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=1Mbyte packet-mark=1Mbyte parent=PRIO3 priority=3
		queue=default
	add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=PRIO4 packet-mark="" parent=OVERALL priority=4 queue=default
		add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=3Mbyte packet-mark=3Mbyte parent=PRIO4 priority=4
		queue=default
	add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=PRIO5 packet-mark="" parent=OVERALL priority=5 queue=default
		add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=6Mbyte packet-mark=6Mbyte parent=PRIO5 priority=5
		queue=default	
	add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=PRIO6 packet-mark="" parent=OVERALL priority=6 queue=default
		add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=30Mbyte packet-mark=30Mbyte parent=PRIO6 priority=6 queue=default
	add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=PRIO7 packet-mark="" parent=OVERALL priority=7 queue=default
		add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=Youtube packet-mark=Youtube parent=PRIO7 priority=7 
		queue=Youtube_down
		add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=60Mbyte packet-mark=60Mbytes parent=PRIO7 priority=7
		queue=default
	add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=PRIO8 packet-mark="" parent=OVERALL priority=8 queue=default
		add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=Infinite packet-mark=Infinite parent=PRIO8 priority=8
		queue=default
		add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=GRE packet-mark=gre parent=PRIO8 priority=8
		queue=default
		add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=IPSEC-ESP packet-mark=ipsec-esp parent=PRIO8 priority=8
		queue=default
		add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=IPSEC-AH packet-mark=ipsec-ah parent=PRIO8 priority=8
		queue=default
		add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=P2P packet-mark=p2p parent=PRIO8 priority=8
		queue=default
		add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=IPENCAP packet-mark=ipencap parent=PRIO8 priority=8
		queue=default
		add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=IPIP packet-mark=ipip parent=PRIO8 priority=8
		queue=default
	add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=UDP packet-mark="" parent=OVERALL priority=1 queue=default
		add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=UDP-100 packet-mark=udp-100 parent=UDP priority=1
		queue=default
		add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=UDP-500 packet-mark=upd-500 parent=UDP priority=3
		queue=default
		add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=UDP-Other packet-mark=upd-other parent=UDP priority=8
		queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=yes limit-at=22000000 max-limit=22000000 name=PRIO8-19h packet-mark="" parent=INTERNAL priority=3
queue=default
	add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=Infinite-19h packet-mark=Infinite parent=PRIO8-19h priority=8
	queue=default
	add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=P2P-19h packet-mark=p2p parent=PRIO8-19h priority=8
	queue=default
	add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=GRE-19h packet-mark=gre parent=PRIO8-19h priority=8
	queue=default
	add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=IPENCAP-19h packet-mark=ipencap parent=PRIO8-19h priority=8
	queue=default
	add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=IPIP-19h packet-mark=ipip parent=PRIO8-19h priority=8
	queue=default
	add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=IPSEC-AH-19h packet-mark=ipsec-ah parent=PRIO8-19h priority=8
	queue=default
	add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=IPSEC-ESP-19h packet-mark=ipsec-esp parent=PRIO8-19h priority=8
	queue=default

Scripts for changing Queue Tree at different times of day

We have some very useful scripts that change the Queue Tree at different times of the day. At 19h it will start to check the average rate of PRIO8 Queue and if it's below 20 Mbit/s it will disable it and enable PRIO8-19h what will guarantee 22Mbit/s for that kind of traffic. The other script will check the average rate of the OVERALL Queue and if the rate is below 510 Mbit/s it will disable PRIO8-19h and enable PRIO8 since there will be more than 22 MBit/s available:

/system script
add name=Day source="/queue tree enable PRIO8; /queue tree disable PRIO8-19h; 
/system scheduler disable Night; /system scheduler disable Overall-Night"
add name=Night source=":global checkrate [/queue tree get PRIO8 rate]\r\ 
\n:local rate 20000000\r\ \n\r\ \n:if  ( \$checkrate < \$rate ) do={\r\ \n     
/queue tree enable PRIO8-19h; /queue tree disable PRIO8\r\ \n}\r\ \n\r\ 
\n:if  ( \$checkrate > \$rate ) do={\r\ \n     /queue tree enable PRIO8; 
/queue tree disable PRIO8-19h\r\ \n}"
add name=Enable-Night source= "system scheduler enable Night; 
/system scheduler enable Overall-Night"
add name=Overall-Night source=":global checkrate 
[/queue tree get OVERALL rate]\r\ \n:local rate 510000000\r\ \n\r\ \n:if  
( \$checkrate < \$rate ) do={\r\ \n     /queue tree enable PRIO8; 
/queue tree disable PRIO8-19h\r\ \n}\r\ \n"

And the schedules that activate the scripts:

/system scheduler
add interval=1d name=Day on-event=Day start-time=01:00:00
add disabled=yes interval=15m name=Night on-event=Night start-time=19:00:00
add interval=1d name=Enable-Night on-event=Enable-Night start-time=18:55:00
add disabled=yes interval=15m name=Overall-Night on-event=Overall-Night start-time=19:10:00