TransparentTrafficShaper

From MikroTik Wiki
Revision as of 02:51, 13 August 2007 by JbnUpa (talk | contribs)
Jump to: navigation, search

resina bicomponente dcr-hc40 sony york dvd stampante i do if for you oakley zero ducati personaggi publici close your eyes pesca tropea cartuccia x stampante canon whirlpool forno incasso ralph polo paulinarubio dvd verbatim 16 filtro hama camer high scores batterie videocamere samsung windsky requiem per un gringo foto troie mature nintendo game boy advance www napoletanagas it palm t5 kirrio apo 80-400mm f4 5-5 6 ex os titoli cd buoni o cattivi toto cotugno l italiano i-ninja anche su xbox il giusto e il bene ross libri last minute italien i want to be free offerte di lavoro aroma macchina digitale nikon 4600 centro quirurgico hotel vilnius web porno gratis organizzatore di eventi portoni industriali pvc taucher serr schede ati x850 vestiti dolce tv lcd philips 42 zuger see sql libri von savigny vista color frigorifero da incasso combinato gioco del dentista ja sam vlak dischi pesi www rya air it le lunghe navi www foto auto rally 2004 it psc 2175 quiero tenerte zion y lennox snow on the sahara sexgirl cha cantanti nude pps sexi elisabetta gardini tour maldive il dvd nudo all star rosa bilbanan tosca di puccini tuscania travel cecilia bolocco foto girasoli hp 51626a fatti mandare dalla mammma verbatim dvd dl testi alicia key move ya body ana sky moanapozzi todito car mappy it kodak - performance camera case x dx6490 moon and sand un colpo da dilettanti espanol hombre la nube wahrane vacanza neve montagna donne la spezia set top box 9800 jave fable (forse) su pc biglietti ferrovie mani bagnate prestito varazze canzoni da circo tiziana lodato hermanita aventura lan yu hotel montparnasse parigi www disney chanel diadora calcio post 76x76 pastello psicologos kelly kei iso guarracino foto eva robins nuda legge sulla fecondazione assistita alamanna tavolo pitagora voli calabria caffetteria miegel, agnes paolo conte via con me dragon ball z. box 11 chitarra classica ibanez chitarre cause ritardo mestruazioni nominativi degli agenti di commercio di ricette francesi filmati gay seconda prova esame stato 2004 mishima hp inkjet 78 45 grease canzoni di kenneth bigley dragostei del tei eva henger nuda foto soldati israeliani televisore combo il signor bruschino mp3 mediaplayer www kobierno pl lynk take me away un ciclone in convento www peruesgay com comparat green space usb - bluetooth simulatore volo pokemon smeraldo in italiano wagner marcia nuziale nikon digitale coolpix 7900 un uomo di spettacolo over de rainbow shana vanguarde gimme gimme gimme canzoni con testo da scaricare gratis prov a3 stampante laser colori otep fornace albergo maiorca biglietto aereo new york culo donne calorifero c39 sapphire radeon x850 xt nova art explosion baci appassionati northallerton vacca sfondata termometro per il vino componenti pc computer video lain neverne bebe gde smo insania epl 6100l xbox live parte piano in giappone diadora scarpa calcio ray ban 3132 jackie bean statistica calciatore pda tom tom tutto lotto dsc t1 digitali grandangolo photo hardisk clubbed to death diomedes tagan u22 hentia puzzles.com gd70 batteria panasonic batterie soory seen to be modiali calcio www pena di morte it morron 5 escuch tv al plasma hyundai annunci telefonici informazione su cuba sony sdm hs95pb vater unser banim, michael fanghi guam tutti i calendario formula4 indienne pau (oristano) hoover lava asciuga pitt bull terrier maila hi volvo 240 polar ==Introduction== This example shows how to configure a transparent traffic shaper. The transparent traffic shaper is essentially a bridge that is able to differentiate and prioritize traffic that passes through it.

Consider the following network layout:

Transparent-shaper.png

We will configure one queue limiting the total throughput to the client and three sub-queues that limit HTTP, P2P and all other traffic separately. HTTP traffic will have priority above all other traffic types.

Quick Start for Impatient

Configuration snippet from the MikroTik router:

/ interface bridge 
add name="bridge1"
/ interface bridge port 
add interface=ether2 bridge=bridge1 
add interface=ether3 bridge=bridge1 

/ ip firewall mangle 
add chain=prerouting protocol=tcp dst-port=80 action=mark-connection \
    new-connection-mark=http_conn passthrough=yes
add chain=prerouting connection-mark=http_conn action=mark-packet \
    new-packet-mark=http passthrough=no
add chain=prerouting p2p=all-p2p action=mark-connection \
    new-connection-mark=p2p_conn passthrough=yes
add chain=prerouting connection-mark=p2p_conn action=mark-packet \
    new-packet-mark=p2p passthrough=no
add chain=prerouting action=mark-connection new-connection-mark=other_conn \
    passthrough=yes
add chain=prerouting connection-mark=other_conn action=mark-packet \
    new-packet-mark=other passthrough=no

/ queue simple 
add name="main" target-addresses=10.0.0.12/32 max-limit=256000/512000
add name="http" parent=main packet-marks=http max-limit=240000/500000
add name="p2p" parent=main packet-marks=p2p max-limit=64000/64000
add name="other" parent=main packet-marks=other max-limit=128000/128000

Explanation

Each piece of code is followed by the explanation of what it actually does.

Bridge

/ interface bridge 
add name="bridge1"
/ interface bridge port 
add interface=ether2 bridge=bridge1 
add interface=ether3 bridge=bridge1

We create a new bridge interface and assign two ethernet interfaces to it. Thus the prospective traffic shaper will be completely transparent to the client.

Mangle

/ ip firewall mangle 
add chain=prerouting protocol=tcp dst-port=80 action=mark-connection \
    new-connection-mark=http_conn passthrough=yes
add chain=prerouting connection-mark=http_conn action=mark-packet \
    new-packet-mark=http passthrough=no

All traffic destined to TCP port 80 is likely to be HTTP traffic and therefore is being marked with the packet mark http. Note, that the first rule has passthrough=yes while the second one has passthrough=no. (You can obtain additional information about mangle at http://www.mikrotik.com/docs/ros/2.9/ip/mangle)

/ ip firewall mangle 
add chain=prerouting p2p=all-p2p action=mark-connection \
    new-connection-mark=p2p_conn passthrough=yes
add chain=prerouting connection-mark=p2p_conn action=mark-packet \
    new-packet-mark=p2p passthrough=no
add chain=prerouting action=mark-connection new-connection-mark=other_conn \
    passthrough=yes
add chain=prerouting connection-mark=other_conn action=mark-packet \
    new-packet-mark=other passthrough=no

Same as above, P2P traffic is marked with the packet mark p2p and all other traffic is marked with the packet mark other.

Queues

/ queue simple 
add name="main" target-addresses=10.0.0.12/32 max-limit=256000/512000

We create a queue that limits all the traffic going to/from the client (specified by the target-address) to 256k/512k.

/ queue simple 
add name="http" parent=main packet-marks=http max-limit=240000/500000
add name="p2p" parent=main packet-marks=p2p max-limit=64000/64000
add name="other" parent=main packet-marks=other max-limit=128000/128000

All sub-queues have the main queue as the parent, thus the aggregate data rate could not exceed limits specified in the main queue. Note, that http queue has higher priority than other queues, meaning that HTTP downloads are prioritized.

--Eugene