Upgrade rsc files

From MikroTik Wiki
Revision as of 19:14, 20 August 2012 by Earthstation (talk | contribs) (Mangle Rules and Queue Tree Setup)
Jump to: navigation, search

Introduction

The file upgrade.rsc is the key component to mass roll-outs of CPE setting changes and script additions. By creating this file and uploading to main mikrotik AP/router, changing hundreds of CPE's within a few seconds is only moments away. Enable the trigger IP (in our case 172.16.0.1), sit back and watch all your CPE's log in via ftp, collect the upgrade.rsc file and import it on all the CPE's.

Below are few examples of upgrade.rsc files. You MUST test these on a single local CPE to see that no negative reactions occur, before rolling out for network wide implementation. As always, used at your own risk.


Upgrade.rsc file header

Every upgrade.rsc has the same first 6 lines. So we will not include these lines in each file. Please not ignore this, you do need to do maintenance of the number of files on your CPE's and this is the simplest method.

:if ([file find type=".rif file"]!="") do={/file remove [find type=".rif file"]}
:if ([file find type=".tar file"]!="") do={/file remove [find type=".tar file"]}
:if ([file find type="backup"]!="") do={/file remove [find type="backup"]}
:if ([file find type="script"]!="") do={/file remove [find type="script"]}
/system backup save;
:delay 10s;

Mangle Rules and Queue Tree Setup

This set of scripts will setup mangle rules and a queue tree on the CPE. WARNING all existing mangle rules and queues (tree) will be removed. This would be sued for simple traffic shaping on the CPE. You need to ensure that the interface setting matches what is on the all CPE's.

{:log info "Remove Mangle Rules - Script Start"
:local counter 0
:local delaytime 5
:local numloops 1
:while ($counter < $numloops) do={ \
:log info "Removing Mangle Rules"
:foreach i in=[/ip firewall mangle find] do={ \
/ip firewall mangle remove $i
:log info "Removed $i"
}
:set counter ($counter+1)
:log info "delaying..."
:delay $delaytime
   }
}
/ip firewall mangle
add action=mark-connection chain=prerouting comment="HTTP and E-Mail" disabled=no dst-port=\
 80,25,110,995,5222,8080,6600-6700,7000,9010,2086,443,465 new-connection-mark=http_conn passthrough=yes  \
   protocol=tcp
add action=mark-packet chain=prerouting connection-mark=http_conn disabled=no new-packet-mark=http \
   passthrough=no
add action=mark-connection chain=prerouting comment=Admin disabled=no dst-port=\
   22,23,53,123,161,162,2210,2211,8291 in-interface=ether1 new-connection-mark=admin_conn passthrough=yes \
   protocol=tcp
add action=mark-connection chain=prerouting disabled=no dst-port=53,123,161,162 in-interface=ether1 \
   new-connection-mark=admin_conn passthrough=yes protocol=udp
add action=mark-connection chain=prerouting disabled=no new-connection-mark=admin_conn passthrough=yes \
   protocol=icmp
add action=mark-packet chain=prerouting connection-mark=admin_conn disabled=no new-packet-mark=admin \
   passthrough=no
add action=mark-connection chain=prerouting comment=FTP disabled=no dst-port=21 in-interface=ether1 \
   new-connection-mark=ftp_conn passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark=ftp_conn disabled=no new-packet-mark=ftp \
   passthrough=no
add action=mark-connection chain=prerouting comment=P2P disabled=no in-interface=ether1 \
   new-connection-mark=p2p_conn p2p=all-p2p passthrough=yes
add action=mark-packet chain=prerouting connection-mark=p2p_conn disabled=no new-packet-mark=p2p \
   passthrough=no
add action=mark-connection chain=prerouting comment="Other Traffic" disabled=no in-interface=ether1 \
   new-connection-mark=other_conn passthrough=yes
add action=mark-packet chain=prerouting connection-mark=other_conn disabled=no new-packet-mark=other \
   passthrough=no
{:log info "Remove Queue Tree - Script Start"
:local counter 0
:local delaytime 5
:local numloops 1
:while ($counter < $numloops) do={ \
:log info "Removing Queue Trees"
:foreach i in=[/queue tree find] do={ \
/queue tree remove $i
:log info "Removed $i"
}
:set counter ($counter+1)
:log info "delaying..."
:delay $delaytime
}
}
/queue tree
 add burst-limit=50M burst-threshold=50M burst-time=3s disabled=no limit-at=50M max-limit=50M name=Global_In \
   packet-mark="" parent=global-in priority=1
add burst-limit=50M burst-threshold=50M burst-time=3s disabled=no limit-at=50M max-limit=50M name=admin_in \
   packet-mark=admin parent=Global_In priority=1 queue=default
add burst-limit=50M burst-threshold=50M burst-time=3s disabled=no limit-at=50M max-limit=50M name=http_in \
   packet-mark=http parent=Global_In priority=2 queue=default
add burst-limit=50M burst-threshold=50M burst-time=3s disabled=no limit-at=50M max-limit=50M name=ftp_in \
   packet-mark=ftp parent=Global_In priority=3 queue=default
add burst-limit=50M burst-threshold=50M burst-time=3s disabled=no limit-at=50M max-limit=50M name=P2P_in \
   packet-mark=p2p parent=Global_In priority=8 queue=default
add burst-limit=50M burst-threshold=50M burst-time=3s disabled=no limit-at=50M max-limit=50M name=other_in \
   packet-mark=other parent=Global_In priority=5 queue=default


And that...