miércoles, 26 de septiembre de 2012

Mikrotik - Queue tree - QoS estático

Vamos a mejorar un poco nuestra calidad de servicio planteada en el anterior post.
En este caso utilizaremos queue tree, separamos nuestro ancho de banda en tres categorías (por el momento solo utilizaremos dos) y limitaremos las descargas de archivos a la mínima prioridad.
contamos con una conexion adsl 2Mx512 y un promedio de 300 usuarios.
nos basamos en esta guia para realizarlo.

Lo más importante, dado el escaso ancho de banda, es limitar el consumo indiscriminado por parte de usuarios que descargan archivos de todo tipo y tamaño, o de procesos en background (updates) que raramente el usuario sabe la cantidad de recursos que le "roba". Para ello establecemos tres filtros para el puerto 80 y 443:
1) navegación (hasta 500b)
2) navegación descargas (de 500-5000000)
3) y la prioridad más baja, la descarga de archivos

empezamos en la tabla mangle marcando conexiones y luego marcando los paquetes que usaran esas conexiones:


/ip firewall mangle
add action=mark-packet chain=forward comment="" disabled=no new-packet-mark=\
    download-packet passthrough=no protocol=tcp src-address-list=download
add action=mark-connection chain=prerouting comment=DNS disabled=no dst-port=\
    53 new-connection-mark=dns_conn passthrough=yes protocol=udp
add action=mark-packet chain=prerouting comment="" connection-mark=dns_conn \
    disabled=no new-packet-mark=dns passthrough=no
add action=mark-connection chain=prerouting comment=Http connection-bytes=\
    0-500000 disabled=no dst-port=80 new-connection-mark=http_conn \
    passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting comment="" connection-mark=http_conn \
    disabled=no new-packet-mark=http passthrough=no
add action=mark-connection chain=prerouting comment="Http Descarga" \
    connection-bytes=500000-5000000 disabled=no dst-port=80 \
    new-connection-mark=http_conn_descarga passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting comment="" connection-mark=\
    http_conn_descarga disabled=no new-packet-mark=http_descarga passthrough=\
    no
add action=mark-connection chain=prerouting comment=Https connection-bytes=\
    0-500000 disabled=no dst-port=443 new-connection-mark=https_conn \
    passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting comment="" connection-mark=https_conn \
    disabled=no new-packet-mark=https passthrough=no
add action=mark-connection chain=prerouting comment="Https Descarga" \
    connection-bytes=500000-5000000 disabled=no dst-port=443 \
    new-connection-mark=https_conn_descarga passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting comment="" connection-mark=\
    https_conn_descarga disabled=no new-packet-mark=https_descarga \
    passthrough=no
add action=mark-connection chain=prerouting comment=Otros disabled=no \
    new-connection-mark=otras_conn passthrough=yes
add action=mark-packet chain=prerouting comment="" connection-mark=otras_conn \
    disabled=no new-packet-mark=other passthrough=no
add action=mark-connection chain=prerouting comment="ICMP (Ping)" disabled=no \
    new-connection-mark=icmp_conn passthrough=yes protocol=icmp
add action=mark-packet chain=prerouting comment="" connection-mark=icmp_conn \
    disabled=no new-packet-mark=icmp passthrough=no


Finalmente en queue tree creamos los parent y asignamos nuestras conexiones y paquetes marcados a las colas de prioridades


/queue tree
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=QoS_down packet-mark="" parent=eth3-LAN priority=1 \
    queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=\
    1024000 max-limit=1768000 name=3QoS_down_Web packet-mark="" parent=\
    QoS_down priority=5 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=2QoS_down_Games packet-mark="" parent=QoS_down priority=\
    2 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=1QoS_down_VoIP packet-mark="" parent=QoS_down priority=1 \
    queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=QoS_up packet-mark="" parent=pppoe-out1 priority=1 \
    queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=1QoS_up_VoIP packet-mark="" parent=QoS_up priority=1 \
    queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=2QoS_up_Games packet-mark="" parent=QoS_up priority=2 \
    queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=400000 \
    max-limit=512000 name=3QoS_up_Web packet-mark="" parent=QoS_up priority=5 \
    queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=DNS_up packet-mark=dns parent=3QoS_up_Web priority=5 \
    queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=Http_up packet-mark=http parent=3QoS_up_Web priority=5 \
    queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=Https_up packet-mark=https parent=3QoS_up_Web priority=5 \
    queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=Otros_up packet-mark=other parent=3QoS_up_Web priority=6 \
    queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=Http_Descarga packet-mark=http_descarga parent=\
    3QoS_down_Web priority=6 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=DNS packet-mark=dns parent=3QoS_down_Web priority=5 \
    queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=Http packet-mark=http parent=3QoS_down_Web priority=5 \
    queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=Https packet-mark=https parent=3QoS_down_Web priority=5 \
    queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=Otros packet-mark=other parent=3QoS_down_Web priority=7 \
    queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=Https_Descarga packet-mark=https_descarga parent=\
    3QoS_down_Web priority=6 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=download-files packet-mark=download-packet parent=\
    3QoS_down_Web priority=7 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name="ICMP_(Ping)_up" packet-mark=icmp parent=1QoS_up_VoIP \
    priority=1 queue=default


Guia: http://tamax.com.ar/blog/?p=938
Publicado por en No hay comentarios:
Etiquetas: , , , , , , , ,

lunes, 10 de septiembre de 2012

Mikrotik - Limitar ancho de banda por archivos

/ip firewall filter
add action=add-dst-to-address-list address-list=download \
    address-list-timeout=1h chain=forward comment="" content=.dat disabled=no \
    protocol=tcp src-address=192.168.0.0/24
add action=add-dst-to-address-list address-list=download \
    address-list-timeout=1h chain=forward comment="" content=.exe disabled=no \
    protocol=tcp src-address=192.168.0.0/24
add action=add-dst-to-address-list address-list=download \
    address-list-timeout=1h chain=forward comment="" content=.cab disabled=no \
    protocol=tcp src-address=192.168.0.0/24
add action=add-dst-to-address-list address-list=download \
    address-list-timeout=1h chain=forward comment="" content=.msi disabled=no \
    protocol=tcp src-address=192.168.0.0/24
add action=add-dst-to-address-list address-list=download \
    address-list-timeout=1h chain=forward comment="" content=.gz disabled=no \
    protocol=tcp src-address=192.168.0.0/24
add action=add-dst-to-address-list address-list=download \
    address-list-timeout=1h chain=forward comment="" content=.bin disabled=no \
    protocol=tcp src-address=192.168.0.0/24
add action=add-dst-to-address-list address-list=download \
    address-list-timeout=1h chain=forward comment="" content=.mp3 disabled=no \
    protocol=tcp src-address=192.168.0.0/24
add action=add-dst-to-address-list address-list=download \
    address-list-timeout=1h chain=forward comment="" content=.mp4 disabled=no \
    protocol=tcp src-address=192.168.0.0/24
add action=add-dst-to-address-list address-list=download \
    address-list-timeout=1h chain=forward comment="" content=.mpeg disabled=\
    no protocol=tcp src-address=192.168.0.0/24
add action=add-dst-to-address-list address-list=download \
    address-list-timeout=1h chain=forward comment="" content=.zip disabled=no \
    protocol=tcp src-address=192.168.0.0/24
add action=add-dst-to-address-list address-list=download \
    address-list-timeout=1h chain=forward comment="" content=.rar disabled=no \
    protocol=tcp src-address=192.168.0.0/24
add action=add-dst-to-address-list address-list=download \
    address-list-timeout=1h chain=forward comment="" content=.flv disabled=no \
    protocol=tcp src-address=192.168.0.0/24
add action=add-dst-to-address-list address-list=download \
    address-list-timeout=1h chain=forward comment="" content=.swf disabled=no \
    protocol=tcp src-address=192.168.0.0/24
add action=add-dst-to-address-list address-list=download \
    address-list-timeout=1h chain=forward comment="" content=.deb disabled=no \
    protocol=tcp src-address=192.168.0.0/24
add action=add-dst-to-address-list address-list=download \
    address-list-timeout=1h chain=forward comment="" content=.avi disabled=no \
    protocol=tcp src-address=192.168.0.0/24
add action=add-dst-to-address-list address-list=download \
    address-list-timeout=1h chain=forward comment="" content=.iso disabled=no \
    protocol=tcp src-address=192.168.0.0/24
add action=add-dst-to-address-list address-list=download \
    address-list-timeout=1h chain=forward comment="" content=.rm disabled=no \
    protocol=tcp src-address=192.168.0.0/24
add action=add-dst-to-address-list address-list=download \
    address-list-timeout=1h chain=forward comment="" content=.wav disabled=no \
    protocol=tcp src-address=192.168.0.0/24
add action=add-dst-to-address-list address-list=download \
    address-list-timeout=1h chain=forward comment="" content=.wma disabled=no \
    protocol=tcp src-address=192.168.0.0/24
add action=add-dst-to-address-list address-list=download \
    address-list-timeout=1h chain=forward comment="" content=.wmv disabled=no \
    protocol=tcp src-address=192.168.0.0/24
add action=add-dst-to-address-list address-list=download \
    address-list-timeout=1h chain=forward comment="" content=.bz2 disabled=no \
    protocol=tcp src-address=192.168.0.0/24
add action=add-dst-to-address-list address-list=download \
    address-list-timeout=1h chain=forward comment="" content=.rmvb disabled=\
    no protocol=tcp src-address=192.168.0.0/24
add action=add-dst-to-address-list address-list=download \
    address-list-timeout=1h chain=forward comment="" content=.z disabled=no \
    protocol=tcp src-address=192.168.0.0/24
add action=add-dst-to-address-list address-list=download \
    address-list-timeout=1h chain=forward comment="" content=.mpg disabled=no \
    protocol=tcp src-address=192.168.0.0/24
add action=add-dst-to-address-list address-list=download \
    address-list-timeout=1h chain=forward comment="" content=.divx disabled=\
    no protocol=tcp src-address=192.168.0.0/24


/ip firewall mangle
add action=mark-packet chain=forward comment="" disabled=no new-packet-mark=\
    download-packet passthrough=no protocol=tcp src-address-list=download

/queue simple
add burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s comment="" \
    direction=both disabled=no dst-address=0.0.0.0/0 interface=all limit-at=\
    64000/64000 max-limit=64000/64000 name=download-file packet-marks=\
    download-packet parent=none priority=8 queue=default-small/default-small \
    total-queue=default-small



Guia:
http://alfaqiir-net.blogspot.com.ar/2008/04/delay-pool-di-mikrotik.html

Publicado por en No hay comentarios:
Etiquetas: , , , , , , , ,
Suscribirse a: Entradas (Atom)