Sunday 6 April 2014

Traffic Priortization, RouterOS QoS Implemetation

This QoS setup will limit only the Download traffic, no rules are applied for Upload traffic since I didn't had any need for it, I'm not reaching upload limit. This shaper I have installed only for Residential users, who are limited at 550 Mbit/s of overall Bandwidth, what includes around 12000 users online with different rates limited 1 Mbit/s and 2 Mbit/s per user. The idea behind the scripts is for allowing different limits Day and Night, to give to the lowest priority to reach at least 22 Mbit/s after businesses hours, when buissnes clients do not use much bandwidth. For web video (youtube ...) 400 Kbit/s per user will e served using PCQ.

Bridge Setup                                                                                        

First, We create a bridge interface and name it as you like, I have named it ALLOT:
/interface bridge
add name=ALLOT
After that, assign ports to the bridge INTERNAL as a Local interface and EXTERNAL as Publc interface:
/interface bridge port
add bridge=ALLOT interface=INTERNAL
add bridge=ALLOT interface=EXTERNAL
Than the last thing about bridge is to enable ip firewall on it, so we can mangle.
/interface bridge settings
set use-ip-firewall=yes
For web video services, create Address-List for most of the Youtube, Metacafe, Youporn, Redtube etc.
/ip firewall address-list
add address=208.117.224.0/24 list=Youtube
add address=208.117.225.0/24 list=Youtube
add address=208.117.228.0/24 list=Youtube
add address=208.117.229.0/24 list=Youtube
add address=208.117.232.0/24 list=Youtube
add address=208.117.233.0/24 list=Youtube
add address=208.117.234.0/24 list=Youtube
add address=208.117.238.0/24 list=Youtube
add address=208.65.152.0/24 list=Youtube
add address=208.65.153.0/24 list=Youtube
add address=208.65.154.0/24 list=Youtube
add address=64.15.112.0/20 list=Youtube
add address=208.117.236.0/24 list=Youtube
add address=74.125.96.0/19 list=Youtube
add address=72.14.221.0/24 list=Youtube
add address=84.53.128.0/18 comment=Redtube list=Youtube
add address=87.248.192.0/19 comment=Youporn list=Youtube
add address=216.155.128.0/19 comment=Redtube list=Youtube
add address=208.73.208.0/21 comment=Redtube list=Youtube
add address=66.55.140.0/23 comment=Redtube list=Youtube
add address=74.125.208.0/24 list=Youtube

Mangle Setup

Here we mark the packets for the different traffic, be carefull to keep this order:
/ip firewall mangle
add action=mark-packet chain=forward new-packet-mark=icmp passthrough=no protocol=icmp
add action=mark-packet chain=forward dst-port=443 new-packet-mark=ssl passthrough=no protocol=tcp
add action=mark-packet chain=forward new-packet-mark=p2p p2p=all-p2p passthrough=no
add action=mark-packet chain=forward new-packet-mark=udp-100 packet-size=0-100 passthrough=no protocol=udp
add action=mark-packet chain=forward new-packet-mark=upd-500 packet-size=100-500 passthrough=no protocol=udp
add action=mark-packet chain=forward new-packet-mark=upd-other passthrough=no protocol=udp
add action=mark-packet chain=forward dst-port=1863 new-packet-mark=msn-messenger passthrough=no protocol=tcp
add action=mark-packet chain=forward dst-port=110 new-packet-mark=pop3 passthrough=no protocol=tcp
add action=mark-packet chain=forward dst-port=25 new-packet-mark=smtp passthrough=no protocol=tcp
add action=mark-packet chain=forward dst-port=143 new-packet-mark=imap passthrough=no protocol=tcp
add action=mark-packet chain=forward new-packet-mark=gre passthrough=no protocol=gre
add action=mark-packet chain=forward new-packet-mark=ipsec-esp passthrough=no protocol=ipsec-esp
add action=mark-packet chain=forward new-packet-mark=ipsec-ah passthrough=no protocol=ipsec-ah
add action=mark-packet chain=forward new-packet-mark=ipencap passthrough=no protocol=ipencap
add action=mark-packet chain=forward new-packet-mark=ipip passthrough=no protocol=ipip
add action=mark-packet chain=forward new-packet-mark=Youtube passthrough=no src-address-list=Youtube
add action=mark-packet chain=forward dst-port=80 new-packet-mark=http passthrough=no protocol=tcp
add action=mark-packet chain=forward connection-bytes=1-512000 new-packet-mark=0bytes passthrough=yes
add action=mark-packet chain=forward connection-bytes=512000-1000000 new-packet-mark=1Mbyte passthrough=yes
add action=mark-packet chain=forward connection-bytes=1000000-3000000 new-packet-mark=3Mbyte passthrough=yes
add action=mark-packet chain=forward connection-bytes=3000000-6000000 new-packet-mark=6Mbyte passthrough=yes
add action=mark-packet chain=forward connection-bytes=6000000-30000000 new-packet-mark=30Mbyte passthrough=yes
add action=mark-packet chain=forward connection-bytes=30000000-60000000 new-packet-mark=60Mbytes passthrough=yes
add action=mark-packet chain=forward connection-bytes=60000000-0 new-packet-mark=Infinite passthrough=yes

Queue Type

PCQ will be used only for Youtube and other web video
/queue type
add kind=pcq name=Youtube_down pcq-classifier=src-port,dst-port pcq-limit=50
pcq-rate=400000 pcq-total-limit=2000

Queue Tree

This is the Queue Tree that manages the marked packets.
For all rules except Youtube - queue=default, for all rules max-limit and limit-at are zeroes except where a value is specified.
/queue tree
add limit-at=550000000 max-limit=550000000 name=OVERALL parent=INTERNAL priority=5

 add name=PRIO1 parent=OVERALL priority=1
  add name=0-512 packet-mark=0bytes parent=PRIO1 priority=1
  add name=ICMP packet-mark=icmp parent=PRIO1 priority=1
  add name=POP3 packet-mark=pop3 parent=PRIO1 priority=1
  add name=SMTP packet-mark=smtp parent=PRIO1 priority=1
  add name=IMAP packet-mark=imap parent=PRIO1 priority=1
  add name=HTTP packet-mark=http parent=PRIO1 priority=1
  add name=SSL packet-mark=ssl parent=PRIO1 priority=1
  add name=MSN-MESSENGER packet-mark=msn-messenger parent=PRIO1 priority=1

 add name=PRIO3 parent=OVERALL priority=3
  add name=1Mbyte packet-mark=1Mbyte parent=PRIO3 priority=3

 add name=PRIO4 parent=OVERALL priority=4
  add name=3Mbyte packet-mark=3Mbyte parent=PRIO4 priority=4

 add name=PRIO5 parent=OVERALL priority=5
  add name=6Mbyte packet-mark=6Mbyte parent=PRIO5 priority=5

 add name=PRIO6 parent=OVERALL priority=6
  add name=30Mbyte packet-mark=30Mbyte parent=PRIO6 priority=6

 add name=PRIO7 parent=OVERALL priority=7
  add name=Youtube packet-mark=Youtube parent=PRIO7 priority=7 
  queue=Youtube_down
  add name=60Mbyte packet-mark=60Mbytes parent=PRIO7 priority=7

 add name=PRIO8 parent=OVERALL priority=8
  add name=Infinite packet-mark=Infinite parent=PRIO8 priority=8
  add name=GRE packet-mark=gre parent=PRIO8 priority=8
  add name=IPSEC-ESP packet-mark=ipsec-esp parent=PRIO8 priority=8
  add name=IPSEC-AH packet-mark=ipsec-ah parent=PRIO8 priority=8
  add name=P2P packet-mark=p2p parent=PRIO8 priority=8
  add name=IPENCAP packet-mark=ipencap parent=PRIO8 priority=8
  add name=IPIP packet-mark=ipip parent=PRIO8 priority=8

 add name=UDP parent=OVERALL priority=1
  add name=UDP-100 packet-mark=udp-100 parent=UDP priority=1
  add name=UDP-500 packet-mark=upd-500 parent=UDP priority=3
  add name=UDP-Other packet-mark=upd-other parent=UDP priority=8

add disabled=yes limit-at=22000000 max-limit=22000000 name=PRIO8-19h parent=INTERNAL priority=3
 add name=Infinite-19h packet-mark=Infinite parent=PRIO8-19h priority=8
 add name=P2P-19h packet-mark=p2p parent=PRIO8-19h priority=8
 add name=GRE-19h packet-mark=gre parent=PRIO8-19h priority=8
 add name=IPENCAP-19h packet-mark=ipencap parent=PRIO8-19h priority=8
 add name=IPIP-19h packet-mark=ipip parent=PRIO8-19h priority=8
 add name=IPSEC-AH-19h packet-mark=ipsec-ah parent=PRIO8-19h priority=8
 add name=IPSEC-ESP-19h packet-mark=ipsec-esp parent=PRIO8-19h priority=8

Scripts for changing Queue Tree at different times of day

We have some very useful scripts that change the Queue Tree at different times of the day. At 19h it will start to check the average rate of PRIO8 Queue and if it's below 20 Mbit/s it will disable it and enable PRIO8-19h what will guarantee 22Mbit/s for that kind of traffic. The other script will check the average rate of the OVERALL Queue and if the rate is below 510 Mbit/s it will disable PRIO8-19h and enable PRIO8 since there will be more than 22 MBit/s available:
/system script
add name=Day source="/queue tree enable PRIO8; /queue tree disable PRIO8-19h; 
/system scheduler disable Night; /system scheduler disable Overall-Night"
add name=Night source=":global checkrate [/queue tree get PRIO8 rate]\r\ 
\n:local rate 20000000\r\ \n\r\ \n:if  ( \$checkrate < \$rate ) do={\r\ \n     
/queue tree enable PRIO8-19h; /queue tree disable PRIO8\r\ \n}\r\ \n\r\ 
\n:if  ( \$checkrate > \$rate ) do={\r\ \n     /queue tree enable PRIO8; 
/queue tree disable PRIO8-19h\r\ \n}"
add name=Enable-Night source= "system scheduler enable Night; 
/system scheduler enable Overall-Night"
add name=Overall-Night source=":global checkrate 
[/queue tree get OVERALL rate]\r\ \n:local rate 510000000\r\ \n\r\ \n:if  
( \$checkrate < \$rate ) do={\r\ \n     /queue tree enable PRIO8; 
/queue tree disable PRIO8-19h\r\ \n}\r\ \n"
And the schedules that activate the scripts:
/system scheduler
add interval=1d name=Day on-event=Day start-time=01:00:00
add disabled=yes interval=15m name=Night on-event=Night start-time=19:00:00
add interval=1d name=Enable-Night on-event=Enable-Night start-time=18:55:00
add disabled=yes interval=15m name=Overall-Night on-event=Overall-Night start-time=19:10:00
0 comments

Queue Burst Mikrotik

Burst Mikrotik
Max-limit
adalah batasan maksimal bandwidth yang dapat dikonsumsi oleh komputer yang dikenakan limitasi.
Burst-limit
adalah batasan maksimal bandwidth yang dapat dikonsumsi dalam waktu yang singkat yang ditentukan dengan busrt-time.
Burst-Thres
adalah pemicu atau trigger atau titik pembalik atau batasan bandwidth riil yang diterima sebagai pembatas burst-limit.
contoh berikut ini memberikan batasan bandwidth kepada komputer :
Max-limit=64k
Burst-limit=128k
Burst-Thres=48k
Burst-Time=2
dari gambaran tersebut dapat diberikan gambaran adalah client memperoleh bandwidth 128kbps selama traffic riilnya belum mencapai 48kbps, jika dia sudah mencapai traffic riilnya maka secara otomatis bandwidth yang dia dapatkan akan berangsur-angsur turun menuju 64 kbps. Skenario seperti ini sering diterapkan oleh beberapa ISP yang menawarkan bandwidth yang burstable, atau warnet yang lebih mengutamakan klien yang browsing daripada klien yang melakukan download.
Dengan menggunakan konfigurasi seperti itu sering kali klien yang browsing akan mereka cepat karena mereka sering kali mendapatkan 128 kbps sedangkan jika mereka mulai melakukan download data dari internet maka jatah koneksi mereka akan turun menjadi 64 kbps. Orang sering kali ingin menggunakan system seperti ini namun mereka mengalami kesulitan untuk menentukan parameter-parameter yang tepat untuk konfigurasi mereka. Dengan konfigurasi yang kurang tepat sering kali klien mereka akan mendapatkan bandwidth yang lebih besar dari max-limit kita, atau bahkan jauh dari angka max-limit, lalu bagaimana cara mengisikan parameter tersebut supaya tepat? Berikut ini akan diberikan rumusan yang belum tentu tepat, namun sudah cukup membantu.
Limit-at =<CUSTOM>
Max-limit = <CUSTOM>
Burst-limit = < 4 x Max-limit
Burst-Thres = ¾ x Max-limit
Burst-time = < 12 s
Namun rumus tersebut tidak bersifat mati, harus anda sesuaikan dengan keadaan jaringan anda, tapi anda juga dapat menjadikan rumus tersebut sebagai acuan dalam membagi bandwidth 
0 comments

Saturday 5 April 2014

Manajemen Bandwidth Queue Tree mokrotik RB750

Kali ini saya ingin mencoba membagi bandwidth mikrotik pada komputer client dengan menggunakan router RB750, Pertama kita harus membuat/setting mangle :
lalu kita buat Mark Connection :
1. Klik IP --> Firewall --> Mangle --> + (warna merah)
 pada tab general
    <>Chain : forward
    <>Src.Address : 192.168.3.2 (masukan IP komputer yang ingin di limit)
    <>In.interface : Ether3_rifki (interface dari komputer ke router)

klik --> tab action
    <>action : mark connection
    <>new conection mark : clien-01-con
     biarkan tanda cek list pasthroug tetap ada
     lalu klik apply dan klik OK.
selanjutnya kita buat Mark Packet :
2. Klik IP -->Firewall --> Mangle --> + (warna merah)
pada tab general
    <> Chain : forward
    <> Conection mark : clien-01-con
pada tab action
    <> Action : Mark packet
    <> New Packet mark : client-01
     hilangkan tanda cek list pasthroug
     klik apply dan klik OK.
 3. Klik Queues --> Queues types --> + (warna merah)
    <>type name : download
    <>Kind : pcq
     beri tanda ceklist pada kotak Dst. Address
     klik apply dan klik OK.

klik + (warna merah)
    <>type name : upload
    <>Kind : pcq
      beri tanda ceklist pada kotak Srt. Address
      klik apply dan klik OK

4. Klik Tab Queue Tree --> + (warna merah)
  kita buat limitan untuk upload
Pada tab General
    <>Name : clien-01-don
    <>Parent : ether3_rifki
    <>Packet Mark : clien-01
    <>Queue Type : download
    <>Limit at : 64k
    <>Max Limit : 128k
      klik apply dan klik OK.

kemudian kita buat limitan upload
klik --> + (warna merah)
    <>Name : clien-01-up
    <>Parent : ether1_radio (interface yang ke arah radio)
    <>Packet Mark : clien-01
    <>Queue Type : upload
    <>Limit at : 96k
    <>Max Limit : 512k
      klik apply dan klik OK.

selesai...selanjutnya test di www.speedtest.net
jika ukuran badwidth sama / mendekati yang kita limit,berarti sudah benar.
0 comments
Subscribe to: Posts (Atom)