Sunday, 6 April 2014

Traffic Priortization, RouterOS QoS Implemetation

This QoS setup will limit only the Download traffic, no rules are applied for Upload traffic since I didn't had any need for it, I'm not reaching upload limit. This shaper I have installed only for Residential users, who are limited at 550 Mbit/s of overall Bandwidth, what includes around 12000 users online with different rates limited 1 Mbit/s and 2 Mbit/s per user. The idea behind the scripts is for allowing different limits Day and Night, to give to the lowest priority to reach at least 22 Mbit/s after businesses hours, when buissnes clients do not use much bandwidth. For web video (youtube ...) 400 Kbit/s per user will e served using PCQ.

Bridge Setup                                                                                        

First, We create a bridge interface and name it as you like, I have named it ALLOT:
/interface bridge
add name=ALLOT
After that, assign ports to the bridge INTERNAL as a Local interface and EXTERNAL as Publc interface:
/interface bridge port
add bridge=ALLOT interface=INTERNAL
add bridge=ALLOT interface=EXTERNAL
Than the last thing about bridge is to enable ip firewall on it, so we can mangle.
/interface bridge settings
set use-ip-firewall=yes
For web video services, create Address-List for most of the Youtube, Metacafe, Youporn, Redtube etc.
/ip firewall address-list
add address=208.117.224.0/24 list=Youtube
add address=208.117.225.0/24 list=Youtube
add address=208.117.228.0/24 list=Youtube
add address=208.117.229.0/24 list=Youtube
add address=208.117.232.0/24 list=Youtube
add address=208.117.233.0/24 list=Youtube
add address=208.117.234.0/24 list=Youtube
add address=208.117.238.0/24 list=Youtube
add address=208.65.152.0/24 list=Youtube
add address=208.65.153.0/24 list=Youtube
add address=208.65.154.0/24 list=Youtube
add address=64.15.112.0/20 list=Youtube
add address=208.117.236.0/24 list=Youtube
add address=74.125.96.0/19 list=Youtube
add address=72.14.221.0/24 list=Youtube
add address=84.53.128.0/18 comment=Redtube list=Youtube
add address=87.248.192.0/19 comment=Youporn list=Youtube
add address=216.155.128.0/19 comment=Redtube list=Youtube
add address=208.73.208.0/21 comment=Redtube list=Youtube
add address=66.55.140.0/23 comment=Redtube list=Youtube
add address=74.125.208.0/24 list=Youtube

Mangle Setup

Here we mark the packets for the different traffic, be carefull to keep this order:
/ip firewall mangle
add action=mark-packet chain=forward new-packet-mark=icmp passthrough=no protocol=icmp
add action=mark-packet chain=forward dst-port=443 new-packet-mark=ssl passthrough=no protocol=tcp
add action=mark-packet chain=forward new-packet-mark=p2p p2p=all-p2p passthrough=no
add action=mark-packet chain=forward new-packet-mark=udp-100 packet-size=0-100 passthrough=no protocol=udp
add action=mark-packet chain=forward new-packet-mark=upd-500 packet-size=100-500 passthrough=no protocol=udp
add action=mark-packet chain=forward new-packet-mark=upd-other passthrough=no protocol=udp
add action=mark-packet chain=forward dst-port=1863 new-packet-mark=msn-messenger passthrough=no protocol=tcp
add action=mark-packet chain=forward dst-port=110 new-packet-mark=pop3 passthrough=no protocol=tcp
add action=mark-packet chain=forward dst-port=25 new-packet-mark=smtp passthrough=no protocol=tcp
add action=mark-packet chain=forward dst-port=143 new-packet-mark=imap passthrough=no protocol=tcp
add action=mark-packet chain=forward new-packet-mark=gre passthrough=no protocol=gre
add action=mark-packet chain=forward new-packet-mark=ipsec-esp passthrough=no protocol=ipsec-esp
add action=mark-packet chain=forward new-packet-mark=ipsec-ah passthrough=no protocol=ipsec-ah
add action=mark-packet chain=forward new-packet-mark=ipencap passthrough=no protocol=ipencap
add action=mark-packet chain=forward new-packet-mark=ipip passthrough=no protocol=ipip
add action=mark-packet chain=forward new-packet-mark=Youtube passthrough=no src-address-list=Youtube
add action=mark-packet chain=forward dst-port=80 new-packet-mark=http passthrough=no protocol=tcp
add action=mark-packet chain=forward connection-bytes=1-512000 new-packet-mark=0bytes passthrough=yes
add action=mark-packet chain=forward connection-bytes=512000-1000000 new-packet-mark=1Mbyte passthrough=yes
add action=mark-packet chain=forward connection-bytes=1000000-3000000 new-packet-mark=3Mbyte passthrough=yes
add action=mark-packet chain=forward connection-bytes=3000000-6000000 new-packet-mark=6Mbyte passthrough=yes
add action=mark-packet chain=forward connection-bytes=6000000-30000000 new-packet-mark=30Mbyte passthrough=yes
add action=mark-packet chain=forward connection-bytes=30000000-60000000 new-packet-mark=60Mbytes passthrough=yes
add action=mark-packet chain=forward connection-bytes=60000000-0 new-packet-mark=Infinite passthrough=yes

Queue Type

PCQ will be used only for Youtube and other web video
/queue type
add kind=pcq name=Youtube_down pcq-classifier=src-port,dst-port pcq-limit=50
pcq-rate=400000 pcq-total-limit=2000

Queue Tree

This is the Queue Tree that manages the marked packets.
For all rules except Youtube - queue=default, for all rules max-limit and limit-at are zeroes except where a value is specified.
/queue tree
add limit-at=550000000 max-limit=550000000 name=OVERALL parent=INTERNAL priority=5

 add name=PRIO1 parent=OVERALL priority=1
  add name=0-512 packet-mark=0bytes parent=PRIO1 priority=1
  add name=ICMP packet-mark=icmp parent=PRIO1 priority=1
  add name=POP3 packet-mark=pop3 parent=PRIO1 priority=1
  add name=SMTP packet-mark=smtp parent=PRIO1 priority=1
  add name=IMAP packet-mark=imap parent=PRIO1 priority=1
  add name=HTTP packet-mark=http parent=PRIO1 priority=1
  add name=SSL packet-mark=ssl parent=PRIO1 priority=1
  add name=MSN-MESSENGER packet-mark=msn-messenger parent=PRIO1 priority=1

 add name=PRIO3 parent=OVERALL priority=3
  add name=1Mbyte packet-mark=1Mbyte parent=PRIO3 priority=3

 add name=PRIO4 parent=OVERALL priority=4
  add name=3Mbyte packet-mark=3Mbyte parent=PRIO4 priority=4

 add name=PRIO5 parent=OVERALL priority=5
  add name=6Mbyte packet-mark=6Mbyte parent=PRIO5 priority=5

 add name=PRIO6 parent=OVERALL priority=6
  add name=30Mbyte packet-mark=30Mbyte parent=PRIO6 priority=6

 add name=PRIO7 parent=OVERALL priority=7
  add name=Youtube packet-mark=Youtube parent=PRIO7 priority=7 
  queue=Youtube_down
  add name=60Mbyte packet-mark=60Mbytes parent=PRIO7 priority=7

 add name=PRIO8 parent=OVERALL priority=8
  add name=Infinite packet-mark=Infinite parent=PRIO8 priority=8
  add name=GRE packet-mark=gre parent=PRIO8 priority=8
  add name=IPSEC-ESP packet-mark=ipsec-esp parent=PRIO8 priority=8
  add name=IPSEC-AH packet-mark=ipsec-ah parent=PRIO8 priority=8
  add name=P2P packet-mark=p2p parent=PRIO8 priority=8
  add name=IPENCAP packet-mark=ipencap parent=PRIO8 priority=8
  add name=IPIP packet-mark=ipip parent=PRIO8 priority=8

 add name=UDP parent=OVERALL priority=1
  add name=UDP-100 packet-mark=udp-100 parent=UDP priority=1
  add name=UDP-500 packet-mark=upd-500 parent=UDP priority=3
  add name=UDP-Other packet-mark=upd-other parent=UDP priority=8

add disabled=yes limit-at=22000000 max-limit=22000000 name=PRIO8-19h parent=INTERNAL priority=3
 add name=Infinite-19h packet-mark=Infinite parent=PRIO8-19h priority=8
 add name=P2P-19h packet-mark=p2p parent=PRIO8-19h priority=8
 add name=GRE-19h packet-mark=gre parent=PRIO8-19h priority=8
 add name=IPENCAP-19h packet-mark=ipencap parent=PRIO8-19h priority=8
 add name=IPIP-19h packet-mark=ipip parent=PRIO8-19h priority=8
 add name=IPSEC-AH-19h packet-mark=ipsec-ah parent=PRIO8-19h priority=8
 add name=IPSEC-ESP-19h packet-mark=ipsec-esp parent=PRIO8-19h priority=8

Scripts for changing Queue Tree at different times of day

We have some very useful scripts that change the Queue Tree at different times of the day. At 19h it will start to check the average rate of PRIO8 Queue and if it's below 20 Mbit/s it will disable it and enable PRIO8-19h what will guarantee 22Mbit/s for that kind of traffic. The other script will check the average rate of the OVERALL Queue and if the rate is below 510 Mbit/s it will disable PRIO8-19h and enable PRIO8 since there will be more than 22 MBit/s available:
/system script
add name=Day source="/queue tree enable PRIO8; /queue tree disable PRIO8-19h; 
/system scheduler disable Night; /system scheduler disable Overall-Night"
add name=Night source=":global checkrate [/queue tree get PRIO8 rate]\r\ 
\n:local rate 20000000\r\ \n\r\ \n:if  ( \$checkrate < \$rate ) do={\r\ \n     
/queue tree enable PRIO8-19h; /queue tree disable PRIO8\r\ \n}\r\ \n\r\ 
\n:if  ( \$checkrate > \$rate ) do={\r\ \n     /queue tree enable PRIO8; 
/queue tree disable PRIO8-19h\r\ \n}"
add name=Enable-Night source= "system scheduler enable Night; 
/system scheduler enable Overall-Night"
add name=Overall-Night source=":global checkrate 
[/queue tree get OVERALL rate]\r\ \n:local rate 510000000\r\ \n\r\ \n:if  
( \$checkrate < \$rate ) do={\r\ \n     /queue tree enable PRIO8; 
/queue tree disable PRIO8-19h\r\ \n}\r\ \n"
And the schedules that activate the scripts:
/system scheduler
add interval=1d name=Day on-event=Day start-time=01:00:00
add disabled=yes interval=15m name=Night on-event=Night start-time=19:00:00
add interval=1d name=Enable-Night on-event=Enable-Night start-time=18:55:00
add disabled=yes interval=15m name=Overall-Night on-event=Overall-Night start-time=19:10:00
0 comments
Subscribe to: Posts (Atom)