Friday, 28 March 2014

Complete Queue Tree for Dynamic and Static IP

If we have a large number of clients, of course, the complete queue tree on each client IP would be very long. it is certainly going to take a lot of resources of the mikrotik router which makes the bandwidth management system becomes very complex and making hard for the router system. It will be depends on mikrotik router ability itself to regulate all traffic flow that would be very complex. And for those of you who want to apply the the previous method on your internet network that using hotspot with dynamic Ip address, certainly can not be done by the client ip address.

This is the combining of PCQ (Per Connection Queue) on queue type with the priority, limit-at and max-limit of the queue tree, which allows us to make the complete queue tree with the kind of connection packets that will be distributed to all IP address that used clients to access the internet from as our network. The implementing of this method is not just for dynamic ip address such a hotspot, but still can be used for static IP address clients without having to know the IP address of each client that connected. So it doesn't require to make a new queue tree rule if sometimes you make change the ip address of your client. One unite of the hierarchy of queue tree rules of each kind of connection packets is for all of your client that you have on your network.

As the previous method we will make the connection packets based on public and local interface name. It is free to use chain=prerouting or chain=forward as you like. The most important thing, you have to understand the the concept of QOS packets flow to separate and make the certain connection packets that would be set on the queue tree rules. We will limit the bandwidth for each kind connection packets using PCQ on queue type.

1. Separate or make the kind of connection packets that will be set later on the queue tree from queue type limit. Here we simply to make the kind of connection packets that you think important, don't separate it per ip address. For more details you can see how I make it through with mangle  and layer 7 protocol script below! you can add by yourself the certain connection packets else if you need.

/ip firewall mangle
add action=mark-packet chain=forward layer7-protocol=high new-packet-mark=dpkt packet-mark=all-outpkt passthrough=no comment="CLIENT DOWNLOAD"
add action=mark-packet chain=forward layer7-protocol=document new-packet-mark=dpkt packet-mark=all-outpkt passthrough=no comment=""
 
/ip firewall mangle
add action=mark-packet chain=forward layer7-protocol=youtube new-packet-mark=spkt packet-mark=all-outpkt passthrough=no comment="CLIENT VIDEO"
add action=mark-packet chain=forward layer7-protocol=streaming new-packet-mark=spkt packet-mark=all-outpkt passthrough=no comment=""
 
/ip firewall mangle
add action=mark-packet chain=forward packet-mark=all-outpkt new-packet-mark=gpkt passthrough=yes protocol=tcp dst-port=5340-5352,6000-6152,10001-10011,14009-14030,18901-18909 comment="CLIENT ONLINE GAMES"
add action=mark-packet chain=forward packet-mark=all-outpkt new-packet-mark=gpkt passthrough=yes protocol=tcp dst-port=39190,27780,29000,22100,10009,4300,15001,15002,7341,7451
add action=mark-packet chain=forward packet-mark=all-outpkt new-packet-mark=gpkt passthrough=yes protocol=tcp dst-port=40000,9300,9400,9700,7342,8005-8010,37466,36567,8822
add action=mark-packet chain=forward packet-mark=all-outpkt new-packet-mark=gpkt passthrough=yes protocol=tcp dst-port=47611,16666,20000,5105,29000,18901-18909,9015
add action=mark-packet chain=forward packet-mark=all-outpkt new-packet-mark=gpkt passthrough=yes protocol=udp dst-port=27005,27015
add action=mark-packet chain=forward packet-mark=all-outpkt new-packet-mark=gpkt passthrough=yes protocol=udp dst-port=27005-27020,13055,7800-7900,12060-12070
add action=mark-packet chain=forward packet-mark=all-outpkt new-packet-mark=gpkt passthrough=yes protocol=udp dst-port=8005-8010,9068,1293,1479,9401,9600,30000
add action=mark-packet chain=forward packet-mark=all-outpkt new-packet-mark=gpkt passthrough=yes protocol=udp dst-port=14009-14030,42051-42052,40000-40050,13000-13080
 
/ip firewall mangle
add action=mark-packet chain=forward connection-bytes=0-1000000 src-port=80,443 passthrough=no new-packet-mark=bpkt packet-mark=all-outpkt protocol=tcp comment="CLIENT BROWSING"
 
/ip firewall layer7-protocol
add comment="BIT TORENT" name=bittorrent regexp="^(\13bittorrent protocol|azver1\$|get /scrape\\\\?info_hash=)|d1:ad2:id20:|8’7P\\)[RP]"
add comment="TORRENT WEBSITES" name=torrentsites regexp="^.*(get|GET).+(torrent|thepiratebay|isohunt|entertane|demonoid|btjunkie|mininova|flixflux|torrentz|vertor|h33t|btscene|bitunity|bittoxic|thunderbytes|entertane|zoozle|vcdq|bitnova|bitsoup|meganova|fulldls|btbot|flixflux|seedpeer|fenopy|gpirate|commonbits).*\$"
 
/ip firewall mangle
add action=mark-packet chain=forward layer7-protocol=bittorrent new-packet-mark=tpkt packet-mark=all-outpkt passthrough=no comment="BILLING BIT TORRENT"
add action=mark-packet chain=forward layer7-protocol=torrentsites new-packet-mark=tpkt packet-mark=all-outpkt passthrough=no comment="BILLING TORRENT WEBSITES"
add action=mark-packet chain=forward p2p=all-p2p new-packet-mark=tpkt packet-mark=all-outpkt passthrough=no comment="BILLING ALLP2P"
add action=mark-packet chain=forward dst-port=58561,58045,14948,58008,58816,59097 new-packet-mark=tpkt packet-mark=all-outpkt passthrough=no protocol=tcp comment="BILLING TORRENT PORT"


This script is much simpler than previous method to make the kind of connection packets per client. It is clear doesn't spend a lot of resources of your mikrotik router. You can expand by yourself to make kind of connection packets that you want.

2. Make and set bandwidth limits of PCQ of the queue type. PCQ will try to divide bandwidth equally for all clients with maximum limit rate that will be given to the certain connection packets to all clients that use the internet connections. So we will give the limit rate on each connection packets. The queue type script like this!

/queue type
add name=pcq_upstream kind=pcq pcq-rate=256k pcq-classifier=src-address
add name=pcq_downstream kind=pcq pcq-rate=512k pcq-classifier=dst-address
add name=pcq_game kind=pcq pcq-rate=256k pcq-classifier=dst-address
add name=pcq_browsing kind=pcq pcq-rate=256k pcq-classifier=dst-address
add name=pcq_download kind=pcq pcq-rate=256k pcq-classifier=dst-address
add name=pcq_undefined kind=pcq pcq-rate=180k pcq-classifier=dst-address
add name=pcq_extensions kind=pcq pcq-rate=180k pcq-classifier=dst-address
add name=pcq_video kind=pcq pcq-rate=200k pcq-classifier=dst-address
add name=pcq_p2ptorrent kind=pcq pcq-rate=150k pcq-classifier=dst-address


You just need to set the value of the pcq-rate on queue types for each kind connection packets that we will inserted into the queue tree rules. You are free to give the name which will be taken to the setup queue tree.

The value of pcq-rate will determine the maximum bandwidth limit that will given to the clients that used the certain connection packets if the spare bandwidth still available to all clients equally.

3. Make the complete kind of connection packets queue tree rules in which we will manage the bandwidth limit further based on priority, limit-at and max-limit for all clients that use a certain kind of connection packets. The kind of connection packets will be prioritize to the certain interests as you please. In this case I forward the kind of connection packets of online games and browsing that are not consuming a lot of bandwidth. Ok you can see the scripts of queue tree rules below!


/queue tree
add name=a.Upstream parent=global-in queue=pcq_upstream packet-mark=all-inpkt priority=8 max-limit=2M
add name=b.Downstream parent=global-out queue=pcq_downstream packet-mark=all-outpkt priority=8 max-limit=2M
add name=1.Games parent=b.Downstream queue=pcq_game packet-mark=gpkt priority=1 limit-at=125k max-limit=512k
add name=2.Browsing parent=b.Downstream queue=pcq_browsing packet-mark=bpkt priority=2 limit-at=125k max-limit=512k
add name=3.Download parent=b.Downstream queue=pcq_download packet-mark=all-outpkt priority=3 limit-at=125k max-limit=512k
add name=3.1.Undefined parent=3.Download queue=pcq_undefined packet-mark=all-outpkt priority=4 limit-at=75k max-limit=320k
add name=3.2.Extensions parent=3.Download queue=pcq_extensions packet-mark=dpkt priority=5 limit-at=75k max-limit=320k
add name=3.3.Video parent=3.Download queue=pcq_video packet-mark=spkt priority=6 limit-at=75k max-limit=320k
add name=3.4.P2P&Torrent parent=3.Download queue=pcq_p2ptorrent packet-mark=tpkt priority=7 limit-at=75k max-limit=32

Still using the previous hierarchy of queue tree rules. Once you insert the scripts above to the terminal console of your winbox, you see can see the result as shown below!


Your understanding of HTB (Hierarchical Token Bucket) on Mikrotik RouterOS QoS is needed to make the priority of the connection packets works as you expected. This is most determined by the value of "limit-at" and "max-limit" that used on the hierarchy of the queue tree rules. Note that this is a as the unit hierarchy of the queue tree rules for all clients that using a certain connection packets. Max-limit will maintain the total limit of a certain connection packets usage as a whole. Furthermore, granting priority value, limit-at will determine the priority of the seizure bandwidth of the kind connection packets on queue tree.

Note:
  • Max-limit is the bandwidth maximum of certain connection packets that used by clients
  • Max-limit of each queue tree child should not be more than max-limit parent
  • The total limit-at of all queue tree childs should not be more than max-limit parent
  • Priority of the connection packets will only work if on the rule of two setup above.
Next please practice it yourself, as far as I observe now the satisfaction of the clients more determined by the stability of the Internet connection that provided by your ISP to give the bandwidth.

No comments:

Post a Comment