QOS with Mikrotik (HaK)




QOS With Mikrotik

Following are few scenarios for some examples : I will add more soon,

1# Allowing specific extension Low Priority over other traffic

In this example we are marking traffic via mangle rules. .iso extension is marked as low priority traffic , and all other traffic is marked as hi priority traffic.
For example We have 256kb internet bandwidth in total. and we want that when users are downloading any .iso file, it gets low priority over other traffic i.e browsing etc. Use the following.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
/ip firewall mangle
add action=mark-connection chain=postrouting comment="Mark Conn for .iso Ext" content=iso disabled=no new-connection-mark=iso-conn passthrough=yes
add action=mark-packet chain=postrouting comment="Mark Pkts for iso-conn Ext" connection-mark=iso-conn disabled=no new-packet-mark=lo-prio-traffic-pkts passthrough=no
add action=mark-connection chain=postrouting comment="Mark Conn for all other traffic" content=!iso disabled=no new-connection-mark=hi-prio-traffic-conn passthrough=yes
add action=mark-packet chain=postrouting comment="Mark Pkts for all other traffic" connection-mark=hi-prio-traffic-conn disabled=no new-packet-mark=hi-prio-traffic-pkts passthrough=no
/queue simple add name=wan_conn_limit interface=ether1 max-limit=256k/256k
/queue simple add name=hi-prio-traffic interface=ether1 parent=wan_conn_limit packet-marks=hi-prio-traffic-pkts priority=1
/queue simple add name=lo-prio-traffic packet-marks=lo-prio-traffic-pkts interface=ether1 parent=wan_conn_limit priority=8

1# Allowing Specific File Extensions High / Limited / Unlimited Bandwidth

For example, You have a network and every user have there bandwidth limited at 256kb. Now you want that if a user is downloading .FLV video file , He can view/download it atunlimited speed regardless of his allowed speed limit, i.e 256kb package, Use the following.
First mark all packets with .flv extention.
1
2
3
4
/ip firewall mangle
add action=mark-connection chain=postrouting comment="Mark Conn for .flv Ext" content=flv disabled=no new-connection-mark=flv-conn passthrough=yes
add action=mark-packet chain=postrouting comment="Mark Pkts for flv-conn Ext" connection-mark=flv-conn disabled=no new-packet-mark=flv passthrough=no
Now Create a Queue Tree and Set Unlimited or Limited Bandwidth (OR As per your requirements if you want to allot specific amount, set it) to Marked Packets
1
2
/queue tree
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=100M max-limit=100M name=Unlimited-Speed-4-Marked-Pkts packet-mark=flv parent=global-out priority=1 queue=defaul
You can use the same in reverse to limit specific extension type bandwidth usage.

2# Allowing Specific Ports High Priority over other traffic

First we need to mark protocols. (In this example we are using SMTP port 25 )
1
2
/ip firewall mangle add chain=prerouting protocol=tcp port=25 connection-state=new action=mark-connection new-connection-mark=hi_prio_conn
/ip firewall mangle add chain=prerouting connection-mark=hi_prio_conn action=mark-packet new-packet-mark=hi_prio_conn_pkts
Now we will create Simple Queue and give high priority to marked packets and other packets low priority. (In this example we have 2Mb WAN connection)
1
2
3
/queue simple add name=wan_conn_limit interface=ether1 max-limit=2M/2M
/queue simple add name=prio interface=ether1 parent=wan_conn_limit packet-marks=hi_prio_conn_pkts priority=1
/queue simple add name=other interface=ether1 parent=Internet priority=8
Now SMTP traffic will get higher priority over other traffic.

3# Equal Distribution of Bandwidth for a number of users using PCQ

If you have a 512 kbps WAN connection and you want to share this equally among your users  but if only one pc is active it should have the full 512 kbps, if 2 pcs are active 256 kbps each and vise versa.
As shown in the image below . . .

Use the following:
1
2
3
4
/queue type add name="PCQ_download" kind=pcq pcq-rate=512k pcq-classifier=dst-address
/queue type add name="PCQ_upload" kind=pcq pcq-rate=512k pcq-classifier=src-address
/queue simple add queue=PCQ_upload/PCQ_download target-addresses=192.168.2.0/24

4# Limiting Single User Bandwidth via Simple QUEUE (Lookout for order number)

1
/queue simple add name="Limiting to 256kb" target-addresses=192.168.2.6 max-limit=256k/256k

Comments

Post a Comment

Popular posts from this blog

Mikrotik Webproxy with PCC

Image
Usually when you enable web proxy on pcc, it wont work. To make it work you have to mark web proxy connection in output chain, and exclude port 80 traffic from pre-routing PCC rules. Example is as below. (I assume you have dual wan pcc already configured and in running state Add following rules (Output chain) /ip firewall mangle add action=mark-connection chain=output comment=”Marking Web Proxy Connection for WAN-1″ disabled=no dst-port=80 new-connection-mark=WAN1_conn passthrough=yes per-connection-classifier=\    both-addresses-and-ports:2/0 protocol=tcp     both-addresses-and-ports:2/1 protocol=tcp     per-connection-classifier=both-addresses-and-ports:2/0 protocol=tcp add action=mark-connection chain=prerouting comment=”Excluding Port 80 from PCC – WAN2″ disabled=no dst-address-type=!local  dst-port=!80  in-interface=LAN new-connection-mark=WAN2_conn passthrough=yes \     per-connection-classifier=both-addresses-and-ports:2/1 protocol=tcp     max-server-connections=600 p
Read more

Dual Wan Load balacing with failover mikrotik

Introduction Let us suppose that we have two WAN links, and we want  load balance the two WAN links  and do a fail-over if one of the WAN links fails ( eg: traffic redirected to the link which is up ) . the problem is to monitor, whether the Internet is accessible through each of them. The problem can be everywhere. If your VPN cannot connect – then there’s no problem, your default route with gateway=that-vpn-connection will be inactive. If your ADSL modem is down – then check-gateway=ping is on stage, and no problem again. But what if your modem is up, and telephone line is down? Or one of your ISP has a problem inside it, so traceroute shows only a few hops – and then stops… Some people use NetWatch tool to monitor remote locations. Others use scripts to periodically ping remote hosts. And then disable routes or in some other way change the behaviour of routing. But RouterOS facilities allow us to use only /ip routes to do such checking – no scripting and netwatch at al
Read more

Configure Static IP Address (CLI) on Ubuntu 18.04.5 LTS

 goto: sudo nano /etc/netplan/01-netcfg.yaml Sample Config: # This file describes the network interfaces available on your system # For more information, see netplan(5). network:   version: 2   renderer: networkd   ethernets:         ens160:             dhcp4: no             addresses: ['192.168.1.26/24']             gateway4: 192.168.1.1             nameservers:                 addresses: [8.8.8.8, 8.8.4.4]                 search: [hak786.blogspot.com] sudo netplan apply
Read more