Forum Thread: Mikrotik - Part Four [UnderTaker - QoS]by : Mohamed Ahmed.

In this fourth installment of the Mikrotik series for nullbyte, I will cover configurations to understand why a QoS, set days and hours to navigate as well as block or slow down navigation.

Working with the Firewall in most of its features.

The configuration is adapted to a requested solution, the reader / enthusiast / administrator must prepare a plan before starting with QoS , some considerations and questions to be asked are:

  • Which protocols are the main ones for the use of the site?
  • SSH / FTP / HTTP / POP3 / SMTP / DNS / RDP
  • Which are the priorities?
  • Should downloads be restricted?
  • Should they be able to connect from outside the company?
  • Are VPN or PTP links to be prioritized?

The plan to be elaborated is something that should be considered as a priority. After exhausting all the questions and situations, proceed to make the necessary configurations.

After that stage, proceed to show the final result of the configurations with example scripts.

QoS - Configurations and Results
The following image is intended to show the parameterization work.

You must establish a PCQ-DOWN with the total bandwidth assigned by the ISP (or estimated) where:

  • Kind = PCQ (Mikrotik's own algorithm for glues)
  • Rate = Maximum download speed
  • Classifier = Dst. Address

You must establish a PCQ-UP with the total bandwidth assigned by the ISP (or estimated) where:

  • Kind = PCQ (Mikrotik's own algorithm for glues)
  • Rate = Maximum upload speed
  • Classifier = Src. Address

When setting a queue type using PCQ, you must take special care because in the next configurations you will use these parameters.

Then, you must proceed to configure and set the parameters in Firewall -> Mangle the following image shows as it will be with the corresponding code.

Usually first the connection is marked then the package, depends the service and performance that you want to offer since there are protocols that is best left out of a QoS

Code:
ip firewall mangle
add action = mark-packet chain = output comment = ":: DNS" connection-state = new \
dst-port = 53 new-packet-mark = DNS_PACKET out-interface = pppoe-out1 protocol =
udp
add action = mark-packet chain = output dst-port = 53 new-packet-mark = dns-tcp \
out-interface = pppoe-out1 protocol = tcp
add action = mark-connection chain = forward comment = "PPTP - VPN"
connection-state = new dst-port = 1723 new-connection-mark = PPTP protocol = tcp \
src-address = "LAN segment in the form x.y.z.r / mask in bits"
add action = mark-packet chain = forward connection-mark = PPTP new-packet-mark =
pptp-tcp passthrough = no
add action = mark-connection chain = forward connection-state = new \
new-connection-mark = PPTP-gre protocol = gre src-address = "LAN segment in the form x.y.z.r / mask in bits"
add action = mark-packet chain = forward connection-mark = PPTP-gre \
new-packet-mark = Pptp-Up passthrough = no
add action = mark-connection chain = forward comment = "E-mails"
connection-state = new dst-port = 25,110,143,465,993,995 new-connection-mark =
CORREO protocol = tcp src-address = "LAN segment in the form x.y.z.r / mask in bits"
add action = mark-packet chain = forward connection-mark = MAIL new-packet-mark = \
PKT-mail passthrough = no
add action = mark-connection chain = forward comment = ":: FTP" connection-state =
new dst-port = 21 new-connection-mark = FTP protocol = tcp src-address =
"LAN segment in the form x.y.z.r / mask in bits"
add action = mark-packet chain = forward connection-mark = FTP new-packet-mark =
Ftp-PKT passthrough = no
add action = mark-connection chain = forward comment = RDP connection-state = new \
dst-port = 3389 new-connection-mark = RDP protocol = tcp
add action = mark-packet chain = forward connection-mark = RDP new-packet-mark =
Rdp-PKT passthrough = no
add action = mark-connection chain = forward comment = RTSP connection-state = new \
dst-port = 554 new-connection-mark = rtsp protocol = tcp
add action = mark-packet chain = forward connection-mark = rtsp new-packet-mark =
Rtsp-PKT passthrough = no
add action = mark-connection chain = prerouting comment = "Web Proxy" dst-port = 80 \
new-connection-mark = webproxy protocol = tcp src-address = "LAN segment in the form x.y.z.r / mask in bits"
add action = mark-packet chain = prerouting connection-mark = webproxy \
new-packet-mark = webproxy-pkt passthrough = no
add action = mark-connection chain = forward comment = "HTTP connection"
connection-state = new dst-port = 443,8080 new-connection-mark = Web protocol =
tcp src-address = "LAN segment in the form x.y.z.r / mask in bits"
add action = mark-connection chain = forward connection-state = new dst-port =
443,8080 new-connection-mark = WEB-UDP protocol = udp src-address =
"LAN segment in the form x.y.z.r / mask in bits"
add action = mark-packet chain = forward comment = WEB connection-mark = Web \
new-packet-mark = Web-PKT passthrough = no
add action = mark-packet chain = forward connection-mark = WEB-UDP new-packet-mark =
WEB-UDP-PKT passthrough = no
add action = mark-connection chain = forward comment = WhatsApp connection-state =
new dst-port = 5222,5228 new-connection-mark = WHATSAPP protocol = tcp \
src-address = "LAN segment in the form x.y.z.r / mask in bits"
add action = mark-packet chain = forward connection-mark = WHATSAPP \
new-packet-mark = Ws-pkt passthrough = no
add action = mark-connection chain = forward comment = Other connection-state = new \
new-connection-mark = Other protocol = tcp src-address = "LAN segment in the form x.y.z.r / mask in bits"
add action = mark-connection chain = forward connection-state = new \
new-connection-mark = OTROS-UDP protocol = udp src-address = "LAN segment in the form x.y.z.r / mask in bits"
add action = mark-packet chain = forward connection-mark = Other new-packet-mark =
Other-PKT passthrough = no
add action = mark-packet chain = forward connection-mark = OTROS-UDP \
new-packet-mark = OTROS-UDP-PKT passthrough = no
add action = mark-connection chain = forward comment = "ALL P2P" \
new-connection-mark = P2P_ p2p = all-p2p protocol = tcp src-address =
"LAN segment in the form x.y.z.r / mask in bits"
add action = mark-packet chain = forward connection-mark = P2P_ new-packet-mark =
p2p-PKT passthrough = no
=========================================================================================
The SRC-ADDRESS go without double quotes, only the segment with its corresponding mask in bits

Next, you must go to Queue -> Queue Tree the following image shows the final result and below the corresponding script.

Code:

queue tree
add name = Download parent = Eth2-Wan priority = 1 queue = pcq-DOWN
add name = Upload parent = Eth1-WAN priority = 1 queue = pcq-UP
add name = "P-Web-Down-pages" parent = Download priority = 5 queue = default
add name = D-mail packet-mark = PKT-mail parent = Download priority = 1 queue =
pcq-down
add name = Browse-D packet-mark = Web-PKT parent = "Web-Down-pages" queue =
pcq-down
add name = Rdp-D packet-mark = Rdp-PKT parent = Download priority = 2 queue = pcq-DOWN
add name = Other-D packet-mark = Other-PKT parent = Download queue = pcq-DOWN
add name = Ftp-D packet-mark = Ftp-PKT parent = Download priority = 2 queue = pcq-DOWN
add name = pptp-D packet-mark = Pptp-Down parent = Download priority = 3 queue =
pcq-down
add limit-at = 1024k max-limit = 1040k name = p2p-Down packet-mark = p2p-PKT parent =
Download queue = pcq-DOWN
add name = "P \ e-Web-Up" parent = Upload priority = 5 queue = default
add limit-at = 400k max-limit = 500k name = Browse-U packet-mark = Web-PKT parent =
"Web Pages-Up" queue = pcq-UP
add name = U-mail packet-mark = PKT-mail parent = Upload priority = 1 queue =
pcq-UP
add name = Other-U packet-mark = Other-PKT parent = Upload queue = pcq-UP
add limit-at = 412k max-limit = 512k name = Ftp-Up packet-mark = Ftp-PKT parent =
Upload priority = 2 queue = pcq-UP
add name = Rdp-U packet-mark = Rdp-PKT parent = Upload priority = 2 queue = pcq-UP
add name = pptp-up packet-mark = Pptp-Up parent = Upload priority = 3 queue = pcq-UP
add name = Rtsp-Down packet-mark = Rtsp-PKT parent = Download priority = 4 queue =
pcq-down
add name = Rtsp-Up packet-mark = Rtsp-PKT parent = Upload priority = 4 queue = pcq-UP
add-name = Browser-Udp packet-mark = WEB-UDP-PKT parent = "P \
priority = 5 queue = pcq-DOWN
add-name = Browser-Udp-D packet-mark = WEB-UDP-PKT parent = "P \
priority = 4 queue = pcq-UP
=======================================================================================
These configurations allow the establishment of a QoS plan through the prioritization of protocols.

The following image shows the connections established from the inside of the network and informs the brands of packages that are being used.

In previous deliveries, we have seen that the parameterizations allow to establish time bands to work, exemplifying:

  • From 08:00 to 12:00 -> Maximum Speed ??Download / Upload
  • From 12:01 to 13:00 -> Average download / upload speed
  • From 13:01 to 17:59 -> Maximum download / upload speed
  • From 18:00 to 07:50 -> Minimum download / upload speed

The following image and corresponding code are the example.

Code:
/ simple queue
add comment = "SCHEDULE 01:00 to 07:59" max-limit = 10k / 10k name =
"LAN segment in the form x.y.z.r / mask in bits" time = \
1s-7h59m, mon, tue, wed, thu, fri
add comment = "SCHEDULE 08:00 to 13:00" limit-at = 400k / 5M max-limit = 512k / 7M \
name = Work Schedule priority = 4/4 queue = pcq-UP / pcq-DOWN target = \
"LAN segment in the form x.y.z.r / mask in bits" time = 8h-13h, mon, tue, wed, thu, fri total-queue = default
add comment = "SCHEDULE 12:01 to 13:59" max-limit = 10k / 10k name =
"SCHEDULE Half Day" parent = Schedule-Labor-4 priority = 4/4 queue =
pcq-UP / pcq-DOWN target = "LAN segment in the form x.y.z.r / mask in bits" time = \
12h1m-13h59m59s, mon, tue, wed, thu, fri
add comment = "SCHEDULE 14:00 to 18:00" limit-at = 400k / 5M max-limit = 512k / 7M \
name = Work-time2 priority = 4/4 queue = pcq-UP / pcq-DOWN target = \
"LAN segment in the form x.y.z.r / mask in bits" time = 14h-18h, mon, tue, wed, thu, fri total-queue = default
add comment = "SCHEDULE 18:01 to 00:00" max-limit = 512k / 1M name =
"LAN segment in the form x.y.z.r / mask in bits" time = \
18h30m-23h59m, mon, tue, wed, thu, fri total-queue = default
=========================================================================================

1 Response

Salam Sir, How to use this code with PCC?

I have loadbalanced three wan connections using PCC and I want something the like shown in image below. Sir can you please give a sample example script for that?

Share Your Thoughts

  • Hot
  • Results