Mikrotik Transparent Traffic Shaper

Mikrotik Guide

PDF generated using the open source mwlib toolkit. See http://code.pediapress.com/ for more information. PDF generated at: Wed, 29 Aug 2012 13:52:04 UTC

Contents Articles TransparentTrafficShaper

1

Manual:Queues - PCQ Examples

3

References Article Sources and Contributors

6

Image Sources, Licenses and Contributors

7

TransparentTrafficShaper

TransparentTrafficShaper Introduction This example shows how to configure a transparent traffic shaper. The transparent traffic shaper is essentially a bridge that is able to differentiate and prioritize traffic that passes through it. Consider the following network layout:

We will configure one queue limiting the total throughput to the client and three sub-queues that limit HTTP, P2P and all other traffic separately.

Quick Start for Impatient Configuration snippet from the MikroTik router: / interface bridge add name="bridge1" / interface bridge port add interface=ether2 bridge=bridge1 add interface=ether3 bridge=bridge1 / interface bridge settings set use-ip-firewall=yes

/ ip firewall mangle add chain=prerouting protocol=tcp dst-port=80 action=mark-connection \ new-connection-mark=http_conn passthrough=yes add chain=prerouting connection-mark=http_conn action=mark-packet \ new-packet-mark=http passthrough=no add chain=prerouting p2p=all-p2p action=mark-connection \ new-connection-mark=p2p_conn passthrough=yes add chain=prerouting connection-mark=p2p_conn action=mark-packet \ new-packet-mark=p2p passthrough=no add chain=prerouting action=mark-connection new-connection-mark=other_conn \

1

TransparentTrafficShaper

passthrough=yes add chain=prerouting connection-mark=other_conn action=mark-packet \ new-packet-mark=other passthrough=no

/ queue simple add name="main" target-addresses=10.0.0.12/32 max-limit=256000/512000 add name="http" parent=main packet-marks=http max-limit=240000/500000 priority=1 add name="p2p" parent=main packet-marks=p2p max-limit=64000/64000 priority=8 add name="other" parent=main packet-marks=other max-limit=128000/128000 priority=4

Explanation Each piece of code is followed by the explanation of what it actually does.

Bridge / interface bridge add name="bridge1" name="bridge1" / interface bridge port add interface=ether2 interface=ether2 bridge=bridge1 bridge=bridge1 add interface=ether3 interface=ether3 bridge=bridge1 bridge=bridge1

We create a new bridge interface and assign two ethernet interfaces to it. Thus the prospective traffic shaper will be completely transparent to the client.

V3 / interface bridge settings set use-ip-firewall=yes use-ip-firewall=yes

Bridged packets behavior is changed on RouterOS v3. Use command to make bridged packets go trough 'ip firewall', by default bridged traffic is not going over 'ip firewall'.

Mangle / ip firewall mangle add chain=prerouting protocol=tcp dst-port=80 action=mark-connection \ new-connection-mark=http_conn passthrough=yes add chain=prerouting connection-mark=http_conn action=mark-packet \ new-packet-mark=http passthrough=no

All traffic destined to TCP port 80 is likely to be HTTP traffic and therefore is being marked with the packet mark  http. http. Note, that the first rule has passthrough=yes while the second one has passthrough=no. passthrough=no . (You can obtain additional information about mangle at http:/   / www.mikrotik. www.mikrotik.com/  com/ docs/  docs/ ros/  ros/ 2.9/  2.9/ ip/  ip/ mangle) mangle) / ip firewall mangle add chain=prerouting p2p=all-p2p action=mark-connection \ new-connection-mark=p2p_conn passthrough=yes add chain=prerouting connection-mark=p2p_conn action=mark-packet \ new-packet-mark=p2p passthrough=no add chain=prerouting action=mark-connection new-connection-mark=other_conn \ passthrough=yes

2

TransparentTrafficShaper

add chain=prerouting connection-mark=other_conn action=mark-packet \ new-packet-mark=other passthrough=no

Same as above, P2P traffic is marked with the packet mark  mark p2p p2p and all other traffic is marked with the packet mark  other. other.

Queues / queue simple add name="main" target-addresses=10.0.0.12/32 max-limit=256000/512000

We create a queue that limits all the traffic going to/from the client (specified by the target-address ) to 256k/512k. / queue simple add name="http" parent=main packet-marks=http max-limit=240000/500000 priority=1 add name="p2p" parent=main packet-marks=p2p max-limit=64000/64000 priority=8 add name="other" parent=main packet-marks=other max-limit=128000/128000 priority=4

All sub-queues have the main queue as the parent, thus the aggregate data rate could not exceed limits specified in the main queue. Note, that http queue has higher priority than other queues, meaning that HTTP downloads are prioritized.

Manual:Queues - PCQ Examples Per Connection Queue (PCQ) is a queuing discipline that can be used to dynamically equalize or shape traffic for multiple users, using little administration. It is possible to divide PCQ scenarios into three major groups: equal bandwidth for a number of users, certain bandwidth equal distribution between users, unknown bandwidth equal distribution between users.

Equal Bandwidth for a Number of Users Use PCQ type queue when you need to equalize the bandwidth [and set max limit] for a number of users. We will set the 64kbps download and 32kbps upload limits.

3

Manual:Queues - PCQ Examples

4

There are two ways how to make this: using mangle and queue trees, or, using simple queues. 1. Mark all packets with packet-marks upload/download: (lets constider that ether1-LAN is public interface to the Internet and ether2-LAN is local interface where clients are connected /ip firewall mangle add chain=prerouting action=mark-packet \ in-interface=ether1-LAN

new-packet-mark=client_upload

/ip firewall mangle add chain=prerouting action=mark-packet \ in-interface=ether2-WAN

new-packet-mark=client_download

2. Setup two PCQ queue types - one for download and one for upload.

dst-address

is classifier for user's download

traffic, src-address for upload traffic: /queue type add name="PCQ_download" kind=pcq pcq-rate=64000 pcq-classifier=dst-address /queue type add name="PCQ_upload" kind=pcq pcq-rate=32000 pcq-classifier=src-address

3. Finally, two queue rules are required, one for download and one for upload: /queue tree add parent=global-in queue=PCQ_download packet-mark=client_download /queue tree add parent=global-out queue=PCQ_upload packet-mark=client_upload

If you don't like using mangle and queue trees, you can skip step 1, do step 2, and step 3 would be to create one simple queue as shown here: /queue simple add target-addresses=192.168.0.0/24 queue=PCQ_upload/PCQ_download \ packet-marks=client_download,client_upload

Manual:Queues - PCQ Examples

Note: More information about certain and unknown Distribution between routers can be found in PCQ manual.

See Also • PCQ

5

Article Sources and Contributors

6

Article Sources and Contributors TransparentTrafficShaper

Source:

Manual:Queues - PCQ Examples

http://wiki.mikrotik.com/index http://wiki.mikrotik.com/index.php?oldid=12912 .php?oldid=12912

Source:

Contributors: Eep, Eugene, JbnUpa, Megis, Normis,

http://wiki.mikrotik.com/index http://wiki.mikrotik.com/index.php?oldid=23527 .php?oldid=23527

SergejsB, Steveee

Contributors: Eep, Janisk, Marisb, Megis, Normis,

Rieks, SergejsB, Wiki1981

Image Sources, Licenses and Contributors

7

Image Sources, Licenses and Contributors Image:Transparent-shaper.png Image:PCQ.png

Source:

Image:Icon-note.png

Source:

http://wiki.mikrotik.com/index http://wiki.mikrotik.com/index.php?title=Fi .php?title=File:Transparent-sha le:Transparent-shaper.png per.png  License: unknown

http://wiki.mikrotik.com/index. http://wiki.mikrotik.com/index.php?title=File php?title=File:PCQ.png :PCQ.png  License: unknown

Source:

Contributors: Eugene

Contributors: SergejsB

http://wiki.mikrotik.com/index.p http://wiki.mikrotik.com/index.php?title=File hp?title=File:Icon-note.png :Icon-note.png  License: unknown

Contributors: Marisb, Route