sip reload
core restart now
grep -i asterisk /etc/passwd|cut -d: -f3 1001
I would like to note that usually voice traffic is “painted” with two DSCP values: CS5 (CS3 in the case of Cisco) for signaling and EF for RTP traffic. Of course, in your example, this is not critical, since your main point in the configuration is to distinguish voice traffic from the rest. Anyway, there will be no further prioritization of the DSCP field on the Internet.
tools.ietf.org/html/rfc4594#section-2.3
www.cisco.com/c/en/us/td/docs/solutions/Enterprise/WAN_and_MAN/QoS_SRND/QoS-SRND-Book/QoSIntro.html#pgfId-46256
iptables -I OUTPUT 1 -t mangle -m owner --uid-owner 1001 -j DSCP --set-dscp 40
And why put a DSCP tag through Iptables, if it can be done through sip.conf:
tos_sip = cs3; Sets TOS for SIP packets.
tos_audio = ef; Sets TOS for RTP audio packets.
tos_video = af41; Sets TOS for RTP video packets.
/ip fm exp # nov/26/2015 17:09:20 by RouterOS 6.21.1 # software id = 5QIF-MH9A # /ip firewall mangle add action=mark-packet chain=forward new-packet-mark=def_out src-address=192.168.5.0/24 add action=mark-packet chain=forward new-packet-mark=def_out src-address=192.168.6.0/24 add action=mark-packet chain=forward dst-address=192.168.5.0/24 new-packet-mark=def_in add action=mark-packet chain=forward dst-address=192.168.6.0/24 new-packet-mark=def_in add action=mark-packet chain=forward dscp=40 new-packet-mark=voip_out src-address=192.168.7.10 add action=mark-packet chain=forward dscp=40 dst-address=192.168.7.10 new-packet-mark=voip_in
/queue tree export # nov/26/2015 17:09:27 by RouterOS 6.21.1 # software id = 5QIF-MH9A # /queue tree add max-limit=30M name=in parent=global add max-limit=28M name=def-in packet-mark=def_in parent=in add limit-at=1M max-limit=2M name=voip-in packet-mark=voip_in parent=in priority=1 add max-limit=30M name=out parent=global add max-limit=28M name=def-out packet-mark=def_out parent=out add limit-at=1M max-limit=2M name=voip-out packet-mark=voip_out parent=out priority=1
[f@777777] > ip addr pr where interface=ether7 Flags: X - disabled, I - invalid, D - dynamic # ADDRESS NETWORK INTERFACE 0 46.11.6.78/30 46.11.6.76 ether7
[f@777777] > int pppoe-cl pr Flags: X - disabled, R - running 0 R name="rtk" max-mtu=auto max-mru=auto mrru=disabled interface=ether8 user="f" password="w" profile=default keepalive-timeout=60 service-name="" ac-name="" add-default-route=no dial-on-demand=no use-peer-dns=yes allow=pap,chap,mschap1,mschap2
[f@777777] > ip rpdt 0 AS comment=RTK_TABLE dst-address=0.0.0.0/0 gateway=rtk gateway-status=rtk reachable distance=1 scope=30 target-scope=10 routing-mark=RTK_mark 1 AS comment=GoodLine_TABLE dst-address=0.0.0.0/0 gateway=46.18.6.77 gateway-status=46.18.6.77 reachable via ether7 distance=1 scope=30 target-scope=10 routing-mark=GoodLine_mark 2 AS comment=MAIN_TABLE dst-address=0.0.0.0/0 gateway=46.18.6.77 gateway-status=46.18.6.77 reachable via ether7 distance=1 scope=30 target-scope=10 3 S comment=MAIN_TABLE dst-address=0.0.0.0/0 gateway=rtk gateway-status=rtk reachable distance=2 scope=30 target-scope=10 4 ADC dst-address=10.155.177.1/32 pref-src=10.155.177.13 gateway=pptp-out1 gateway-status=pptp-out1 reachable distance=0 scope=10 5 S dst-address=10.155.177.1/32 gateway=pptp-out1 gateway-status=pptp-out1 reachable distance=1 scope=30 target-scope=10 6 ADC dst-address=46.18.6.76/30 pref-src=46.18.6.78 gateway=ether7 gateway-status=ether7 reachable distance=0 scope=10 7 ADC dst-address=172.16.79.1/32 pref-src=172.16.79.251 gateway=l2tp-out1 gateway-status=l2tp-out1 reachable distance=0 scope=10 8 ADC dst-address=192.168.77.0/24 pref-src=192.168.77.1 gateway=bridge-local gateway-status=bridge-local reachable distance=0 scope=10 9 AS comment=thecall dst-address=192.168.254.0/24 gateway=172.16.79.1 gateway-status=172.16.79.1 reachable via l2tp-out1 distance=1 scope=30 target-scope=10 10 ADC dst-address=213.22.11.99/32 pref-src=217.11.15.125 gateway=rtk gateway-status=rtk reachable distance=0 scope=10
[f@777777] > ip r ru pr Flags: X - disabled, I - inactive 0 src-address=217.11.15.125/32 action=lookup table=RTK_mark 1 src-address=46.18.6.78/30 action=lookup table=GoodLine_mark 2 dst-address=192.168.77.0/24 action=lookup table=main
- :if ($PingFailCountISP1 < ($FailTreshold)) + :if ($PingFailCountISP1 < ($FailTreshold+1))
:if ([/interface get value-name=running $InterfaceISP1]) do={ /ip route add dst-address=$PingTarget gateway=$GatewayISP1 :set PingResult [ping $PingTarget count=3]
/ip route rem [find dst-address="$PingTarget" . "/32"]
:local PBXIP "192.168.77.10"
/ip firewall connection { remove [find src-address~$PBXIP] }
# ------------------- header ------------------- # Script by Tomas Kirnak, version 1.0.7 # If you use this script, or edit and # re-use it, please keep the header intact. # # For more information and details about # this script please visit the wiki page at # http://wiki.mikrotik.com/wiki/Failover_Scripting # ------------------- header ------------------- #------------------- header_1 ------------------ # FessAectan has made some changes: # - add ISPs link state checking - # - add clearing connection tracking states for selected IP - # ------------------ header_1 ------------------ # ------------- start editing here ------------- # Edit the variables below to suit your needs # Please fill the WAN interface names :local InterfaceISP1 ether7 :local InterfaceISP2 rtk # Please fill the gateway IPs (or interface names in case of PPP) :local GatewayISP1 46.18.6.77 :local GatewayISP2 rtk # Please fill the ping check host - currently: resolver1.opendns.com :local PingTarget 21.7.2.77 # Please fill how many ping failures are allowed before fail-over happends :local FailTreshold 1 # Define the distance increase of a route when it fails :local DistanceIncrease 2 # Editing the script after this point may break it # -------------- stop editing here -------------- # Declare the global variables :global PingFailCountISP1 :global PingFailCountISP2 :global InterfaceFailISP1 :global InterfaceFailISP2 # This inicializes the PingFailCount variables, in case this is the 1st time the script has ran :if ([:typeof $PingFailCountISP1] = "nothing") do={:set PingFailCountISP1 0} :if ([:typeof $PingFailCountISP2] = "nothing") do={:set PingFailCountISP2 0} # IntercaceFail variables. First time initialization. :if ([:typeof $InterfaceFailISP1] = "nothing") do={:set InterfaceFailISP1 0} :if ([:typeof $InterfaceFailISP2] = "nothing") do={:set InterfaceFailISP2 0} # This variable will be used to keep results of individual ping attempts :local PingResult # Your PBX IP :local PBXIP "192.168.77.10" # Check ISP1 :if ([/interface get value-name=running $InterfaceISP1]) do={ /ip route add dst-address=$PingTarget gateway=$GatewayISP1 :set PingResult [ping $PingTarget count=3 interface=$InterfaceISP1] :if ($PingResult = 0) do={ :if ($PingFailCountISP1 < ($FailTreshold+1)) do={ :set PingFailCountISP1 ($PingFailCountISP1 + 1)} :if ($PingFailCountISP1 = $FailTreshold) do={ :log warning "ISP1 has a problem en route to $PingTarget - increasing distance of routes." :foreach i in=[/ip route find gateway=$GatewayISP1 && static && comment=MAIN_TABLE] do=\ {/ip route set $i distance=([/ip route get $i distance] + $DistanceIncrease)} :log warning "Route distance increase finished." /ip firewall connection { remove [find src-address~$PBXIP] } } } } else={ :if ($InterfaceFailISP1 = 0) do={ :set InterfaceFailISP1 1 :log warning "ISP1 intarface link is down - clear all connections from $PBXIP" /ip firewall connection { remove [find src-address~$PBXIP] } } } :if ([/interface get value-name=running $InterfaceISP1]) do={ :if ($InterfaceFailISP1 = 1) do={ :set InterfaceFailISP1 0 :log warning "ISP1 intarface link is up - clear all connections from $PBXIP" /ip firewall connection { remove [find src-address~$PBXIP] } } } :if ($PingResult > 0) do={ :if ($PingFailCountISP1 > 0) do={ :set PingFailCountISP1 ($PingFailCountISP1 - 1) :if ($PingFailCountISP1 = ($FailTreshold -1)) do={ :log warning "ISP1 can reach $PingTarget again - bringing back original distance of routes." :foreach i in=[/ip route find gateway=$GatewayISP1 && static && comment=MAIN_TABLE] do=\ {/ip route set $i distance=([/ip route get $i distance] - $DistanceIncrease)} :log warning "Route distance decrease finished." /ip firewall connection { remove [find src-address~$PBXIP] } } } } /ip route rem [find dst-address="$PingTarget" . "/32"] # Check ISP2 :if ([/interface get value-name=running $InterfaceISP2]) do={ /ip route add dst-address=$PingTarget gateway=$GatewayISP2 :set PingResult [ping $PingTarget count=3 interface=$InterfaceISP2] :if ($PingResult = 0) do={ :if ($PingFailCountISP2 < ($FailTreshold+1)) do={ :set PingFailCountISP2 ($PingFailCountISP2 + 1)} :if ($PingFailCountISP2 = $FailTreshold) do={ :log warning "ISP2 has a problem en route to $PingTarget - increasing distance of routes." :foreach i in=[/ip route find gateway=$GatewayISP2 && static && comment=MAIN_TABLE] do=\ {/ip route set $i distance=([/ip route get $i distance] + $DistanceIncrease)} :log warning "Route distance increase finished." /ip firewall connection { remove [find src-address~$PBXIP] } } } } else={ :if ($InterfaceFailISP2 = 0) do={ :set InterfaceFailISP2 1 :log warning "ISP2 interface link is down - clear all connections from $PBXIP" /ip firewall connection { remove [find src-address~$PBXIP] } } } :if ([/interface get value-name=running $InterfaceISP2]) do={ :if ($InterfaceFailISP2 = 1) do={ :set InterfaceFailISP2 0 :log warning "ISP2 intarface link is up - clear all connections from $PBXIP" /ip firewall connection { remove [find src-address~$PBXIP] } } } :if ($PingResult > 0) do={ :if ($PingFailCountISP2 > 0) do={ :set PingFailCountISP2 ($PingFailCountISP2 - 1) :if ($PingFailCountISP2 = ($FailTreshold -1)) do={ :log warning "ISP2 can reach $PingTarget again - bringing back original distance of routes." :foreach i in=[/ip route find gateway=$GatewayISP2 && static && comment=MAIN_TABLE] do=\ {/ip route set $i distance=([/ip route get $i distance] - $DistanceIncrease)} :log warning "Route distance decrease finished." /ip firewall connection { remove [find src-address~$PBXIP] } } } } /ip route rem [find dst-address="$PingTarget" . "/32"]
[f@777777] <SAFE> interface pppoe-cl di 0 [f@777777] <SAFE> [f@777777] <SAFE> [f@777777] <SAFE> [f@777777] <SAFE> [f@777777] <SAFE> :if ([/ping 8.8.8.8 interface=rtk count=3]>0) do={:put "Yes sir"} SEQ HOST SIZE TTL TIME STATUS <!-- - --> [f@777777] <SAFE> interface pppoe-cl en 0 [f@777777] <SAFE> :if ([/ping 8.8.8.8 interface=rtk count=3]>0) do={:put "Yes sir"} SEQ HOST SIZE TTL TIME STATUS 0 8.8.8.8 timeout 1 8.8.8.8 timeout 2 8.8.8.8 56 254 52ms sent=3 received=1 packet-loss=66% min-rtt=52ms avg-rtt=52ms max-rtt=52ms Yes sir
[f@777777] > sys sch exp # nov/26/2015 17:37:29 by RouterOS 6.30 # software id = LY7Z-747B # /system scheduler add interval=30s name=check_ISPs on-event=check_gateways policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive start-date=nov/20/2015 start-time=05:37:37
Source: https://habr.com/ru/post/271747/
All Articles