Mikrotik. QoS for home
Today I would like to talk a little about priorities.
The article does not claim to cover all the QoS information on the Mikrotik. This is a demonstration of a set of rules that allow you to configure a simple traffic prioritization scheme and replenish it as needed.
I hope my colleagues will help with advice in the comments.
Speaking of QoS, they usually mean two directions - more or less evenly dividing a channel by the number of users, or prioritizing traffic. These directions completely complement each other, but I don’t see any sense for the family, for the family, and if you are interested in this topic, I refer to the article “ MikroTik QoS - debunking myths ” that fully reveals the topic.
I will focus on prioritizing traffic, the benefit is somewhat simpler.
')
Data rate limiting can be done in two ways:
1. All packets exceeding the transmission rate limit (shaper) are discarded.
2. The latency of the packets that exceed the specified limit for the transmission of packets in the queue and sending them later, as soon as the opportunity arises, i.e alignment speed transmission (sheduler).
As you can see in the illustration, the shaper cuts everything that does not fit, and the sheduler just slows down.
Accordingly, we need the sheduler.
Now you need to divide the traffic into classes and give each class its own priority. The first class is served in the first place, the last - in the last.
The simplest version of such a solution, which is often used, is simply to prioritize VoIP traffic, and the rest is based on the residual principle, but I will make it a bit more complicated.
So the plan is:
prio_1: DNS, ICMP, ACK - first of all goes service traffic. Setting and breaking connections, resolving names, etc.
prio_2: SIP - VoIP loves minimal delays.
prio_3: SSH and games - remote access is important for work. Games - for the rest.
prio_4: RDP and HTTP / HTTPS - web, video, etc.
prio_5: everything that is not identified above - in principle, you can forcibly drive torrents here. The blessing of the house ports from which clients work are quite well known. .
A small lyrical digression:
If we look for information about QoS in Mikrotik, then we will find several script options, ranging from the monstrous QOS script by Greg Sowell or The Mother of all QoS Trees explicitly based on it, ending with Traffic Prioritization Script (by the way, I advise you to treat it with great care, the author obviously quite vaguely understands what he is doing and therefore the script does clearly not what was intended). All these scripts have one common problem - they were written for a long time and were largely outdated for one simple reason - the world has changed.
Today, thanks to universal traffic encryption, we can’t easily catch youtube traffic, for example, or Skype, using L7-regexp. Therefore, using such scripts, carefully consider the issue of determining traffic. This, in my opinion, is the only difficulty in this matter.
Now we mark the traffic according to the plan above. In the code, I use interfaceBandwidth, i.e. channel width. I have it symmetrical and equal to 100M. If you have a different channel width, then you need to change the interfaceBandwidth value to the required one. If the channel is asynchronous, the script will be more difficult due to the need to separately mark packets for incoming and outgoing traffic. This is easy, but will significantly increase the script, making it less readable and, in general, is beyond the scope of the article.
In the address-list, I demonstrate the possibility of mass insertion of addresses from the FQDN (for example, the addresses of clusters from the World of Tanks wiki). Of course, you can simply register the necessary IP manually.
And lastly, since Mikrotik supports WMM, it would be logical to mark traffic for it.
This is done by the same mangle with the set_priority command. According to Mikrotik's wiki, the WMM priority table looks rather bizarre:
1,2 - background
0.3 - best effort
4,5 - video
6.7 - voice.
Mark priorities using the same rules as for labeling packages:
Basically, that's all.
In the future, if necessary, you can think about the formation of dynamic address lists, periodically generated by DNS scripts from the cache:
for the selection of online video.
Or detect Skype using the search for upnp rules:
But so far I have no such need.
Scripts from the article are available on GitHub . If something has not worked for you, have ideas or comments - write.
Thanks for attention!
UPD: In the original version of the article in the scripts there was an error (incorrectly selected chain). Scripts fixed.
The article does not claim to cover all the QoS information on the Mikrotik. This is a demonstration of a set of rules that allow you to configure a simple traffic prioritization scheme and replenish it as needed.
I hope my colleagues will help with advice in the comments.
Speaking of QoS, they usually mean two directions - more or less evenly dividing a channel by the number of users, or prioritizing traffic. These directions completely complement each other, but I don’t see any sense for the family, for the family, and if you are interested in this topic, I refer to the article “ MikroTik QoS - debunking myths ” that fully reveals the topic.
I will focus on prioritizing traffic, the benefit is somewhat simpler.
')
Data rate limiting can be done in two ways:
1. All packets exceeding the transmission rate limit (shaper) are discarded.
2. The latency of the packets that exceed the specified limit for the transmission of packets in the queue and sending them later, as soon as the opportunity arises, i.e alignment speed transmission (sheduler).
As you can see in the illustration, the shaper cuts everything that does not fit, and the sheduler just slows down.
Accordingly, we need the sheduler.
Now you need to divide the traffic into classes and give each class its own priority. The first class is served in the first place, the last - in the last.
The simplest version of such a solution, which is often used, is simply to prioritize VoIP traffic, and the rest is based on the residual principle, but I will make it a bit more complicated.
So the plan is:
prio_1: DNS, ICMP, ACK - first of all goes service traffic. Setting and breaking connections, resolving names, etc.
prio_2: SIP - VoIP loves minimal delays.
prio_3: SSH and games - remote access is important for work. Games - for the rest.
prio_4: RDP and HTTP / HTTPS - web, video, etc.
prio_5: everything that is not identified above - in principle, you can forcibly drive torrents here. The blessing of the house ports from which clients work are quite well known. .
A small lyrical digression:
If we look for information about QoS in Mikrotik, then we will find several script options, ranging from the monstrous QOS script by Greg Sowell or The Mother of all QoS Trees explicitly based on it, ending with Traffic Prioritization Script (by the way, I advise you to treat it with great care, the author obviously quite vaguely understands what he is doing and therefore the script does clearly not what was intended). All these scripts have one common problem - they were written for a long time and were largely outdated for one simple reason - the world has changed.
Today, thanks to universal traffic encryption, we can’t easily catch youtube traffic, for example, or Skype, using L7-regexp. Therefore, using such scripts, carefully consider the issue of determining traffic. This, in my opinion, is the only difficulty in this matter.
Now we mark the traffic according to the plan above. In the code, I use interfaceBandwidth, i.e. channel width. I have it symmetrical and equal to 100M. If you have a different channel width, then you need to change the interfaceBandwidth value to the required one. If the channel is asynchronous, the script will be more difficult due to the need to separately mark packets for incoming and outgoing traffic. This is easy, but will significantly increase the script, making it less readable and, in general, is beyond the scope of the article.
In the address-list, I demonstrate the possibility of mass insertion of addresses from the FQDN (for example, the addresses of clusters from the World of Tanks wiki). Of course, you can simply register the necessary IP manually.
#Set bandwidth of the interface :local interfaceBandwidth 100M # address-lists :for i from=1 to=10 do={/ip firewall address-list add list=WoT address=("login.p"."$i".".worldoftanks.net")} # /ip firewall mangle # prio_1 add chain=prerouting action=mark-packet new-packet-mark=prio_1 protocol=icmp add chain=prerouting action=mark-packet new-packet-mark=prio_1 protocol=tcp port=53 add chain=prerouting action=mark-packet new-packet-mark=prio_1 protocol=udp port=53 add chain=prerouting action=mark-packet new-packet-mark=prio_1 protocol=tcp tcp-flags=ack packet-size=0-123 # prio_2 add chain=prerouting action=mark-packet new-packet-mark=prio_2 dscp=40 add chain=prerouting action=mark-packet new-packet-mark=prio_2 dscp=46 add chain=prerouting action=mark-packet new-packet-mark=prio_2 protocol=udp port=5060,5061,10000-20000 src-address=192.168.100.110 add chain=prerouting action=mark-packet new-packet-mark=prio_2 protocol=udp port=5060,5061,10000-20000 dst-address=192.168.100.110 # prio_3 add chain=prerouting action=mark-packet new-packet-mark=prio_3 protocol=tcp port=22 add chain=prerouting action=mark-packet new-packet-mark=prio_3 src-address-list=WoT add chain=prerouting action=mark-packet new-packet-mark=prio_3 dst-address-list=WoT # prio_4 add chain=prerouting action=mark-packet new-packet-mark=prio_4 protocol=tcp port=3389 add chain=prerouting action=mark-packet new-packet-mark=prio_4 protocol=tcp port=80,443 : <source>queue tree add max-limit=$interfaceBandwidth name=QoS_global parent=global priority=1 :for indexA from=1 to=4 do={ /queue tree add \ name=( "prio_" . "$indexA" ) \ parent=QoS_global \ priority=($indexA) \ queue=ethernet-default \ packet-mark=("prio_" . $indexA) \ comment=("Priority " . $indexA . " traffic") } /queue tree add name="prio_5" parent=QoS_global priority=5 \ queue=ethernet-default packet-mark=no-mark comment="Priority 5 traffic" And lastly, since Mikrotik supports WMM, it would be logical to mark traffic for it.
This is done by the same mangle with the set_priority command. According to Mikrotik's wiki, the WMM priority table looks rather bizarre:
1,2 - background
0.3 - best effort
4,5 - video
6.7 - voice.
Mark priorities using the same rules as for labeling packages:
/ip firewall mangle # prio_1 add chain=prerouting action=set-priority new-priority=7 protocol=icmp add chain=prerouting action=set-priority new-priority=7 protocol=tcp port=53 add chain=prerouting action=set-priority new-priority=7 protocol=udp port=53 add chain=prerouting action=set-priority new-priority=7 protocol=tcp tcp-flags=ack packet-size=0-123 # prio_2 add chain=prerouting action=set-priority new-priority=6 dscp=40 add chain=prerouting action=set-priority new-priority=6 dscp=46 add chain=prerouting action=set-priority new-priority=6 protocol=udp port=5060,5061,10000-20000 src-address=192.168.100.110 add chain=prerouting action=set-priority new-priority=6 protocol=udp port=5060,5061,10000-20000 dst-address=192.168.100.110 # prio_3 add chain=prerouting action=set-priority new-priority=5 protocol=tcp port=22 add chain=prerouting action=mark-packet new-packet-mark=prio_3 src-address-list=WoT add chain=prerouting action=mark-packet new-packet-mark=prio_3 dst-address-list=WoT # prio_4 add chain=prerouting action=set-priority new-priority=3 protocol=tcp port=3389 Basically, that's all.
In the future, if necessary, you can think about the formation of dynamic address lists, periodically generated by DNS scripts from the cache:
:foreach i in=[/ip dns cache all find where (name~"youtube" || name~"facebook" || name~".googlevideo")] do={:put [/ip dns cache get $i address]} for the selection of online video.
Or detect Skype using the search for upnp rules:
:foreach i in=[/ip firewall nat find dynamic and comment~"Skype"] do={:put [/ip firewall nat get $i dst-port]} But so far I have no such need.
Scripts from the article are available on GitHub . If something has not worked for you, have ideas or comments - write.
Thanks for attention!
UPD: In the original version of the article in the scripts there was an error (incorrectly selected chain). Scripts fixed.
Source: https://habr.com/ru/post/330362/
All Articles