Mikrotik: Download speed limit for certain IP addresses
Background: we have an Internet connection with a speed of "up to 50 Mbit / s", which has a "feature" to accelerate to 100 if the channel is free. Using the cloud storage I noticed a problem that unloading or downloading about 50-100 files the client for working with the cloud “freezes” and either downloads files at extremely low speed (about 50–200 Kbps), or “silent” in general. At the same time, the sites in the browser open without any problems.
How can this be? Limit the width of the channel to specific IP-addresses during a jump over a certain period of time.
For those who want to learn more about this or even a beginner who saw a possible solution to their problem, welcome to the cat.
Many articles on a similar topic were found in the open spaces of the network, only all of them suggested speed distribution among users by priority (web pages with high, streaming video below and the lowest priority for p2p systems).
')
So, to begin with the theory. The provider monitors all the “jumps” of speed and the number of calls to resources, giving a limit to the exceeding of their performance limit. To learn it will not work - this is the closed information of the provider. But how do you download and upload 1k + files to the cloud, without receiving a temporary “ban” for accessing the resource? Easy!
The algorithm of action will be as follows:
I use Mega.nz cloud storage and the pool of their IP addresses will be:
Add all the subnet addresses in the sheet with the name, for example, " mega.nz ".
After that, go to the tab " Mangle " and add the rules for labeling packages. To do this, click on the "plus" and indicate the following parameters:
Next, go to the tab " Queue Tree " and also add two new rules:
Everything. Now, when synchronizing cloud storage to the input and output, the speed will not rise more than 25 Mbit / s and, thus, eliminate the probability of receiving a temporary ban from the provider.
PS .: Thus, you can limit the speed of any resources.
PPS: Restriction rules were partially taken from the article " Speed ​​limit in MikroTik " and modified for their needs.
PPPS: Scripts in the text equivalent were added to the article, and the creation of PCQ types for queues was removed.
PPPPS: If you need someone, below is a script to automatically add IP addresses from the DNS cache to a named list. I’ll say right away that the script is configured to work with several cloud services and adds addresses to the list with the name “clouds”. If necessary, you can change it for yourself.
How can this be? Limit the width of the channel to specific IP-addresses during a jump over a certain period of time.
For those who want to learn more about this or even a beginner who saw a possible solution to their problem, welcome to the cat.
Many articles on a similar topic were found in the open spaces of the network, only all of them suggested speed distribution among users by priority (web pages with high, streaming video below and the lowest priority for p2p systems).
')
So, to begin with the theory. The provider monitors all the “jumps” of speed and the number of calls to resources, giving a limit to the exceeding of their performance limit. To learn it will not work - this is the closed information of the provider. But how do you download and upload 1k + files to the cloud, without receiving a temporary “ban” for accessing the resource? Easy!
The algorithm of action will be as follows:
- Create a list of IP addresses for which you want to enable the speed limit;
- Organize labeling of packages going to and from the list of resources;
- Set the speed limit on the required resources using queues.
Proceed to setup
Step 1. Add the IP addresses of the resource (s) to the list. To do this, go to the " Address Lists " tab of the " Firewall " window
I use Mega.nz cloud storage and the pool of their IP addresses will be:
- 31.216.144.0/24
- 31.216.145.0/24
- 31.216.147.0/24
- 89.44.168.0/24
- 154.53.224.0/24
- 154.53.225.0/24
Add all the subnet addresses in the sheet with the name, for example, " mega.nz ".
/ip firewall address-list add address=31.216.144.0/24 list=mega.nz add address=31.216.145.0/24 list=mega.nz add address=31.216.147.0/24 list=mega.nz add address=89.44.168.0/24 list=mega.nz add address=154.53.224.0/24 list=mega.nz add address=154.53.225.0/24 list=mega.nz Step 2. Package marking
After that, go to the tab " Mangle " and add the rules for labeling packages. To do this, click on the "plus" and indicate the following parameters:
MEGA-upload:
- Comment - MEGA-upload .
- chain - forward .
- Out. Interface - the interface on which the Internet hangs. In my case, this is “eth1-Wi-Fi”.
- Dst. The Address List , mega.nz , is the name of that address list from the last step.
- Action - mark packet .
- New Packet Mark - MEGA-upload .
- Passthrought - true .
/ip firewall mangle add action=mark-packet chain=forward comment=MEGA-upload \ out-interface=eth1-Wi-Fi new-packet-mark=MEGA-upload \ passthrough=yes dst-address-list=mega.nz MEGA-download:
- Comment - MEGA-download .
- chain - forward .
- In. Interface - the interface on which the Internet hangs. In my case, this is “eth1-Wi-Fi”.
- Src Address List - mega.nz is the name of the same set of address sheets from the last step.
- Action - mark packet .
- New Packet Mark - MEGA-download .
- Passthrough - true .
/ip firewall mangle add action=mark-packet chain=forward comment=MEGA-download \ in-interface=eth1-Wi-Fi new-packet-mark=MEGA-download \ passthrough=yes src-address-list=mega.nz Step 3. Adding Queues Rules
Next, go to the tab " Queue Tree " and also add two new rules:
MEGA-upload:
- Name - MEGA-upload
- Parent - global
- Packet Marks - MEGA-upload (select from the list)
- Queue Type - default-small
- Priority - 8
- Bucket Size - 0.100
- Max Limit - 25M
/queue tree add max-limit=25M name=MEGA-upload packet-mark=MEGA-upload parent=global \ queue=default-small MEGA-download:
- Name - MEGA-download
- Parent - global
- Packet Marks - MEGA-download (choose from the list)
- Queue Type - default-small
- Priority - 8
- Bucket Size - 0.100
- Max Limit - 25M
/queue tree add max-limit=25M name=MEGA-download packet-mark=MEGA-download parent=global \ queue=default-small Everything. Now, when synchronizing cloud storage to the input and output, the speed will not rise more than 25 Mbit / s and, thus, eliminate the probability of receiving a temporary ban from the provider.
Full list of scripts
/ip firewall address-list add address=31.216.144.0/24 list=mega.nz add address=31.216.145.0/24 list=mega.nz add address=31.216.147.0/24 list=mega.nz add address=89.44.168.0/24 list=mega.nz add address=154.53.224.0/24 list=mega.nz add address=154.53.225.0/24 list=mega.nz /ip firewall mangle add action=mark-packet chain=forward comment=MEGA-upload \ out-interface=eth1-Wi-Fi new-packet-mark=MEGA-upload \ passthrough=yes dst-address-list=mega.nz add action=mark-packet chain=forward comment=MEGA-download \ in-interface=eth1-Wi-Fi new-packet-mark=MEGA-download \ passthrough=yes src-address-list=mega.nz /queue tree add max-limit=25M name=MEGA-upload packet-mark=MEGA-upload parent=global \ queue=default-small add max-limit=25M name=MEGA-download packet-mark=MEGA-download parent=global \ queue=default-small PS .: Thus, you can limit the speed of any resources.
PPS: Restriction rules were partially taken from the article " Speed ​​limit in MikroTik " and modified for their needs.
PPPS: Scripts in the text equivalent were added to the article, and the creation of PCQ types for queues was removed.
PPPPS: If you need someone, below is a script to automatically add IP addresses from the DNS cache to a named list. I’ll say right away that the script is configured to work with several cloud services and adds addresses to the list with the name “clouds”. If necessary, you can change it for yourself.
Auto add script
:log info "STARTING SCAN TO CLOUD" :put [:resolve mega.nz] :put [:resolve mega.co.nz] :put [:resolve eu.static.mega.co.nz] :put [:resolve dropbox.com] :put [:resolve d.dropbox.com] :put [:resolve bolt.dropbox.com] :put [:resolve dl-debug.dropbox.com] :put [:resolve api.disk.yandex.net] :foreach i in=[/ip dns cache all find where (name~"mega.nz" || name~"mega.co" || name~"dropbox" || name~"disk.yandex") && (type="A") ] do={ :local tmpAddress [/ip dns cache get $i address]; delay delay-time=10ms #prevent script from using all cpu time :if ( [/ip firewall address-list find where address=$tmpAddress] = "") do={ :local cacheName [/ip dns cache get $i name] ; :log info ("added entry: $cacheName $tmpAddress"); /ip firewall address-list add address=$tmpAddress list=clouds comment=$cacheName; } } :log info "CLOUD SCAN COMPLETE" Source: https://habr.com/ru/post/343532/
All Articles