Spirosco Traffic Shapping
Από AWMN-WiKi
Μια κι εχει ξαναγινει της μοδας τελευταια το traffic shaping, παρτε μια υλοποιηση βασισμενη σε αυτη του Acinonyx.
Traffic shaping μπορουμε να κανουμε με διαφορες υλοποιησεις. Η παραπανω ειναι μια απο αυτες.
Το πρωτο κομματι γινεται απλα copy/paste μεσα απο ενα terminal στο winbox ή απο ssh.
Για Mikrotik 2.8.x :
/ ip firewall mangle add p2p=all-p2p action=passthrough mark-connection=p2p-connections comment="P2P" disabled=no add connection=p2p-connections action=passthrough mark-flow=4 comment="" disabled=no add src-address=:20 protocol=tcp action=passthrough mark-flow=3 comment="FTP-DATA" disabled=no add dst-address=:20 protocol=tcp action=passthrough mark-flow=3 comment="" disabled=no add protocol=icmp action=passthrough mark-flow=1 comment="ICMP" disabled=no add src-address=:21 protocol=tcp action=passthrough mark-flow=3 comment="FTP" disabled=no add dst-address=:21 protocol=tcp action=passthrough mark-flow=3 comment="" disabled=no add src-address=:22 protocol=tcp action=passthrough mark-flow=1 comment="SSH" disabled=no add dst-address=:22 protocol=tcp action=passthrough mark-flow=1 comment="" disabled=no add src-address=:23 protocol=tcp action=passthrough mark-flow=1 comment="TELNET" disabled=no add dst-address=:23 protocol=tcp action=passthrough mark-flow=1 comment="" disabled=no add src-address=:25 protocol=tcp action=passthrough mark-flow=2 comment="SMTP" disabled=no add dst-address=:25 protocol=tcp action=passthrough mark-flow=2 comment="" disabled=no add src-address=:69 protocol=tcp action=passthrough mark-flow=3 comment="TFTP" disabled=no add dst-address=:69 protocol=tcp action=passthrough mark-flow=3 comment="" disabled=no add src-address=:80 protocol=tcp action=passthrough mark-flow=2 comment="HTTP" disabled=no add dst-address=:80 protocol=tcp action=passthrough mark-flow=2 comment="" disabled=no add src-address=:110 protocol=tcp action=passthrough mark-flow=2 comment="POP3" disabled=no add dst-address=:110 protocol=tcp action=passthrough mark-flow=2 comment="" disabled=no add src-address=:115 protocol=tcp action=passthrough mark-flow=3 comment="SFTP" disabled=no add dst-address=:115 protocol=tcp action=passthrough mark-flow=3 comment="" disabled=no add src-address=:143 protocol=tcp action=passthrough mark-flow=2 comment="IMAP" disabled=no add dst-address=:143 protocol=tcp action=passthrough mark-flow=2 comment="" disabled=no add src-address=:161 protocol=tcp action=passthrough mark-flow=1 comment="SNMP" disabled=no add dst-address=:161 protocol=tcp action=passthrough mark-flow=1 comment="" disabled=no add src-address=:179 protocol=tcp action=passthrough mark-flow=1 comment="BGP" disabled=no add dst-address=:179 protocol=tcp action=passthrough mark-flow=1 comment="" disabled=no add src-address=:873 protocol=tcp action=passthrough mark-flow=3 comment="RSYNC" disabled=no add dst-address=:873 protocol=tcp action=passthrough mark-flow=3 comment="" disabled=no add src-address=:2600-2605 protocol=tcp action=passthrough mark-flow=1 comment="BGP" disabled=no add dst-address=:2600-2605 protocol=tcp action=passthrough mark-flow=1 comment="" disabled=no add src-address=:10000-20000 protocol=udp action=passthrough mark-flow=1 comment="UDP \(VOIP\)" disabled=no add dst-address=:10000-20000 protocol=udp action=passthrough mark-flow=1 comment="" disabled=no add src-address=:53 protocol=udp action=passthrough mark-flow=1 comment="UDP \(DNS\)" disabled=no add dst-address=:53 protocol=udp action=passthrough mark-flow=1 comment="" disabled=no add src-address=:123 protocol=udp action=passthrough mark-flow=1 comment="UDP \(NTP\)" disabled=no add dst-address=:123 protocol=udp action=passthrough mark-flow=1 comment="" disabled=no add protocol=gre action=passthrough mark-flow=1 comment="GRE" disabled=no add src-address=:3389 protocol=tcp action=passthrough mark-flow=1 comment="RD" disabled=no add dst-address=:3389 protocol=tcp action=passthrough mark-flow=1 comment="" disabled=no add src-address=:6666-6668 protocol=tcp action=passthrough mark-flow=1 comment="IRC" disabled=no add dst-address=:6666-6668 protocol=tcp action=passthrough mark-flow=1 comment="" disabled=no add src-address=:8080 protocol=tcp action=passthrough mark-flow=2 comment="PROXY" disabled=no add dst-address=:8080 protocol=tcp action=passthrough mark-flow=2 comment="" disabled=no add src-address=:3128 protocol=tcp action=passthrough mark-flow=2 comment="" disabled=no add dst-address=:3128 protocol=tcp action=passthrough mark-flow=2 comment="" disabled=no
Για Mikrotik 2.9.x :
/ ip firewall mangle add chain=prerouting p2p=all-p2p action=mark-connection new-connection-mark=p2p-connections \ passthrough=yes comment="P2P" disabled=no add chain=prerouting connection-mark=p2p-connections action=mark-packet new-packet-mark=4 \ passthrough=yes comment="" disabled=no add chain=prerouting protocol=tcp src-port=20 action=mark-packet new-packet-mark=3 \ passthrough=yes comment="FTP" disabled=no add chain=prerouting protocol=tcp dst-port=20 action=mark-packet new-packet-mark=3 \ passthrough=yes comment="" disabled=no add chain=prerouting protocol=icmp action=mark-packet new-packet-mark=1 \ passthrough=yes comment="ICMP" disabled=no add chain=prerouting protocol=udp dst-port=10000-20000 action=mark-packet new-packet-mark=1 \ passthrough=yes comment="VOIP RTP" disabled=no add chain=prerouting protocol=udp src-port=10000-20000 action=mark-packet new-packet-mark=1 \ passthrough=yes comment="" disabled=no add chain=prerouting protocol=udp dst-port=0-1024 action=mark-packet new-packet-mark=1 \ passthrough=yes comment="LOW PORTS UDP" disabled=no add chain=prerouting protocol=udp src-port=0-1024 action=mark-packet new-packet-mark=1 \ passthrough=yes comment="" disabled=no add chain=prerouting protocol=tcp dst-port=80 action=mark-packet new-packet-mark=2 \ passthrough=yes comment="HTTP" disabled=no add chain=prerouting protocol=tcp src-port=80 action=mark-packet new-packet-mark=2 \ passthrough=yes comment="" disabled=no add chain=prerouting protocol=tcp dst-port=6666-6668 action=mark-packet new-packet-mark=1 \ passthrough=yes comment="IRC" disabled=no add chain=prerouting protocol=tcp src-port=6666-6668 action=mark-packet new-packet-mark=1 \ passthrough=yes comment="" disabled=no add chain=prerouting protocol=tcp dst-port=3128 action=mark-packet new-packet-mark=2 \ passthrough=yes comment="PROXY" disabled=no add chain=prerouting protocol=tcp src-port=3128 action=mark-packet new-packet-mark=2 \ passthrough=yes comment="" disabled=no add chain=prerouting protocol=tcp dst-port=3130 action=mark-packet new-packet-mark=2 \ passthrough=yes comment="" disabled=no add chain=prerouting protocol=tcp src-port=3130 action=mark-packet new-packet-mark=2 \ passthrough=yes comment="" disabled=no add chain=prerouting protocol=tcp dst-port=8080 action=mark-packet new-packet-mark=2 \ passthrough=yes comment="" disabled=no add chain=prerouting protocol=tcp src-port=8080 action=mark-packet new-packet-mark=2 \ passthrough=yes comment="" disabled=no add chain=prerouting protocol=tcp src-port=25 action=mark-packet new-packet-mark=2 \ passthrough=yes comment="SMTP" disabled=no add chain=prerouting protocol=tcp dst-port=25 action=mark-packet new-packet-mark=2 \ passthrough=yes comment="" disabled=no add chain=prerouting protocol=tcp dst-port=110 action=mark-packet new-packet-mark=2 \ passthrough=yes comment="POP3" disabled=no add chain=prerouting protocol=tcp src-port=110 action=mark-packet new-packet-mark=2 \ passthrough=yes comment="" disabled=no add chain=prerouting protocol=tcp dst-port=143 action=mark-packet new-packet-mark=2 \ passthrough=yes comment="IMAP" disabled=no add chain=prerouting protocol=tcp src-port=143 action=mark-packet new-packet-mark=2 \ passthrough=yes comment="" disabled=no add chain=prerouting protocol=tcp dst-port=22 action=mark-packet new-packet-mark=1 \ passthrough=yes comment="SSH" disabled=no add chain=prerouting protocol=tcp src-port=22 action=mark-packet new-packet-mark=1 \ passthrough=yes comment="" disabled=no add chain=prerouting protocol=tcp dst-port=115 action=mark-packet new-packet-mark=3 \ passthrough=yes comment="SFTP" disabled=no add chain=prerouting protocol=tcp src-port=115 action=mark-packet new-packet-mark=3 \ passthrough=yes comment="" disabled=no add chain=prerouting protocol=tcp dst-port=69 action=mark-packet new-packet-mark=3 \ passthrough=yes comment="TFTP" disabled=no add chain=prerouting protocol=tcp src-port=69 action=mark-packet new-packet-mark=3 \ passthrough=yes comment="" disabled=no add chain=prerouting protocol=tcp dst-port=123 action=mark-packet new-packet-mark=1 \ passthrough=yes comment="NTP" disabled=no add chain=prerouting protocol=tcp src-port=123 action=mark-packet new-packet-mark=1 \ passthrough=yes comment="" disabled=no add chain=prerouting protocol=tcp dst-port=161 action=mark-packet new-packet-mark=1 \ passthrough=yes comment="SNMP" disabled=no add chain=prerouting protocol=tcp src-port=161 action=mark-packet new-packet-mark=1 \ passthrough=yes comment="" disabled=no add chain=prerouting protocol=gre action=mark-packet new-packet-mark=1 \ passthrough=yes comment="GRE" disabled=no add chain=prerouting protocol=gre action=mark-packet new-packet-mark=1 \ passthrough=yes comment="" disabled=no add chain=prerouting protocol=tcp dst-port=3389 action=mark-packet new-packet-mark=1 \ passthrough=yes comment="REMOTE DESKTOP" disabled=no add chain=prerouting protocol=tcp src-port=3389 action=mark-packet new-packet-mark=1 \ passthrough=yes comment="" disabled=no add chain=prerouting protocol=tcp dst-port=873 action=mark-packet new-packet-mark=3 \ passthrough=yes comment="RSYNC" disabled=no add chain=prerouting protocol=tcp src-port=873 action=mark-packet new-packet-mark=3 \ passthrough=yes comment="" disabled=no add chain=prerouting protocol=tcp dst-port=179 action=mark-packet new-packet-mark=1 \ passthrough=yes comment="BGP" disabled=no add chain=prerouting protocol=tcp src-port=179 action=mark-packet new-packet-mark=1 \ passthrough=yes comment="" disabled=no add chain=prerouting protocol=tcp dst-port=2605 action=mark-packet new-packet-mark=1 \ passthrough=yes comment="" disabled=no add chain=prerouting protocol=tcp src-port=2605 action=mark-packet new-packet-mark=1 \ passthrough=yes comment="" disabled=no
Το δευτερο κομματι χρειαζεται edit. Αντικαθιστουμε το "Interface-XXX" με το interface name για καθε link μας. Αναπαραγουμε τις παρακατω γραμμες για καθε interface μεσα απο ενα terminal στο winbox ή απο ssh.
Κοινο για ολα τα Mikrotik versions απο 2.8.x ως και 2.9.x
/ queue tree add name="Interface-XXX Queue" parent="Interface-XXX" packet-mark="" limit-at=12000000 \ queue=default priority=8 max-limit=14000000 burst-limit=0 burst-threshold=0 burst-time=0s disabled=no add name="Interface-XXX Prio1" parent="Interface-XXX Queue" packet-mark=1 limit-at=7000000 \ queue=default priority=1 max-limit=12000000 burst-limit=0 burst-threshold=0 burst-time=0s disabled=no add name="Interface-XXX NotPrio1" parent="Interface-XXX Queue" packet-mark="" limit-at=10000000 \ queue=default priority=8 max-limit=12000000 burst-limit=0 burst-threshold=0 burst-time=0s disabled=no add name="Interface-XXX Prio2" parent="Interface-XXX NotPrio1" packet-mark=2 limit-at=7000000 \ queue=default priority=2 max-limit=12000000 burst-limit=0 burst-threshold=0 burst-time=0s disabled=no add name="Interface-XXX NotPrio2" parent="Interface-XXX NotPrio1" packet-mark="" limit-at=10000000 \ queue=default priority=8 max-limit=12000000 burst-limit=0 burst-threshold=0 burst-time=0s disabled=no add name="Interface-XXX Prio3" parent="Interface-XXX NotPrio2" packet-mark=3 limit-at=7000000 \ queue=default priority=3 max-limit=12000000 burst-limit=0 burst-threshold=0 burst-time=0s disabled=no add name="Interface-XXX Prio4" parent="Interface-XXX NotPrio2" packet-mark=4 limit-at=7000000 \ queue=default priority=4 max-limit=12000000 burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
Απο εδω και κατω η διαχείριση γινεται ευκολα μεσα απο το winbox.
Τα queue limits ειναι σχετικα ανεκτικα με βάσει ενα μεσο link που δινει γυρω στα 25mbits. Εννοείται πως χρειαζονται προσαρμογη αναλογα με την αξιοπιστια του καθε link. Δεδομενου του τροπου εκπομπης/ληψης, δεν ειναι δυνατο να εχουμε απολυτα limits. Αυτό σημαινει πως ειμαστε αναγκασμενοι να θυσιαζουμε κομματι του διαθεσιμου bandwidth οσο αφορα το transmit μας για να επιτρεπουμε στο traffic shaping να αξιοποιει οσο το δυνατο καλυτερα τα priorities και για να περιοριζουμε τα queued packets.
Γενικοτερα σε οτι αφορα το traffic shaping υπαρχει η αναλογια bandwidth/reliability. Ο πρωτος συντελεστης εξαρταται κυριως απο την ποιοτητα του εκαστοτε link και περαιτερω απο τα queue limits που οριζουμε. Ο δευτερος συντελεστης εξαρταται κατα πολυ απο τον πρωτο με την διαφορα οτι μπορουμε τεχνητα να τον αυξανουμε περιοριζοντας τον πρωτο.
Διαλεγετε και παιρνετε λοιπον
Resources: http://www.mikrotik.com/docs/ros/2.9/root/queue http://www.mikrotik.awmn/docs/ros/2.9/root/queue
