Sunday, March 12, 2017
Perfection Bandwidth Management Queue Tree Rules
Perfection Bandwidth Management Queue Tree Rules
It is the result of my experiment, using the full bandwidth management with parent queue tree, which was still a lot of connection packets that are out of rule. What happens if a lot of packets that are not undefined? There will be a barrier in intent and purpose of bandwidth management that we dont expected. To control bandwidth usage we have to classify the connection packets. After getting caught then we can control it. The connection packets turned out to be highly variable. And we do not define it explicitly. Separation of connection packets method is a method of approach. That something outside that we defined must be considered.
This method is the perfection of bandwidth management using parent queue tree rule, to handle the different connection packets such as online games portal, browsing, downloading the file extensions, video streams that still any leaks. If too many leaks would be a barrier for us to prioritize the connection packets that we have defined. Upload and Undefined packets will cover the most leakage of the parent queue tree, and at last is keep using the simple queue.
I will not explain in detail again about mangle and queue tree, you can see by yourself or just a reference with the scripts that I will give, and I hope you can expanding it by yourself. Surely you should know here, the name of your public and local interface of your own mikrotik routerboard. I have a lot of explaining about this.
The concept is connection-in will produce the upload Packets, connection-out will produces the download packets. Upload and download packets are divided into upload and download packets per client. Then download packets per client will be divided again into the online games, browsing, downloading extensions, and video streams packets. Those packets can not define all the variety of the internet connection usage perfectly. It is possible to find the leakage would still not unthinkable, therefore I will use an undefined connection packets.
When we are using the internet connection, even if were downloading any extensions file, it also use small upload bytes. For that we must define the upload connection packets per client. We still can not guarantee 100% that alll already represents all the connection packets. I suggest you to keep using simple queue per client to cover all the usage of the internet connection of the clients that many variety. Ok lets get started.
The rule of the bandwidth management is under the parent of queue tree rules using the priority for each kind of the connection packets, as shown like the picture below!
This method is the perfection of bandwidth management using parent queue tree rule, to handle the different connection packets such as online games portal, browsing, downloading the file extensions, video streams that still any leaks. If too many leaks would be a barrier for us to prioritize the connection packets that we have defined. Upload and Undefined packets will cover the most leakage of the parent queue tree, and at last is keep using the simple queue.
I will not explain in detail again about mangle and queue tree, you can see by yourself or just a reference with the scripts that I will give, and I hope you can expanding it by yourself. Surely you should know here, the name of your public and local interface of your own mikrotik routerboard. I have a lot of explaining about this.
The concept is connection-in will produce the upload Packets, connection-out will produces the download packets. Upload and download packets are divided into upload and download packets per client. Then download packets per client will be divided again into the online games, browsing, downloading extensions, and video streams packets. Those packets can not define all the variety of the internet connection usage perfectly. It is possible to find the leakage would still not unthinkable, therefore I will use an undefined connection packets.
When we are using the internet connection, even if were downloading any extensions file, it also use small upload bytes. For that we must define the upload connection packets per client. We still can not guarantee 100% that alll already represents all the connection packets. I suggest you to keep using simple queue per client to cover all the usage of the internet connection of the clients that many variety. Ok lets get started.
1. Mangle Rules for Total Upload & Download Connection
/ip firewall mangle add action=mark-connection chain=prerouting disabled=no in-interface=ether1 new-connection-mark=all-inconn passthrough=yes comment="CONNECTION-IN" add action=mark-packet chain=prerouting connection-mark=all-inconn disabled=no new-packet-mark=all-inpkt passthrough=yes comment="UPLOAD" add action=mark-connection chain=forward disabled=no in-interface=wlan1 new-connection-mark=all-outconn passthrough=yes comment="CONNECTION-OUT" add action=mark-packet chain=forward connection-mark=all-outconn disabled=no new-packet-mark=all-outpkt passthrough=yes comment="DOWNLOAD"
2. Mangle Rules Upload dan Download Connection Packets Per Client
/ip firewall mangle add action=mark-packet chain=prerouting src-address=192.168.1.17 packet-mark=all-inpkt new-packet-mark=client1-pktp passthrough=no comment="CLIENT1 UPSTREAM" add action=mark-packet chain=prerouting src-address=192.168.1.16 packet-mark=all-inpkt new-packet-mark=client2-pktp passthrough=no comment="CLIENT2 UPSTREAM" add action=mark-packet chain=prerouting src-address=192.168.1.15 packet-mark=all-inpkt new-packet-mark=client3-pktp passthrough=no comment="CLIENT3 UPSTREAM" add action=mark-packet chain=prerouting src-address=192.168.1.14 packet-mark=all-inpkt new-packet-mark=client4-pktp passthrough=no comment="CLIENT4 UPSTREAM" add action=mark-packet chain=prerouting src-address=192.168.1.20 packet-mark=all-inpkt new-packet-mark=client5-pktp passthrough=no comment="CLIENT5 UPSTREAM" add action=mark-packet chain=prerouting src-address=192.168.1.21 packet-mark=all-inpkt new-packet-mark=client6-pktp passthrough=no comment="CLIENT6 UPSTREAM" /ip firewall mangle add action=mark-packet chain=forward dst-address=192.168.1.17 packet-mark=all-outpkt new-packet-mark=client1-pktd passthrough=yes comment="CLIENT1 DOWNSTREAM" add action=mark-packet chain=forward dst-address=192.168.1.16 packet-mark=all-outpkt new-packet-mark=client2-pktd passthrough=yes comment="CLIENT2 DOWNSTREAM" add action=mark-packet chain=forward dst-address=192.168.1.15 packet-mark=all-outpkt new-packet-mark=client3-pktd passthrough=yes comment="CLIENT3 DOWNSTREAM" add action=mark-packet chain=forward dst-address=192.168.1.14 packet-mark=all-outpkt new-packet-mark=client4-pktd passthrough=yes comment="CLIENT4 DOWNSTREAM" add action=mark-packet chain=forward dst-address=192.168.1.20 packet-mark=all-outpkt new-packet-mark=client5-pktd passthrough=yes comment="CLIENT5 DOWNSTREAM" add action=mark-packet chain=forward dst-address=192.168.1.21 packet-mark=all-outpkt new-packet-mark=client6-pktd passthrough=yes comment="CLIENT6 DOWNSTREAM"
3. Layer7 Protocols and Mangle Rules of The Connection Packets of The Extensions Files and Video Streaming Per Client
The mangle rules will be marking the connection packet of download files that use by the client/ip firewall layer7-protocol add comment="download" name=high regexp="^.*get.+.(exe|rar|iso|zip|7zip|0[0-9][1-9]|flv|mkv|avi|mp4|3gp|rmvb|mp3|img|dat|mov).*$" add comment="download" name=document regexp="^.*get.+.(pdf|doc|docx|xlsx|xls|rtf|ppt|ppt).*$" add comment="video" name=youtube regexp="^.*get.+.(c.youtube.com|cdn.dailymotion.com|metacafe.com|mccont.com).*$" add comment="video" name=streaming regexp="videoplayback|video" /ip firewall mangle add action=mark-packet chain=forward layer7-protocol=high new-packet-mark=billing-dpkt packet-mark=billing-pktd passthrough=no comment="BILLING DOWNLOAD" add action=mark-packet chain=forward layer7-protocol=document new-packet-mark=billing-dpkt packet-mark=billing-pktd passthrough=no comment="" add action=mark-packet chain=forward connection-bytes=1000000-0 src-port=80,443 passthrough=yes new-packet-mark=billing-dpkt packet-mark=billing-pktd protocol=tcp comment="" add action=mark-packet chain=forward layer7-protocol=high new-packet-mark=client1-dpkt packet-mark=client1-pktd passthrough=no comment="CLIENT1 DOWNLOAD" add action=mark-packet chain=forward layer7-protocol=document new-packet-mark=client1-dpkt packet-mark=client1-pktd passthrough=no comment="" add action=mark-packet chain=forward connection-bytes=1000000-0 src-port=80,443 passthrough=yes new-packet-mark=client1-dpkt packet-mark=client1-pktd protocol=tcp comment="" add action=mark-packet chain=forward layer7-protocol=high new-packet-mark=client2-dpkt packet-mark=client2-pktd passthrough=no comment="CLIENT2 DOWNLOAD" add action=mark-packet chain=forward layer7-protocol=document new-packet-mark=client2-dpkt packet-mark=client2-pktd passthrough=no comment="" add action=mark-packet chain=forward connection-bytes=1000000-0 src-port=80,443 passthrough=yes new-packet-mark=client2-dpkt packet-mark=client2-pktd protocol=tcp comment="" add action=mark-packet chain=forward layer7-protocol=high new-packet-mark=client3-dpkt packet-mark=client3-pktd passthrough=no comment="CLIENT3 DOWNLOAD" add action=mark-packet chain=forward layer7-protocol=document new-packet-mark=client3-dpkt packet-mark=client3-pktd passthrough=no comment="" add action=mark-packet chain=forward connection-bytes=1000000-0 src-port=80,443 passthrough=yes new-packet-mark=client3-dpkt packet-mark=client3-pktd protocol=tcp comment="" add action=mark-packet chain=forward layer7-protocol=high new-packet-mark=client4-dpkt packet-mark=client4-pktd passthrough=no comment="CLIENT4 DOWNLOAD" add action=mark-packet chain=forward layer7-protocol=document new-packet-mark=client4-dpkt packet-mark=client4-pktd passthrough=no comment="" add action=mark-packet chain=forward connection-bytes=1000000-0 src-port=80,443 passthrough=yes new-packet-mark=client4-dpkt packet-mark=client4-pktd protocol=tcp comment="" add action=mark-packet chain=forward layer7-protocol=high new-packet-mark=client5-dpkt packet-mark=client5-pktd passthrough=no comment="CLIENT5 DOWNLOAD" add action=mark-packet chain=forward layer7-protocol=document new-packet-mark=client5-dpkt packet-mark=client5-pktd passthrough=no comment="" add action=mark-packet chain=forward connection-bytes=1000000-0 src-port=80,443 passthrough=yes new-packet-mark=client5-dpkt packet-mark=client5-pktd protocol=tcp comment="" add action=mark-packet chain=forward layer7-protocol=high new-packet-mark=client6-dpkt packet-mark=client6-pktd passthrough=no comment="CLIENT6 DOWNLOAD" add action=mark-packet chain=forward layer7-protocol=document new-packet-mark=client6-dpkt packet-mark=client6-pktd passthrough=no comment="" add action=mark-packet chain=forward connection-bytes=1000000-0 src-port=80,443 passthrough=yes new-packet-mark=client6-dpkt packet-mark=client6-pktd protocol=tcp comment="" add action=mark-packet chain=forward layer7-protocol=high new-packet-mark=master-dpkt packet-mark=master-pktd passthrough=no comment="MASTER DOWNLOAD" add action=mark-packet chain=forward layer7-protocol=document new-packet-mark=master-dpkt packet-mark=master-pktd passthrough=no comment="" add action=mark-packet chain=forward connection-bytes=1000000-0 src-port=80,443 passthrough=yes new-packet-mark=master-dpkt packet-mark=master-pktd protocol=tcp comment="" /ip firewall mangle add action=mark-packet chain=forward layer7-protocol=youtube new-packet-mark=billing-spkt packet-mark=billing-pktd passthrough=no comment="BILLING VIDEO" add action=mark-packet chain=forward layer7-protocol=streaming new-packet-mark=billing-spkt packet-mark=billing-pktd passthrough=no comment="" add action=mark-packet chain=forward layer7-protocol=youtube new-packet-mark=client1-spkt packet-mark=client1-pktd passthrough=no comment="CLIENT1 VIDEO" add action=mark-packet chain=forward layer7-protocol=streaming new-packet-mark=client1-spkt packet-mark=client1-pktd passthrough=no comment="" add action=mark-packet chain=forward layer7-protocol=youtube new-packet-mark=client2-spkt packet-mark=client2-pktd passthrough=no comment="CLIENT2 VIDEO" add action=mark-packet chain=forward layer7-protocol=streaming new-packet-mark=client2-spkt packet-mark=client2-pktd passthrough=no comment="" add action=mark-packet chain=forward layer7-protocol=youtube new-packet-mark=client3-spkt packet-mark=client3-pktd passthrough=no comment="CLIENT3 VIDEO" add action=mark-packet chain=forward layer7-protocol=streaming new-packet-mark=client3-spkt packet-mark=client3-pktd passthrough=no comment="" add action=mark-packet chain=forward layer7-protocol=youtube new-packet-mark=client4-spkt packet-mark=client4-pktd passthrough=no comment="CLIENT4 VIDEO" add action=mark-packet chain=forward layer7-protocol=streaming new-packet-mark=client4-spkt packet-mark=client4-pktd passthrough=no comment="" add action=mark-packet chain=forward layer7-protocol=youtube new-packet-mark=client5-spkt packet-mark=client5-pktd passthrough=no comment="CLIENT5 VIDEO" add action=mark-packet chain=forward layer7-protocol=streaming new-packet-mark=client5-spkt packet-mark=client5-pktd passthrough=no comment="" add action=mark-packet chain=forward layer7-protocol=youtube new-packet-mark=client6-spkt packet-mark=client6-pktd passthrough=no comment="CLIENT6 VIDEO" add action=mark-packet chain=forward layer7-protocol=streaming new-packet-mark=client6-spkt packet-mark=client6-pktd passthrough=no comment="" add action=mark-packet chain=forward layer7-protocol=youtube new-packet-mark=master-spkt packet-mark=master-pktd passthrough=no comment="MASTER VIDEO" add action=mark-packet chain=forward layer7-protocol=streaming new-packet-mark=master-spkt packet-mark=master-pktd passthrough=no comment=""
4. Mangle Rules Marking Online Games Connection per client
/ip firewall mangle add action=mark-packet chain=forward packet-mark=all-outpkt new-packet-mark=all-gpkt passthrough=yes protocol=tcp dst-port=5340-5352,6000-6152,10001-10011,14009-14030,18901-18909 comment="Online Game Portal" add action=mark-packet chain=forward packet-mark=all-outpkt new-packet-mark=all-gpkt passthrough=yes protocol=tcp dst-port=39190,27780,29000,22100,10009,4300,15001,15002,7341,7451 add action=mark-packet chain=forward packet-mark=all-outpkt new-packet-mark=all-gpkt passthrough=yes protocol=tcp dst-port=40000,9300,9400,9700,7342,8005-8010,37466,36567,8822 add action=mark-packet chain=forward packet-mark=all-outpkt new-packet-mark=all-gpkt passthrough=yes protocol=tcp dst-port=47611,16666,20000,5105,29000,18901-18909,9015 add action=mark-packet chain=forward packet-mark=all-outpkt new-packet-mark=all-gpkt passthrough=yes protocol=udp dst-port=27005,27015 add action=mark-packet chain=forward packet-mark=all-outpkt new-packet-mark=all-gpkt passthrough=yes protocol=udp dst-port=27005-27020,13055,7800-7900,12060-12070 add action=mark-packet chain=forward packet-mark=all-outpkt new-packet-mark=all-gpkt passthrough=yes protocol=udp dst-port=8005-8010,9068,1293,1479,9401,9600,30000 add action=mark-packet chain=forward packet-mark=all-outpkt new-packet-mark=all-gpkt passthrough=yes protocol=udp dst-port=14009-14030,42051-42052,40000-40050,13000-13080 /ip firewall mangle add action=mark-packet chain=forward src-address=192.168.1.11 packet-mark=all-gpkt new-packet-mark=billing-gpkt passthrough=no comment="BILLING GAMES" add action=mark-packet chain=forward src-address=192.168.1.17 packet-mark=all-gpkt new-packet-mark=client1-gpkt passthrough=no comment="CLIENT1 GAMES" add action=mark-packet chain=forward src-address=192.168.1.16 packet-mark=all-gpkt new-packet-mark=client2-gpkt passthrough=no comment="CLIENT2 GAMES" add action=mark-packet chain=forward src-address=192.168.1.15 packet-mark=all-gpkt new-packet-mark=client3-gpkt passthrough=no comment="CLIENT3 GAMES" add action=mark-packet chain=forward src-address=192.168.1.14 packet-mark=all-gpkt new-packet-mark=client4-gpkt passthrough=no comment="CLIENT4 GAMES" add action=mark-packet chain=forward src-address=192.168.1.20 packet-mark=all-gpkt new-packet-mark=client5-gpkt passthrough=no comment="CLIENT5 GAMES" add action=mark-packet chain=forward src-address=192.168.1.21 packet-mark=all-gpkt new-packet-mark=client6-gpkt passthrough=no comment="CLIENT6 GAMES" add action=mark-packet chain=forward src-address=192.168.1.8 packet-mark=all-gpkt new-packet-mark=master-gpkt passthrough=no comment="MASTER GAMES"
5. Mangle Rules Marking Browsing Connection Per Client
/ip firewall mangle add action=mark-packet chain=forward connection-bytes=0-1000000 src-port=80,443 passthrough=no new-packet-mark=billing-bpkt packet-mark=billing-pktd protocol=tcp comment="BILLING BROWSING" add action=mark-packet chain=forward connection-bytes=0-1000000 src-port=80,443 passthrough=no new-packet-mark=client1-bpkt packet-mark=client1-pktd protocol=tcp comment="CLIENT1 BROWSING" add action=mark-packet chain=forward connection-bytes=0-1000000 src-port=80,443 passthrough=no new-packet-mark=client2-bpkt packet-mark=client2-pktd protocol=tcp comment="CLIENT2 BROWSING" add action=mark-packet chain=forward connection-bytes=0-1000000 src-port=80,443 passthrough=no new-packet-mark=client3-bpkt packet-mark=client3-pktd protocol=tcp comment="CLIENT3 BROWSING" add action=mark-packet chain=forward connection-bytes=0-1000000 src-port=80,443 passthrough=no new-packet-mark=client4-bpkt packet-mark=client4-pktd protocol=tcp comment="CLIENT4 BROWSING" add action=mark-packet chain=forward connection-bytes=0-1000000 src-port=80,443 passthrough=no new-packet-mark=client5-bpkt packet-mark=client5-pktd protocol=tcp comment="CLIENT5 BROWSING" add action=mark-packet chain=forward connection-bytes=0-1000000 src-port=80,443 passthrough=no new-packet-mark=client6-bpkt packet-mark=client6-pktd protocol=tcp comment="CLIENT6 BROWSING" add action=mark-packet chain=forward connection-bytes=0-1000000 src-port=80,443 passthrough=no new-packet-mark=master-bpkt packet-mark=master-pktd protocol=tcp comment="MASTER BROWSING"
6. Queue Tree Capturing The Marking Connection Packets Mangle Rules
The something new here is the parent queue tree for the queue tree upload per client and the unification of undefined, extension file, and video streams of downsteam connection packets has the single of parent queue tree rule. So if the clients play any video streams the limit speed will be depending on the queue tree rules./queue tree add name=All-Bandwidth parent=global-out packet-mark=all-inpkt,all-outpkt queue=default priority=8 max-limit=2M /queue tree add name=Billing parent=All-Bandwidth packet-mark=no-mark queue=default priority=8 add name=Client1 parent=All-Bandwidth packet-mark=no-mark queue=default priority=8 add name=Client2 parent=All-Bandwidth packet-mark=no-mark queue=default priority=8 add name=Client3 parent=All-Bandwidth packet-mark=no-mark queue=default priority=8 add name=Client4 parent=All-Bandwidth packet-mark=no-mark queue=default priority=8 add name=Client5 parent=All-Bandwidth packet-mark=no-mark queue=default priority=8 add name=Client6 parent=All-Bandwidth packet-mark=no-mark queue=default priority=8 add name=Master parent=All-Bandwidth packet-mark=no-mark queue=default priority=8 /queue tree add name=aBilling-Games parent=Billing packet-mark=billing-gpkt queue=default priority=1 max-limit=256k add name=aClient1-Games parent=Client1 packet-mark=client1-gpkt queue=default priority=1 max-limit=256k add name=aClient2-Games parent=Client2 packet-mark=client2-gpkt queue=default priority=1 max-limit=256k add name=aClient3-Games parent=Client3 packet-mark=client3-gpkt queue=default priority=1 max-limit=256k add name=aClient4-Games parent=Client4 packet-mark=client4-gpkt queue=default priority=1 max-limit=256k add name=aClient5-Games parent=Client5 packet-mark=client5-gpkt queue=default priority=1 max-limit=256k add name=aClient6-Games parent=Client6 packet-mark=client6-gpkt queue=default priority=1 max-limit=256k add name=aMaster-Games parent=Master packet-mark=master-gpkt queue=default priority=1 max-limit=256k /queue tree add name=bBilling-Browsing parent=Billing packet-mark=billing-bpkt queue=default priority=2 max-limit=256k add name=bClient1-Browsing parent=Client1 packet-mark=client1-bpkt queue=default priority=2 max-limit=256k add name=bClient2-Browsing parent=Client2 packet-mark=client2-bpkt queue=default priority=2 max-limit=256k add name=bClient3-Browsing parent=Client3 packet-mark=client3-bpkt queue=default priority=2 max-limit=256k add name=bClient4-Browsing parent=Client4 packet-mark=client4-bpkt queue=default priority=2 max-limit=256k add name=bClient5-Browsing parent=Client5 packet-mark=client5-bpkt queue=default priority=2 max-limit=256k add name=bClient6-Browsing parent=Client6 packet-mark=client6-bpkt queue=default priority=2 max-limit=256k add name=bMaster-Browsing parent=Master packet-mark=master-bpkt queue=default priority=2 max-limit=256k /queue tree add name=cBilling-Upload parent=Billing packet-mark=billing-pktp queue=default priority=3 max-limit=200k add name=cClient1-Upload parent=Client1 packet-mark=client1-pktp queue=default priority=3 max-limit=200k add name=cClient2-Upload parent=Client2 packet-mark=client2-pktp queue=default priority=3 max-limit=200k add name=cClient3-Upload parent=Client3 packet-mark=client3-pktp queue=default priority=3 max-limit=200k add name=cClient4-Upload parent=Client4 packet-mark=client4-pktp queue=default priority=3 max-limit=200k add name=cClient5-Upload parent=Client5 packet-mark=client5-pktp queue=default priority=3 max-limit=200k add name=cClient6-Upload parent=Client6 packet-mark=client6-pktp queue=default priority=3 max-limit=200k add name=cMaster-Upload parent=Master packet-mark=master-pktp queue=default priority=3 max-limit=200k /queue tree add name=dBilling-Download parent=Billing packet-mark=no-mark queue=default priority=6 max-limit=220k add name=dClient1-Download parent=Client1 packet-mark=no-mark queue=default priority=6 max-limit=220k add name=dClient2-Download parent=Client2 packet-mark=no-mark queue=default priority=6 max-limit=220k add name=dClient3-Download parent=Client3 packet-mark=no-mark queue=default priority=6 max-limit=220k add name=dClient4-Download parent=Client4 packet-mark=no-mark queue=default priority=6 max-limit=220k add name=dClient5-Download parent=Client5 packet-mark=no-mark queue=default priority=6 max-limit=220k add name=dClient6-Download parent=Client6 packet-mark=no-mark queue=default priority=6 max-limit=220k add name=dMaster-Download parent=Master packet-mark=no-mark queue=default priority=6 max-limit=220k /queue tree add name=eBilling-DownUdf parent=dBilling-Download packet-mark=billing-pktd queue=default priority=6 add name=eClient1-DownUdf parent=dClient1-Download packet-mark=client1-pktd queue=default priority=6 add name=eClient2-DownUdf parent=dClient2-Download packet-mark=client2-pktd queue=default priority=6 add name=eClient3-DownUdf parent=dClient3-Download packet-mark=client3-pktd queue=default priority=6 add name=eClient4-DownUdf parent=dClient4-Download packet-mark=client4-pktd queue=default priority=6 add name=eClient5-DownUdf parent=dClient5-Download packet-mark=client5-pktd queue=default priority=6 add name=eClient6-DownUdf parent=dClient6-Download packet-mark=client6-pktd queue=default priority=6 add name=eMaster-DownUdf parent=dMaster-Download packet-mark=master-pktd queue=default priority=6 /queue tree add name=fBilling-DownExt parent=dBilling-Download packet-mark=billing-dpkt queue=default priority=7 add name=fClient1-DownExt parent=dClient1-Download packet-mark=client1-dpkt queue=default priority=7 add name=fClient2-DownExt parent=dClient2-Download packet-mark=client2-dpkt queue=default priority=7 add name=fClient3-DownExt parent=dClient3-Download packet-mark=client3-dpkt queue=default priority=7 add name=fClient4-DownExt parent=dClient4-Download packet-mark=client4-dpkt queue=default priority=7 add name=fClient5-DownExt parent=dClient5-Download packet-mark=client5-dpkt queue=default priority=7 add name=fClient6-DownExt parent=dClient6-Download packet-mark=client6-dpkt queue=default priority=7 add name=fMaster-DownExt parent=dMaster-Download packet-mark=master-dpkt queue=default priority=7 /queue tree add name=gBilling-DownVid parent=dBilling-Download packet-mark=billing-spkt queue=default priority=8 add name=gClient1-DownVid parent=dClient1-Download packet-mark=client1-spkt queue=default priority=8 add name=gClient2-DownVid parent=dClient2-Download packet-mark=client2-spkt queue=default priority=8 add name=gClient3-DownVid parent=dClient3-Download packet-mark=client3-spkt queue=default priority=8 add name=gClient4-DownVid parent=dClient4-Download packet-mark=client4-spkt queue=default priority=8 add name=gClient5-DownVid parent=dClient5-Download packet-mark=client5-spkt queue=default priority=8 add name=gClient6-DownVid parent=dClient6-Download packet-mark=client6-spkt queue=default priority=8 add name=gMaster-DownVid parent=dMaster-Download packet-mark=master-spkt queue=default priority=8
The rule of the bandwidth management is under the parent of queue tree rules using the priority for each kind of the connection packets, as shown like the picture below!
7. Connection Limit Firewall Filter to The Kind Connection Packets
If you want to limit the client speed by the connection, you can add this rule on the firewall filter using the following scripts. You can change the value of connection limit as you will./ip firewall filter add action=drop chain=forward comment="DOWNLOAD HIGH" connection-limit=6,32 disabled=no layer7-protocol=high protocol=tcp add action=drop chain=forward comment="YOUTUBE" connection-limit=6,32 disabled=no layer7-protocol=youtube protocol=tcp add action=drop chain=forward comment="STREAMING" connection-limit=6,32 disabled=no layer7-protocol=streaming protocol=tcp
8. Scripts to create Automatic Simple Queue for each IP address Clients
to avoid the connection packets that could not defined yet, something that we can not expected. This script will help to create simple queue rules by IP client automatically!/queue simple :for i from=1 to=24 do={ add name=("Client $i") target-addresses=("192.168.1.$i") dst-address=0.0.0.0/0 interface=all limit-at=0/0 max-limit=200000/200000 disabled=no }Change the range of the clients IP address that you have and define the max-limit on the simple queue rule. This is the way that I have applied in my internet network, in order to maintain the satisfaction of the clients that have a variety of interests in usage of the internet connection. If you need to see how the above scripts works, lets see on this article video above! good luck!
Perfection II
This is the perfection queue tree that I have made as a reference for you to implement QoS in Version 5 as you wish, you can modify this method as you like!
and this is the complete method of this experiment!
Limiting Download Files Queue Tree per Client
Limiting Browsing Queue Tree per Client
Limiting Video Streaming Queue Tree per Client
Limiting Upload Per Client
Mangle All | Change Your Interface Name ======================================= local interface : hotspot local interface : wan /ip firewall mangle add action=mark-connection chain=prerouting disabled=no in-interface=hotspot new-connection-mark=all-inconn passthrough=yes comment="UPSTEAM CONNECTION" add action=mark-packet chain=prerouting connection-mark=all-inconn disabled=no new-packet-mark=all-inpkt passthrough=yes comment="UPSTEAM" add action=mark-connection chain=forward disabled=no in-interface=wan new-connection-mark=all-outconn passthrough=yes comment="DOWNSTEAM CONNECTION" add action=mark-packet chain=forward connection-mark=all-outconn disabled=no new-packet-mark=all-outpkt passthrough=yes comment="DOWNSTEAM" Layer 7 All | Add your regexp +++++++++++++++++++++++++++++ /ip firewall layer7-protocol add comment="download" name=high regexp="^.*get.+.(exe|rar|iso|zip|7zip|0[0-9][1-9]|flv|mkv|avi|mp4|3gp|rmvb|mp3|img|dat|mov).*$" add comment="download" name=document regexp="^.*get.+.(pdf|doc|docx|xlsx|xls|rtf|ppt|ppt).*$" add comment="video" name=youtube regexp="^.*get.+.(c.youtube.com|cdn.dailymotion.com|metacafe.com|mccont.com).*$" add comment="video" name=streaming regexp="videoplayback|video" add comment="video" name=youtube_matcher regexp="(GET /videoplayback?|GET /crossdomain.xml)" Mangle per client +++++++++++++++++ /ip firewall mangle add action=mark-packet chain=prerouting src-address=192.168.1.17 packet-mark=all-inpkt new-packet-mark=client1-pktp passthrough=no comment="CLIENT1 UPSTREAM" add action=mark-packet chain=prerouting src-address=192.168.1.16 packet-mark=all-inpkt new-packet-mark=client2-pktp passthrough=no comment="CLIENT2 UPSTREAM" add action=mark-packet chain=prerouting src-address=192.168.1.15 packet-mark=all-inpkt new-packet-mark=client3-pktp passthrough=no comment="CLIENT3 UPSTREAM" add action=mark-packet chain=prerouting src-address=192.168.1.14 packet-mark=all-inpkt new-packet-mark=client4-pktp passthrough=no comment="CLIENT4 UPSTREAM" add action=mark-packet chain=prerouting src-address=192.168.1.20 packet-mark=all-inpkt new-packet-mark=client5-pktp passthrough=no comment="CLIENT5 UPSTREAM" add action=mark-packet chain=prerouting src-address=192.168.1.21 packet-mark=all-inpkt new-packet-mark=client6-pktp passthrough=no comment="CLIENT6 UPSTREAM" /ip firewall mangle add action=mark-packet chain=forward dst-address=192.168.1.17 packet-mark=all-outpkt new-packet-mark=client1-pktd passthrough=yes comment="CLIENT1 DOWNSTREAM" add action=mark-packet chain=forward dst-address=192.168.1.16 packet-mark=all-outpkt new-packet-mark=client2-pktd passthrough=yes comment="CLIENT2 DOWNSTREAM" add action=mark-packet chain=forward dst-address=192.168.1.15 packet-mark=all-outpkt new-packet-mark=client3-pktd passthrough=yes comment="CLIENT3 DOWNSTREAM" add action=mark-packet chain=forward dst-address=192.168.1.14 packet-mark=all-outpkt new-packet-mark=client4-pktd passthrough=yes comment="CLIENT4 DOWNSTREAM" add action=mark-packet chain=forward dst-address=192.168.1.20 packet-mark=all-outpkt new-packet-mark=client5-pktd passthrough=yes comment="CLIENT5 DOWNSTREAM" add action=mark-packet chain=forward dst-address=192.168.1.21 packet-mark=all-outpkt new-packet-mark=client6-pktd passthrough=yes comment="CLIENT6 DOWNSTREAM" Download Per Client +++++++++++++++++++++ /ip firewall mangle add action=mark-packet chain=forward layer7-protocol=high new-packet-mark=client1-dpkt packet-mark=client1-pktd passthrough=no comment="CLIENT1 DOWNLOAD" add action=mark-packet chain=forward layer7-protocol=document new-packet-mark=client1-dpkt packet-mark=client1-pktd passthrough=no comment="" add action=mark-packet chain=forward connection-bytes=1000000-0 src-port=80,443 passthrough=yes new-packet-mark=client1-dpkt packet-mark=client1-pktd protocol=tcp comment="" add action=mark-packet chain=forward layer7-protocol=high new-packet-mark=client2-dpkt packet-mark=client2-pktd passthrough=no comment="CLIENT2 DOWNLOAD" add action=mark-packet chain=forward layer7-protocol=document new-packet-mark=client2-dpkt packet-mark=client2-pktd passthrough=no comment="" add action=mark-packet chain=forward connection-bytes=1000000-0 src-port=80,443 passthrough=yes new-packet-mark=client2-dpkt packet-mark=client2-pktd protocol=tcp comment="" add action=mark-packet chain=forward layer7-protocol=high new-packet-mark=client3-dpkt packet-mark=client3-pktd passthrough=no comment="CLIENT3 DOWNLOAD" add action=mark-packet chain=forward layer7-protocol=document new-packet-mark=client3-dpkt packet-mark=client3-pktd passthrough=no comment="" add action=mark-packet chain=forward connection-bytes=1000000-0 src-port=80,443 passthrough=yes new-packet-mark=client3-dpkt packet-mark=client3-pktd protocol=tcp comment="" add action=mark-pAvailable link for download
Labels: bandwidth, management, perfection, queue, rules, tree