Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


3 posts

Wannabe Geek


Topic # 164240 3-Feb-2015 01:41
Send private message

Hello everybody,  

I have RB201 1UI AS-RM and i want make QoS to differenciate VoIP, Data and P2P. Here is my configuration:  

/ip firewall mangle  

Add chain=prerouting                  action=mark-packet      new-packet-mark=VoIP             port=5060                protocol= tcp    passthrought=yes          comment=”sip”
Add chain= prerouting                 action=mark-packet      new-packet-mark=VoIP             port=5060                protocol=udp    passthrought=yes          comment=”sip”
Add chain= prerouting                 action=mark-packet      new-packet-mark=VoIP             port=5004                 protocol= udp    passthrought=yes          comment=”RTP”
Add chain= prerouting                 action=mark-packet      new-packet-mark=VoIP             port=4569                protocol= udp    passthrought=yes          comment=”IAX”
Add chain= prerouting                 action=mark-packet      new-packet-mark=VoIP             port=5036                 protocol= udp     passthrought=yes          comment=”IAX”
Add chain= prerouting                 action=mark-packet      new-packet-mark=VoIP         port=3478,3479                      protocol= udp   passthrought=yes          comment=”STUN”
Add chain= prerouting                 action=mark-packet      new-packet-mark=VoIP             port=10000                         protocol= udp   passthrought=yes          comment=”STUN”
Add chain= prerouting                 action=mark-packet      new-packet-mark=Data             port=80                              protocol= tcp    passthrought=yes          comment=”HTTP”
Add chain= prerouting                 action=mark-packet      new-packet-mark=Data             port=443                            protocol= tcp    passthrought=yes          comment=”HTTPS”
Add chain= prerouting                 action=mark-packet      new-packet-mark=Data             port=22                              protocol= tcp    passthrought=yes          comment=”SSH”
Add chain= prerouting                 action=mark-packet      new-packet-mark=Data             port=53                              protocol= tcp    passthrought=yes          comment=”DNS”
Add chain= prerouting                 action=mark-packet      new-packet-mark=Data             port=53                              protocol= udp   passthrought=yes          comment=”DNS”
Add chain= prerouting                 action=mark-packet      new-packet-mark=Data             port=20,21        protocol= tcp                passthrought=yes          comment=”FTP”
Add chain= prerouting                 action=mark-packet      new-packet-mark=Data             port=110            protocol= tcp                passthrought=yes          comment=”POP3”
Add chain= prerouting                 action=mark-packet      new-packet-mark=Data             port=25                              protocol= tcp    passthrought=yes          comment=”SMTP”
Add chain= prerouting                 action=mark-packet      new-packet-mark=Data             port=143                            protocol= tcp    passthrought=yes          comment=”IMAP”
Add chain= prerouting                 action=mark-packet      new-packet-mark=Data             port=993,995                    protocol=tcp     passthrought=yes          comment=”SSL”
Add chain= prerouting                 action=mark-packet      new-packet-mark=Data             port=546                            protocol=udp    passthrought=yes          comment=”DHCP"
Add chain= prerouting  action=mark-packet      new-packet-mark=P2P               port=6881-6889                                                              protocol=tcp     passthrought=yes          comment=”BitTorrent”
Add chain= prerouting  action=mark-packet     new-packet-mark=P2P               port=6881-6999                              protocol=tcp     passthrought=yes

Add chain= prerouting           action=mark-packet     new-packet-mark=P2P               port=27763                       protocol=tcp     passthrought=yes  

/ queue tree
Add name= ‘QueueVoIP             packet-mark=VoIP         priority=2            parent=ether2 limit-at=0            disabled=no                 max-limit=xx
Add name=QueueData                packet-mark=Data         priority=7            parent=ether2 limit-at=xx          disabled=no                 max-limit=xx
Add name= QueueP2P          packet-mark=P2P           priority=7            parent=ether2                 disabled=no      max-limit=1024k  

I ouput ether3, eher4 and ether5 of the bridge local and i placed ether2 in master-port with ether3 ether4 and ether5 in slave.  

I connect my PC to ether5 and ether2 to the WAN.   To test if my QoS run, I dowload some files but my dowload going up to 6M/S while i dont't want the flow exceeds 1024k. 

Where is the problem and can you help me to solve him ? To dowload, I use Vuze with listen port 27763 ( just to see if the QoS run).  

Sorry if my english isn't godd but i'm french.  

Thanks a lot !

Filter this topic showing only the reply marked as answer Create new topic
27140 posts

Uber Geek
+1 received by user: 6579

Moderator
Trusted
Biddle Corp
Lifetime subscriber

  Reply # 1230143 3-Feb-2015 07:23
Send private message

It's impossible for your setup to work. You can't easily identify and shape torrent traffic - it's simply not possible.

Your filter to capture P2P traffic simply by filtering on a few ports isn't going to work.




I fix stuff!
1708 posts

Uber Geek
+1 received by user: 381

Trusted
Vocus
Subscriber

  Reply # 1230151 3-Feb-2015 07:31
Send private message

Ports 6881 -> 6998 are used for tracker communications. The actual P2P data uses a much larger range of ports. Its been designed to get around firewalls and shapers like this.

Its not possible to shape P2P without devices which can look into the packets

27140 posts

Uber Geek
+1 received by user: 6579

Moderator
Trusted
Biddle Corp
Lifetime subscriber

  Reply # 1230158 3-Feb-2015 07:44
Send private message

On the other hand blocking P2P entirely on a Mikrotik is very simple and only requires around 3 or 4 rules to pretty effectively block DHT traffic.



8027 posts

Uber Geek
+1 received by user: 387

Trusted
Subscriber

  Reply # 1230581 3-Feb-2015 15:09
One person supports this post
Send private message

The best way to reduce the impact of p2p/other large downloads is to make the default class for traffic the "slowest" class that has lowest priority and a restriction of the % of bandwidth it can use when near 100% utilization. Then you specifically prioritize or reserve bandwidth for things you do care about eg: DNS, NTP, small www/http requests, gaming, voip etc.

It's far easier to identify a whitelist of what you want to prioritize than a blacklist of what you want to slow.

Also you want to apply QoS rules on download and upload, contrary to some popular beliefs... otherwise you will saturate your upload.





3740 posts

Uber Geek
+1 received by user: 2270

Trusted
Spark NZ

  Reply # 1230589 3-Feb-2015 15:14
One person supports this post
Send private message

The best way to shape P2P traffic is to use P2P clients that allow you to throttle upload and download. If you're trying to shape other users on the network then basically tough luck.

Cheers - N



3 posts

Wannabe Geek


  Reply # 1231460 5-Feb-2015 01:50
Send private message

Hello,

Thank everybody to your answer !

The easiest way for you is to prioritize some ports such as DNS, SIP with high priority ?

You advise me to use that configuration ?

Add name= ‘QueueVoIP             packet-mark=VoIP         priority=1            parent=none limit-at=0            disabled=no                 max-limit=xx
Add name=QueueData                packet-mark=Data         priority=43            parent=none limit-at=xx          disabled=no                 max-limit=xx
Add name= QueueP2P          packet-mark=P2P           priority=7            parent=none                disabled=no                  max-limit=1024k  



3 posts

Wannabe Geek


  Reply # 1231461 5-Feb-2015 01:55
Send private message

Hello,

Thank everybody to your answers !

The easiest way for you is to prioritize some ports such as DNS, SIP with high priority and juqt limit the P2P ?

You advise me to use that configuration ?

/queue simple
Add name= ‘QueueVoIP              packet-mark=VoIP          priority=1             parent=none              disabled=no                 max-limit=unlimited
Add name=QueueData                packet-mark=Data         priority=3            parent=none              disabled=no                 max-limit=unlimited
Add name= QueueP2P                packet-mark=P2P           priority=7             parent=none               disabled=no                 max-limit=2M

Paquets VoIP and Data are placed in the whitelist in that configuration.

Thanks you ofr all the time you spend answer me !

Filter this topic showing only the reply marked as answer Create new topic

Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.