Scribd Logo
Upload

Welcome to Scribd!

  • QoS No Mikrotik Esta É A Versão 6 Do RouterOS

    Uploaded by

    Marcos Garrido
    431 views6 pages
    Este documento fornece instruções e configurações para o RouterOS para gerenciar diferentes tipos de tráfego de rede, incluindo tráfego interno, servidores de clientes, administração, streaming de vídeo, jogos online e VoIP. Ele também fornece demonstrações de regras L7 para identificar tráfego específico.

    Original Description:

    Original Title

    QoS No Mikrotik Esta é a Versão 6 Do RouterOS

    Copyright

    © © All Rights Reserved

    Available Formats

    TXT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Este documento fornece instruções e configurações para o RouterOS para gerenciar diferentes tipos de tráfego de rede, incluindo tráfego interno, servidores de clientes, administração, streaming de vídeo, jogos online e VoIP. Ele também fornece demonstrações de regras L7 para identificar tráfego específico.

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    431 views6 pages

    QoS No Mikrotik Esta É A Versão 6 Do RouterOS

    Uploaded by

    Marcos Garrido
    Este documento fornece instruções e configurações para o RouterOS para gerenciar diferentes tipos de tráfego de rede, incluindo tráfego interno, servidores de clientes, administração, streaming de vídeo, jogos online e VoIP. Ele também fornece demonstrações de regras L7 para identificar tráfego específico.

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 6

    * Esta a verso 6 do RouterOS *****

    # # Oferecido pela Greg Sowell em Greg Sowell Consulting.


    # # # Email: Greg@GregSowell.com HTTP: http://GregSowell.com
    #
    # # As filas so baseados fora de uma conexo de 10Mb terica. Desta forma, voc pode
    # # # usar os valores como porcentagens do todo. A coisa mais fcil a fazer
    # # # aplicar o script, em seguida, em WinBox ajustar os valores para o tamanho
    da fila.
    #
    # # 1.1.1.0/29 sua sub-rede WAN externo, substituir este.
    # # 2.2.2.0/24 uma sub-rede adicional encaminhado para voc no lado da WAN, substi
    tuir ou remover todas as linhas que contm este.
    # # 172.22.0.0/16 listado como sua sub-rede interna e deve ser modificado para a
    tender seu ambiente.
    # # 172.22.0.5 listado como "cliente servidores ". Esta uma fila especial listad
    o em 10 por cento
    # # # da largura de banda total. Isto d servio elevado para todos os clientes inte
    rnos. Para desativar
    # # # essa funcionalidade, emita os seguintes comandos uma vez que tudo foi post
    o em prtica:
    # # # / ip firewall mangle dis 2,3
    rvore # # # / fila dis 8,9
    # # # Voc pode ento apropriar-se da fila largura de banda, como voc v o ajuste.
    #
    # # Voc tambm vai querer mudar a interface ether1 para qualquer que seja sua inter
    face WAN passa a ser.
    #
    # # Como sempre, muito obrigado para o seu negcio e obrigado por ajudar a aliment
    ar os meus filhos :)

    # Aqui est nossas demonstraes l7 regex:
    /ip firewall layer7-protocol
    add comment="" name=speedtest-servers regexp="^.*(get|GET).+speedtest.*\$"
    add comment="" name=torrent-wwws regexp="^.*(get|GET).+(torrent|thepiratebay|i\
    sohunt|entertane|demonoid|btjunkie|mininova|flixflux|vertor|h33t|zoozle|bi\
    tnova|bitsoup|meganova|fulldls|btbot|fenopy|gpirate|commonbits).*\$"
    add comment="" name=torrent-dns regexp="^.+(torrent|thepiratebay|isohunt|enter\
    tane|demonoid|btjunkie|mininova|flixflux|vertor|h33t|zoozle|bitnova|bitsou\
    p|meganova|fulldls|btbot|fenopy|gpirate|commonbits).*\$"
    add comment="" name=netflix regexp="^.*(get|GET).+(netflix).*\$"
    add comment="" name=mp4 regexp="^.*(get|GET).+\\.mp4.*\$"
    add comment="" name=swf regexp="^.*(get|GET).+\\.swf.*\$"
    add comment="" name=flv regexp="^.*(get|GET).+\\.flv.*\$"
    add name=video regexp="^.*(get|GET).+(\\.flv|\\.mp4|netflix|\\.swf).*\$"

    # Configurando nossa listas de endereos
    /ip firewall address-list
    add address=172.22.0.0/16 comment="" disabled=no list=internal-nets
    add address=1.1.1.0/29 comment="" disabled=no list=external-nets
    add address=2.2.2.0/24 comment="" disabled=no list=external-nets
    add address=172.22.0.5 comment="customer 1" disabled=no list=customer-servers

    # Mangle identifica nossas diversas pores de trfego
    /ip firewall mangle
    add action=mark-packet chain=prerouting comment="internal-traffic packet mark" d
    st-address-list=\
    internal-nets new-packet-mark=internal-traffic passthrough=no src-address-li
    st=internal-nets
    add action=mark-packet chain=prerouting comment="customer-servers-out packet mar
    k" new-packet-mark=\
    customer-servers-out passthrough=no src-address-list=customer-servers
    add action=mark-packet chain=prerouting comment="customer-servers-in packet mark
    " dst-address-list=\
    customer-servers new-packet-mark=customer-servers-in passthrough=no
    add action=mark-packet chain=prerouting comment="admin-in packet mark DNS" in-in
    terface=ether1 \
    new-packet-mark=admin-in passthrough=no protocol=udp src-port=53
    add action=mark-packet chain=prerouting comment="admin-in packet mark snmp" dst-
    port=161 \
    in-interface=ether1 new-packet-mark=admin-in passthrough=no protocol=udp
    add action=mark-connection chain=prerouting comment="Remote Protocols admin conn
    ection mark" \
    new-connection-mark=admin port=20,21,22,23,3389,8291 protocol=tcp
    add action=mark-connection chain=prerouting comment="icmp connection mark as adm
    in" \
    new-connection-mark=admin protocol=icmp src-address-list=internal-nets
    add action=mark-packet chain=prerouting comment="admin-in packet mark" connectio
    n-mark=admin \
    in-interface=ether1 new-packet-mark=admin-in passthrough=no
    add action=mark-packet chain=prerouting comment="admin-out packet mark" connecti
    on-mark=admin \
    new-packet-mark=admin-out passthrough=no
    add action=mark-connection chain=prerouting comment="streaming video connection
    mark" dst-port=80 \
    layer7-protocol=video new-connection-mark=streaming-video protocol=tcp src-a
    ddress-list=\
    internal-nets
    add action=mark-packet chain=prerouting comment="streaming video in packet mark"
    connection-mark=\
    streaming-video in-interface=ether1 new-packet-mark=streaming-video-in passt
    hrough=no
    add action=mark-packet chain=prerouting comment="streaming video out packet mark
    " connection-mark=\
    streaming-video new-packet-mark=streaming-video-out passthrough=no
    add action=mark-connection chain=prerouting comment="http traffic connection mar
    k" dst-port=80,443 \
    new-connection-mark=http protocol=tcp src-address-list=internal-nets
    add action=mark-connection chain=prerouting comment="http traffic connection mar
    k" \
    connection-bytes=5000000-4294967295 dst-port=80,443 new-connection-mark=http
    -download protocol=\
    tcp src-address-list=internal-nets
    add action=mark-packet chain=prerouting comment="http in packet mark" connection
    -mark=http \
    in-interface=ether1 new-packet-mark=http-in passthrough=no
    add action=mark-packet chain=prerouting comment="http out packet mark" connectio
    n-mark=http \
    new-packet-mark=http-out passthrough=no
    add action=mark-connection chain=prerouting comment="wow connetion mark as gamin
    g" dst-port=\
    1119,3724,6112-6114,4000,6881-6999 new-connection-mark=games protocol=tcp sr
    c-address-list=\
    internal-nets
    add action=mark-connection chain=prerouting comment="eve online connetion mark a
    s gaming" \
    dst-address=87.237.38.200 new-connection-mark=games src-address-list=interna
    l-nets
    add action=mark-connection chain=prerouting comment="starcraft 2 connetion mark
    as gaming" \
    dst-port=1119 new-connection-mark=games protocol=tcp src-address-list=intern
    al-nets
    add action=mark-connection chain=prerouting comment="heros of newerth connetion
    mark as gaming" \
    dst-port=11031,11235-11335 new-connection-mark=games protocol=tcp src-addres
    s-list=\
    internal-nets
    add action=mark-connection chain=prerouting comment="steam connetion mark as gam
    ing" dst-port=\
    27014-27050 new-connection-mark=games protocol=tcp src-address-list=internal
    -nets
    add action=mark-connection chain=prerouting comment="xbox live connetion mark as
    gaming" dst-port=\
    3074 new-connection-mark=games protocol=tcp src-address-list=internal-nets
    add action=mark-connection chain=prerouting comment="ps3 online connetion mark a
    s gaming" dst-port=\
    5223 new-connection-mark=games protocol=tcp src-address-list=internal-nets
    add action=mark-connection chain=prerouting comment="wii online connetion mark a
    s gaming" dst-port=\
    28910,29900,29901,29920 new-connection-mark=games protocol=tcp src-address-l
    ist=internal-nets
    add action=mark-packet chain=prerouting comment="games packet mark forever-saken
    -game" \
    dst-address-list=external-nets new-packet-mark=games-in passthrough=no src-a
    ddress-list=\
    forever-saken-game
    add action=mark-packet chain=prerouting comment="games packet mark wow" dst-addr
    ess-list=\
    external-nets new-packet-mark=games-in passthrough=no protocol=udp src-port=
    53,3724
    add action=mark-packet chain=prerouting comment="games packet mark starcraft2" d
    st-address-list=\
    external-nets new-packet-mark=games-in passthrough=no protocol=udp src-port=
    1119,6113
    add action=mark-packet chain=prerouting comment="games packet mark HoN" dst-addr
    ess-list=\
    external-nets new-packet-mark=games-in passthrough=no protocol=udp src-port=
    11031,11235-11335
    add action=mark-packet chain=prerouting comment="games packet mark steam in" dst
    -address-list=\
    external-nets new-packet-mark=games-in passthrough=no port=4380,28960,27000-
    27030 protocol=udp
    add action=mark-packet chain=prerouting comment="games packet mark steam out" ds
    t-port=\
    53,1500,3005,3101,3478,4379-4380,4380,28960,27000-27030,28960 new-packet-mar
    k=games-out \
    passthrough=no protocol=udp src-address-list=internal-nets
    add action=mark-packet chain=prerouting comment="games packet mark xbox live" ds
    t-address-list=\
    external-nets new-packet-mark=games-in passthrough=no protocol=udp src-port=
    88,3074,3544,4500
    add action=mark-packet chain=prerouting comment="games packet mark ps3 online" d
    st-address-list=\
    external-nets new-packet-mark=games-in passthrough=no protocol=udp src-port=
    3478,3479,3658
    add action=mark-packet chain=prerouting comment="games packet mark in" connectio
    n-mark=games \
    dst-address-list=external-nets new-packet-mark=games-in passthrough=no
    add action=mark-packet chain=prerouting comment="games packet mark out" connecti
    on-mark=games \
    new-packet-mark=games-out passthrough=no
    add action=mark-packet chain=prerouting comment="voip-in packet mark teamspeak"
    dst-address-list=\
    external-nets new-packet-mark=voip-in passthrough=no protocol=udp src-port=9
    987
    add action=mark-packet chain=prerouting comment="voip-out packet mark teamspeak"
    dst-port=9987 \
    new-packet-mark=voip-out passthrough=no protocol=udp src-address-list=intern
    al-nets
    add action=mark-packet chain=prerouting comment="voip-out packet mark teamspeak"
    dst-address-list=\
    external-nets new-packet-mark=voip-in passthrough=no protocol=udp src-port=9
    987
    add action=mark-packet chain=prerouting comment="voip-in packet mark ventrilo" d
    st-address-list=\
    external-nets new-packet-mark=voip-in passthrough=no protocol=udp src-port=3
    784
    add action=mark-packet chain=prerouting comment="voip-out packet mark ventrilo"
    dst-port=3784 \
    new-packet-mark=voip-out passthrough=no protocol=udp src-address-list=intern
    al-nets
    add action=mark-packet chain=prerouting comment="voip-in packet mark ventrilo" d
    st-address-list=\
    external-nets new-packet-mark=voip-in passthrough=no protocol=tcp src-port=3
    784
    add action=mark-packet chain=prerouting comment="voip-out packet mark ventrilo"
    dst-port=3784 \
    new-packet-mark=voip-out passthrough=no protocol=tcp src-address-list=intern
    al-nets
    add action=mark-packet chain=prerouting comment="voip-in packet mark SIP" dst-ad
    dress-list=\
    internal-nets new-packet-mark=voip-in passthrough=no port=5060 protocol=tcp
    add action=mark-packet chain=prerouting comment="voip-out packet mark SIP" new-p
    acket-mark=voip-out \
    passthrough=no port=5060 protocol=tcp src-address-list=internal-nets
    add action=mark-packet chain=prerouting comment="voip-in packet mark udp SIP" ds
    t-address-list=\
    internal-nets new-packet-mark=voip-in passthrough=no port=5004,5060 protocol
    =udp
    add action=mark-packet chain=prerouting comment="voip-out packet mark udp SIP" n
    ew-packet-mark=\
    voip-out passthrough=no port=5004,5060 protocol=udp src-address-list=interna
    l-nets
    add action=mark-packet chain=prerouting comment="voip-in packet mark RTP" dst-ad
    dress-list=\
    internal-nets new-packet-mark=voip-in packet-size=100-400 passthrough=no por
    t=16348-32768 \
    protocol=udp
    add action=mark-packet chain=prerouting comment="voip-out packet mark RTP" new-p
    acket-mark=voip-in \
    packet-size=100-400 passthrough=no port=16348-32768 protocol=udp src-address
    -list=internal-nets
    add action=mark-packet chain=prerouting comment="vpn-in packet mark GRE" in-inte
    rface=ether1 \
    new-packet-mark=vpn-in passthrough=no protocol=gre
    add action=mark-packet chain=prerouting comment="vpn-out packet mark GRE" new-pa
    cket-mark=vpn-out \
    passthrough=no protocol=gre
    add action=mark-packet chain=prerouting comment="vpn-in packet mark ESP" in-inte
    rface=ether1 \
    new-packet-mark=vpn-in passthrough=no protocol=ipsec-esp
    add action=mark-packet chain=prerouting comment="vpn-out packet mark ESP" new-pa
    cket-mark=vpn-out \
    passthrough=no protocol=ipsec-esp
    add action=mark-packet chain=prerouting comment="vpn-in packet mark VPN UDP port
    s" in-interface=\
    ether1 new-packet-mark=vpn-in passthrough=no protocol=udp src-port=500,1701,
    4500
    add action=mark-packet chain=prerouting comment="vpn-out packet mark VPN UDP por
    ts" \
    new-packet-mark=vpn-out passthrough=no protocol=udp src-port=500,1701,4500
    add action=mark-packet chain=prerouting comment="vpn-in packet mark PPTP" in-int
    erface=ether1 \
    new-packet-mark=vpn-in passthrough=no protocol=tcp src-port=1723
    add action=mark-packet chain=prerouting comment="vpn-out packet mark PPTP" new-p
    acket-mark=vpn-out \
    passthrough=no protocol=tcp src-port=1723
    add action=mark-packet chain=prerouting comment="all in" in-interface=ether1 new
    -packet-mark=in \
    passthrough=no
    add action=mark-packet chain=prerouting comment="all out" new-packet-mark=out pa
    ssthrough=no

    # Vamos agora comear a configurar o nosso filas
    /queue type
    add kind=pfifo name=streaming-video-in pfifo-limit=500
    add kind=pcq name=games-in-pcq pcq-burst-rate=0 pcq-burst-threshold=0 pcq-burst-
    time=10s pcq-classifier=dst-address pcq-dst-address-mask=32 pcq-dst-address6-mas
    k=64 \
    pcq-limit=50 pcq-rate=100k pcq-src-address-mask=32 pcq-src-address6-mask=64
    pcq-total-limit=750000
    /queue tree
    add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=10M name=in parent=global priority=8
    add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=10M name=out parent=global priority=8
    /queue tree
    add max-limit=10M name=in parent=global queue=default
    add max-limit=10M name=out parent=global queue=default
    add limit-at=3M max-limit=10M name=http-in packet-mark=http-in parent=in priorit
    y=4 queue=default
    add limit-at=4M max-limit=10M name=streaming-video-in packet-mark=streaming-vide
    o-in parent=in \
    priority=3 queue=streaming-video-in
    add limit-at=500k max-limit=10M name=gaming-in packet-mark=games-in parent=in pr
    iority=2 queue=\
    games-in-pcq
    add max-limit=10M name=download-in packet-mark=in parent=in queue=default
    add max-limit=10M name=upload-out packet-mark=out parent=out queue=default
    add limit-at=500k max-limit=10M name=gaming-out packet-mark=games-out parent=out
    priority=2 queue=\
    default
    add limit-at=3M max-limit=10M name=http-out packet-mark=http-out parent=out prio
    rity=4 queue=default
    add limit-at=4M max-limit=10M name=streaming-video-out packet-mark=streaming-vid
    eo-out parent=out \
    priority=3 queue=default
    add limit-at=1M max-limit=10M name=customer-servers-in packet-mark=customer-serv
    ers-in parent=in \
    priority=1 queue=default
    add limit-at=1M max-limit=10M name=customer-servers-out packet-mark=customer-ser
    vers-out parent=out \
    priority=1 queue=default
    add limit-at=500k max-limit=10M name=voip-in packet-mark=voip-in parent=in prior
    ity=1 queue=default
    add limit-at=500k max-limit=10M name=vpn-in packet-mark=vpn-in parent=in priorit
    y=2 queue=default
    add limit-at=500k max-limit=10M name=voip-out packet-mark=voip-out parent=out pr
    iority=1 queue=\
    default
    add limit-at=500k max-limit=10M name=vpn-out packet-mark=vpn-out parent=out prio
    rity=2 queue=default
    add limit-at=500k max-limit=10M name=admin-in packet-mark=admin-in parent=in pri
    ority=1 queue=default
    add limit-at=500k max-limit=10M name=admin-out packet-mark=admin-out parent=out
    priority=1 queue=\
    default

    You might also like