This example shows how to configure a transparent traffic shaper. The transparent traffic shaper is essentially a bridge that is able to differentiate and prioritize traffic that passes through it. Quick Start for Impatient Configuration snippet from the MikroTik router: / interface bridge add name="bridge1" / interface bridge port add interface=ether2 bridge=bridge1 add interface=ether3 bridge=bridge1 / ip firewall mangle add chain=prerouting protocol=tcp dst-port=80 action=mark-connection new-connection-mark=http_conn passthrough=yes add chain=prerouting connection-mark=http_conn action=mark-packet new-packet-mark=http passthrough=no add chain=prerouting p2p=all-p2p action=mark-connection new-connection-mark=p2p_conn passthrough=yes add chain=prerouting connection-mark=p2p_conn action=mark-packet new-packet-mark=p2p passthrough=no add chain=prerouting action=mark-connection new-connection-mark=other_conn passthrough=yes add chain=prerouting connection-mark=other_conn action=mark-packet new-packet-mark=other passthrough=no / queue simple add name="main" target-addresses=10.0.0.12/32 max-limit=256000/512000 add name="http" parent=main packet-marks=http max-limit=240000/500000 add name="p2p" parent=main packet-marks=p2p max-limit=64000/64000 add name="other" parent=main packet-marks=other max-limit=128000/128000 Explanation Each piece of code is followed by the explanation of what it actually does. Bridge / interface bridge add name="bridge1" / interface bridge port add interface=ether2 bridge=bridge1 add interface=ether3 bridge=bridge1 We create a new bridge interface and assign two ethernet interfaces to it. Thus the prospective traffic shaper will be completely transparent to the client. Mangle / ip firewall mangle add chain=prerouting protocol=tcp dst-port=80 action=mark-connection new-connection-mark=http_conn passthrough=yes add chain=prerouting connection-mark=http_conn action=mark-packet new-packet-mark=http passthrough=no All traffic destined to TCP port 80 is likely to be HTTP traffic and therefore is being marked with the packet mark http. Note, that the first rule has passthrough=yes while the second one has passthrough=no. (You can obtain additional information about mangle at http://www.mikrotik.com/docs/ros/2.9/ip/mangle) / ip firewall mangle add chain=prerouting p2p=all-p2p action=mark-connection new-connection-mark=p2p_conn passthrough=yes add chain=prerouting connection-mark=p2p_conn action=mark-packet new-packet-mark=p2p passthrough=no add chain=prerouting action=mark-connection new-connection-mark=other_conn passthrough=yes add chain=prerouting connection-mark=other_conn action=mark-packet new-packet-mark=other passthrough=no Same as above, P2P traffic is marked with the packet mark p2p and all other traffic is marked with the packet mark other. Queues / queue simple add name="main" target-addresses=10.0.0.12/32 max-limit=256000/512000 We create a queue that limits all the traffic going to/from the client (specified by the target-address) to 256k/512k. / queue simple add name="http" parent=main packet-marks=http max-limit=240000/500000 add name="p2p" parent=main packet-marks=p2p max-limit=64000/64000 add name="other" parent=main packet-marks=other max-limit=128000/128000 All sub-queues have the main queue as the parent, thus the aggregate data rate could not exceed limits specified in the main queue. Note, that http queue has higher priority than other queues, meaning that HTTP downloads are prioritized. http://wiki.mikrotik.com/ Labels: mikrotik |
