Transcription
MikroTik RouterOS WorkshopQoS Best PracticePragueMUM Czech Republic 2009 MikroTik 2008
Questions and AnswersQ: Is it possible to prioritize traffic by type forevery single client while having strict per-userlimitations on the same router?A: Yes!Q: What will I need to achieve that?A: You will need:1)Packet Flow Diagram 2)HTB (queue tree),3)Mangle, 4)PCQ, 5)Address List MikroTik 20082
MangleThe mangle facility allows you to mark IPpackets with special marks.These marks are used by other router facilitieslike routing and bandwidth management toidentify the packets.Additionally, the mangle facility is used tomodify some fields in the IP header, like TOS(DSCP) and TTL fields. MikroTik 20083
Hierarchical Token BucketAll bandwidth management implementation inRouterOS is based on Hierarchical TokenBucket (HTB)HTB allows you to create hierarchical queuestructure and determine relations betweenqueuesRouterOS supports 3 virtual HTBs (global-in,global-total, global-out) and one more justbefore every output interface MikroTik 20084
QoS Packet FlowThis diagram is created from RouterOS PacketFlow diagram.http://wiki.mikrotik.com/wiki/Packet Flow MikroTik 20085
Double QoSIt is possible to mark and shape traffic twice inthe same router:Mangle chain Prerouting – for first markingGlobal-in HTB – for first shapingMangle chain Forward or Postrouting for secondmarkingGlobal-out or Out-interface HTB for second markingDouble QoS is only possible with Queue Tree MikroTik 20086
Why not Simple Queues?Simple queues are ordered - similar to firewallrulesIn order to get to 999th queue packet will have to bechecked for match to all 998 previous queuesEach simple queue might stand for 3 separatequeues:One in Global-in (“direct” part)One in Global-out (“reverse” part)One in Global-total (“total” part) MikroTik 20087
Simple Queues and Mangle MikroTik 20088
Queue TreeTree queue is one directional only and can beplaced in any of the available HTBsQueue Tree queues don't have any order – alltraffic is processed simultaneouslyAll child queues must have packet marks from“/ip firewall mangle” facility assigned to themIf placed in the same HTB, Simple queue willtake all the traffic away from the Queue Treequeue MikroTik 20089
Global-Out or Interface HTB?There are two fundamental differencesIn case of SRC-NAT (masquerade) Global-Outwill be aware of private client addresses, butInterface HTB will not – Interface HTB is afterSRC-NATEach Interface HTB only receives traffic that willbe leaving through a particular interface – thereis no need for to separate upload and downloadin mangle MikroTik 200810
ConclusionsWe will use mangle and queue tree:Mark traffic by traffic type in mangle chainPreroutingPrioritize and limit traffic by type in Global-in HTBRe-Mark traffic by clients in mangle chain ForwardLimit traffic per client in Interface HTBIt is necessary to keep the amount of manglerules and queues to a minimum to increase theperformance of this configuration. MikroTik 200811
Client LimitationT3/E3 line 40 MbpsYou have more than 400 clientsand 3 different connection types: Business (4Mbps/1Mbps)connection Standard (750kbps/250kbps)connection Basic (375kbps/125kbps)connection MikroTik 200812
PCQPer Connection Queue is a queue type capableof dividing traffic into sub-streams based onselected classifiersEach sub-stream will thengo through FIFO queuewith queue size specifiedby “pcq-limit” option andmaximal rate specifiedby “pcq-rate” option MikroTik 200813
MikroTik 200814
PCQ Part 2In order to ensure that each PCQ sub-streamrepresents one particular client we need tocreate 2 different PCQ types:PCQ upload – source address as classifierPCQ download - destination address as classifierPCQ will distribute available traffic equallybetween sub-queues until the pcq-rate isreached (if it is specified) MikroTik 200815
MikroTik 200816
MikroTik 200817
PCQ Types – Winbox View MikroTik 200818
Address ListsAddress lists was introduced to assign multipleIP addresses/ranges to the same firewall rule, inthis way reducing the total number of firewallrules and increasing router performanceAddress lists can be created:ManuallyAutomatically from PPP profile – just specifyaddress-list option and as soon as the clientconnects it will be added to the proper address listAutomatically from RADIUS – attribute “Mikrotik:19” MikroTik 200819
Address Lists MikroTik 200820
Where? MikroTik 200821
Packet MarkingUse “connection-mark” action to classify allconnections based on client address listUse “packet-mark” action to classify all trafficbased on connection marksQuestions to think about:What speed should be available for Business clientif downloading from basic client?Do you still have unmarked traffic? MikroTik 200822
Connection-mark rule MikroTik 200823
Packet-mark rule MikroTik 200824
Working Mangle- Winbox view MikroTik 200825
Working Mangle- Export view MikroTik 200826
Queue Tree – Winbox View MikroTik 200827
Queue Tree – Export View MikroTik 200828
PCQ Queue SizeIt can take only 40users to fill the queue(because total limit/limit 2000/50 40)Total limit X can take up toX*(2000 bytes 200 bytes) of RAM2000 bytes – buffer for 1 packet200 bytes – service data for 1 packettotal limit 2000 4,2MB RAMtotal limit 5000 10,5MB RAMIt is necessary toincrease “total limit”and/or decrease the“limit” valueThere should be atleast 10-20 packetplaces in queueavailable per user MikroTik 200829
Queue Size MikroTik 200830
PCQ AdjustmentsThere are 340 Basic class clients so:pcq limit 40pcq total limit 7000 ( 20*340) ( 15MB)There are 40 Standard class clients so:pcq limit 30pcq total limit 1000 ( 20*40) ( 2MB)There are 20 Business class clients so:pcq limit 20 (!!!)pcq total limit 500 ( 20*20) ( 1MB) MikroTik 200831
Traffic PrioritizationT3/E3 line 40 Mbps 5Mbps abroadBusiness Class ClientsYou have problems with on-linecommunications (video, audio, VOIP,games)Basic Class ClientsTask:Prioritize the trafficStandard Class Clients MikroTik 200832
Prioritization Plan MikroTik 200833
Where? MikroTik 200834
How? MikroTik 200835
PrioritiesCreate packet marks in the mangle chain“Prerouting” for traffic prioritization in the globalin queueEnsign services (Priority 1)User requests (Priority 3)Communication services (Priority 5)Download services (Priority 7)P2P services (Priority 8) MikroTik 200836
All bandwidth management implementation in RouterOS is based on Hierarchical Token Bucket (HTB) HTB allows you to create hierarchical queue structure and determine relations between queues RouterOS supports 3 virtual HTBs (global-in, global-total, global-out) and one more just before every output interface
