modified on 19 maj 2010 at 19:02 ••• 2 663 views

Markowanie Ruchu, Drzewko Kolejkowania i Priorytety - autor fly man

Z MikroTik Wiki

Jak wiemy, 'proste kolejkowanie' oznacza pakiety z/do docelowego ip i kolejkuje je używając oznaczeń global-in/global-out dla pakietów po stronie lokalnej routera. Jeśli chcemy wprowadzić kolejkowanie procesów używając drzewa kolejkowania, możemy to zrobić po stronie lokalnej lub publicznej. Jednakże, jeżeli chcemy zastosować proste kolejkowanie i drzewo kolejkowania dla usług, nie mamy takiego wyboru. Pakiety oznaczone są po stronie lokalnej i podlegają prostej kolejce (nie możemy ich zobaczyć w /ip firewall mangle i /queue tree). Drugie markowanie pakietów i drzewo kolejkowania po stronie lokalnej nie zadziała. Dlatego dla usług markujemy pakiety przychodzące/wychodzące (prerouting/postrouting) po stronie publicznej routera. 

/interface set ether1 name=wan
/interface set ether2 name=lan

/ip  address  add  address=192.168.0.1/24 interface=lan
/ip  address  add  address=1.0.0.2/24 interface=wan
/ip route  add gateway=1.0.0.1

/ip firewall nat  add chain=srcnat action=masquerade src-address=192.168.0.0/24

Na początku stwórzmy prostą kolejkę, na przykład: 

:for z from 2 to 254 do={/queue simple  add name=(0. . $z) target-addresses=(192.168.0. . $z) \
parent=192.168.0.0/24 interface=all priority=4 queue=default/default max-limit=128000/530000 \
total-queue=default}

Teraz oznakujmy pakiety należące do usług: 

/ ip firewall mangle 
add chain=prerouting action=mark-packet new-packet-mark=icmp_in passthrough=no \
   in-interface=wan protocol=icmp comment="icmp" disabled=no 
add chain=postrouting action=mark-packet new-packet-mark=icmp_out \
   passthrough=no out-interface=wan protocol=icmp comment="" disabled=no 
add chain=prerouting action=mark-packet new-packet-mark=p2p_in passthrough=no \
   p2p=all-p2p in-interface=wan comment="p2p" disabled=no 
add chain=postrouting action=mark-packet new-packet-mark=p2p_out \
   passthrough=no p2p=all-p2p out-interface=wan comment="" disabled=no 
add chain=prerouting action=mark-packet new-packet-mark=pop3_in passthrough=no \
   in-interface=wan src-port=110 protocol=tcp comment="pop3" disabled=no 
add chain=postrouting action=mark-packet new-packet-mark=pop3_out \
   passthrough=no out-interface=wan dst-port=110 protocol=tcp comment="" \
   disabled=no 
add chain=prerouting action=mark-packet new-packet-mark=smtp_in passthrough=no \
   in-interface=wan src-port=25 protocol=tcp comment="smtp" disabled=no 
add chain=postrouting action=mark-packet new-packet-mark=smtp_out \
   passthrough=no out-interface=wan dst-port=25 protocol=tcp comment="" \
   disabled=no 
add chain=prerouting action=mark-packet new-packet-mark=imap_in passthrough=no \
   in-interface=wan src-port=143 protocol=tcp comment="imap" disabled=no 
add chain=postrouting action=mark-packet new-packet-mark=imap_out \
   passthrough=no out-interface=wan dst-port=143 protocol=tcp comment="" \
   disabled=no 
add chain=prerouting action=mark-packet new-packet-mark=ssh_in passthrough=no \
   in-interface=wan dst-port=22 protocol=tcp comment="ssh" disabled=no 
add chain=postrouting action=mark-packet new-packet-mark=ssh_out \
   passthrough=no out-interface=wan src-port=22 protocol=tcp comment="" \
   disabled=no 
add chain=prerouting action=mark-packet new-packet-mark=winbox_in \
   passthrough=no in-interface=wan dst-port=8291 protocol=tcp \
   comment="winbox" disabled=no 
add chain=postrouting action=mark-packet new-packet-mark=winbox_out \
   passthrough=no out-interface=wan src-port=8291 protocol=tcp comment="" \
   disabled=no 
add chain=prerouting action=mark-packet new-packet-mark=dns_in passthrough=no \
   in-interface=wan src-port=53 protocol=udp comment="dns" disabled=no 
add chain=postrouting action=mark-packet new-packet-mark=dns_out \
   passthrough=no out-interface=wan dst-port=53 protocol=udp comment="" \
   disabled=no 
add chain=prerouting action=mark-packet new-packet-mark=www_in passthrough=no \
   in-interface=wan src-port=80 protocol=tcp comment="www" disabled=no 
add chain=postrouting action=mark-packet new-packet-mark=www_out \
   passthrough=no out-interface=wan dst-port=80 protocol=tcp comment="" \
   disabled=no 
add chain=prerouting action=mark-packet new-packet-mark=ssl_in passthrough=no \
   in-interface=wan src-port=443 protocol=tcp comment="ssl" disabled=no 
add chain=postrouting action=mark-packet new-packet-mark=ssl_out \
   passthrough=no out-interface=wan dst-port=443 protocol=tcp comment="" \
   disabled=no 
add chain=prerouting action=mark-packet new-packet-mark=udp_in passthrough=no \
   in-interface=wan protocol=udp comment="udp" disabled=no 
add chain=postrouting action=mark-packet new-packet-mark=udp_out \
   passthrough=no out-interface=wan protocol=udp comment="" disabled=no 
add chain=prerouting action=mark-packet new-packet-mark=tcp_in passthrough=no \
   in-interface=wan protocol=tcp comment="tcp" disabled=no 
add chain=postrouting action=mark-packet new-packet-mark=tcp_out \
   passthrough=no out-interface=wan protocol=tcp comment="" disabled=no 
add chain=prerouting action=mark-packet new-packet-mark=other_in \
   passthrough=no in-interface=wan comment="other" disabled=no 
add chain=postrouting action=mark-packet new-packet-mark=other_out \
   passthrough=no out-interface=wan comment="" disabled=no

Potem możemy stworzyć drzewo kolejkowania: 

/queue tree 
add name="upload_wan1" parent=global-out packet-mark="" limit-at=0 \
   queue=wireless-default priority=4 max-limit=0 burst-limit=0 \
   burst-threshold=0 burst-time=0s disabled=no 
add name="icmp_down" parent=global-in packet-mark=icmp_in limit-at=0 \
   queue=wireless-default priority=1 max-limit=0 burst-limit=0 \
   burst-threshold=0 burst-time=0s disabled=no 
add name="icmp_up" parent=global-out packet-mark=icmp_out limit-at=0 \
   queue=wireless-default priority=1 max-limit=0 burst-limit=0 \
   burst-threshold=0 burst-time=0s disabled=no 
add name="winbox_down" parent=global-in packet-mark=winbox_in limit-at=0 \
   queue=wireless-default priority=1 max-limit=0 burst-limit=0 \
   burst-threshold=0 burst-time=0s disabled=no 
add name="winbox_up" parent=global-out packet-mark=winbox_out limit-at=0 \
   queue=wireless-default priority=1 max-limit=0 burst-limit=0 \
   burst-threshold=0 burst-time=0s disabled=no 
add name="dns_down" parent=global-in packet-mark=dns_in limit-at=0 \
   queue=wireless-default priority=1 max-limit=0 burst-limit=0 \
   burst-threshold=0 burst-time=0s disabled=no 
add name="dns_up" parent=global-out packet-mark=dns_out limit-at=0 \
   queue=wireless-default priority=1 max-limit=0 burst-limit=0 \
   burst-threshold=0 burst-time=0s disabled=no 
add name="www_up" parent=upload_wan1 packet-mark=www_out limit-at=0 \
   queue=wireless-default priority=2 max-limit=0 burst-limit=0 \
   burst-threshold=0 burst-time=0s disabled=no 
add name="ssl_up" parent=upload_wan1 packet-mark=ssl_out limit-at=0 \
   queue=wireless-default priority=1 max-limit=0 burst-limit=0 \
   burst-threshold=0 burst-time=0s disabled=no 
add name="p2p_up" parent=upload_wan1 packet-mark=p2p_out limit-at=0 \
   queue=wireless-default priority=8 max-limit=0 burst-limit=0 \
   burst-threshold=0 burst-time=0s disabled=no 
add name="udp_up" parent=upload_wan1 packet-mark=udp_out limit-at=0 \
   queue=wireless-default priority=6 max-limit=0 burst-limit=0 \
   burst-threshold=0 burst-time=0s disabled=no 
add name="tcp_up" parent=upload_wan1 packet-mark=tcp_out limit-at=0 \
   queue=wireless-default priority=4 max-limit=0 burst-limit=0 \
   burst-threshold=0 burst-time=0s disabled=no 
add name="other_up" parent=upload_wan1 packet-mark=other_out limit-at=0 \
   queue=wireless-default priority=7 max-limit=0 burst-limit=0 \
   burst-threshold=0 burst-time=0s disabled=no 
add name="download_wan1" parent=global-in packet-mark="" limit-at=0 \
   queue=wireless-default priority=4 max-limit=0 burst-limit=0 \
   burst-threshold=0 burst-time=0s disabled=no 
add name="www_down" parent=download_wan1 packet-mark=www_in limit-at=0 \
   queue=wireless-default priority=2 max-limit=0 burst-limit=0 \
   burst-threshold=0 burst-time=0s disabled=no 
add name="ssl_down" parent=download_wan1 packet-mark=ssl_in limit-at=0 \
   queue=wireless-default priority=1 max-limit=0 burst-limit=0 \
   burst-threshold=0 burst-time=0s disabled=no 
add name="p2p_down" parent=download_wan1 packet-mark=p2p_in limit-at=0 \
   queue=wireless-default priority=8 max-limit=0 burst-limit=0 \
   burst-threshold=0 burst-time=0s disabled=no 
add name="udp_down" parent=download_wan1 packet-mark=udp_in limit-at=0 \
   queue=wireless-default priority=6 max-limit=0 burst-limit=0 \
   burst-threshold=0 burst-time=0s disabled=no 
add name="tcp_down" parent=download_wan1 packet-mark=tcp_in limit-at=0 \
   queue=wireless-default priority=4 max-limit=0 burst-limit=0 \
   burst-threshold=0 burst-time=0s disabled=no 
add name="other" parent=download_wan1 packet-mark=other_in limit-at=0 \
   queue=wireless-default priority=7 max-limit=0 burst-limit=0 \
   burst-threshold=0 burst-time=0s disabled=no 
add name="ssh_down" parent=global-in packet-mark=ssh_in limit-at=0 \
   queue=wireless-default priority=1 max-limit=0 burst-limit=0 \
   burst-threshold=0 burst-time=0s disabled=no 
add name="ssh_up" parent=global-out packet-mark=ssh_out limit-at=0 \
   queue=wireless-default priority=1 max-limit=0 burst-limit=0 \
   burst-threshold=0 burst-time=0s disabled=no 
add name="pop3_down" parent=download_wan1 packet-mark=pop3_in limit-at=0 \
   queue=wireless-default priority=5 max-limit=0 burst-limit=0 \
   burst-threshold=0 burst-time=0s disabled=no 
add name="smtp_down" parent=download packet-mark=smtp_in limit-at=0 \
   queue=wireless-default priority=5 max-limit=0 burst-limit=0 \
   burst-threshold=0 burst-time=0s disabled=no 
add name="imap_down" parent=download packet-mark=imap_in limit-at=0 \
   queue=wireless-default priority=5 max-limit=0 burst-limit=0 \
   burst-threshold=0 burst-time=0s disabled=no 
add name="imap_up" parent=upload packet-mark=imap_out limit-at=0 \
   queue=wireless-default priority=5 max-limit=0 burst-limit=0 \
   burst-threshold=0 burst-time=0s disabled=no 
add name="smtp_out" parent=upload packet-mark=smtp_out limit-at=0 \
   queue=wireless-default priority=5 max-limit=0 burst-limit=0 \
   burst-threshold=0 burst-time=0s disabled=no 
add name="pop3_up" parent=upload packet-mark=pop3_out limit-at=0 \
   queue=wireless-default priority=5 max-limit=0 burst-limit=0 \
   burst-threshold=0 burst-time=0s disabled=no

Mamy kilkanaście prostych kolejek w górę/w dół:

-wan

-icmp

-winbox

-dns

Icmp, dns i winbox mają najwyższy priorytet aby zapewnić możliwie mały ping, szybką odpowiedź serwera dns i połaczenie winbox bez żadnych problemów. W drzewie wan decydujemy, które usługi mają najwyższy priorytet, dla których chcemy zapewnić przepływność lub zmniejszysz prędkość.

Źródło „http://mikrotik.net.pl/wiki/Markowanie_Ruchu,_Drzewko_Kolejkowania_i_Priorytety_-_autor_fly_man