Mikrotik
Páginas: 5 (1064 palabras)
Publicado: 4 de agosto de 2011
MikroTik RouterOS Workshop QoS Best Practice
Prague MUM Czech Republic 2009
© MikroTik 2008
Questions and Answers
Q: Is it possible to prioritize traffic by type for every single client while having strict per-user limitations on the same router? A: Yes!
Q: What will I need to achieve that? A: You will need: 1)Packet Flow Diagram 2)HTB (queue tree), 3)Mangle, 4)PCQ, 5)Address List© MikroTik 2008 2
Mangle
The mangle facility allows you to mark IP packets with special marks. These marks are used by other router facilities like routing and bandwidth management to identify the packets. Additionally, the mangle facility is used to modify some fields in the IP header, like TOS (DSCP) and TTL fields.
© MikroTik 2008
3
Hierarchical Token Bucket
All bandwidthmanagement implementation in RouterOS is based on Hierarchical Token Bucket (HTB) HTB allows you to create hierarchical queue structure and determine relations between queues RouterOS supports 3 virtual HTBs (global-in, global-total, global-out) and one more just before every output interface
© MikroTik 2008
4
QoS Packet Flow
This diagram is created from RouterOS Packet Flow diagram.http://wiki.mikrotik.com/wiki/Packet_Flow
© MikroTik 2008 5
Double QoS
It is possible to mark and shape traffic twice in the same router:
Mangle chain Prerouting – for first marking Global-in HTB – for first shaping Mangle chain Forward or Postrouting for second marking Global-out or Out-interface HTB for second marking
Double QoS is only possible with Queue Tree
© MikroTik 2008
6 Why not Simple Queues?
Simple queues are ordered - similar to firewall rules
In order to get to 999th queue packet will have to be checked for match to all 998 previous queues
Each simple queue might stand for 3 separate queues:
One in Global-in (“direct” part) One in Global-out (“reverse” part) One in Global-total (“total” part)
© MikroTik 2008
7
Simple Queues and Mangle
© MikroTik2008
8
Queue Tree
Tree queue is one directional only and can be placed in any of the available HTBs Queue Tree queues don't have any order – all traffic is processed simultaneously All child queues must have packet marks from “/ip firewall mangle” facility assigned to them If placed in the same HTB, Simple queue will take all the traffic away from the Queue Tree queue
© MikroTik 2008 9 Global-Out or Interface HTB?
There are two fundamental differences In case of SRC-NAT (masquerade) Global-Out will be aware of private client addresses, but Interface HTB will not – Interface HTB is after SRC-NAT Each Interface HTB only receives traffic that will be leaving through a particular interface – there is no need for to separate upload and download in mangle
© MikroTik 2008 10 Conclusions
We will use mangle and queue tree:
Mark traffic by traffic type in mangle chain Prerouting Prioritize and limit traffic by type in Global-in HTB Re-Mark traffic by clients in mangle chain Forward Limit traffic per client in Interface HTB
It is necessary to keep the amount of mangle rules and queues to a minimum to increase the performance of this configuration.
© MikroTik 2008 11 Client Limitation
T3/E3 line ~40 Mbps
You have more than 400 clients and 3 different connection types: ● Business (4Mbps/1Mbps) connection ● Standard (750kbps/250kbps) connection ● Basic (375kbps/125kbps) connection
●
© MikroTik 2008
12
PCQ
Per Connection Queue is a queue type capable of dividing traffic into sub-streams based on selected classifiers Each sub-stream will thengo through FIFO queue with queue size specified by “pcq-limit” option and maximal rate specified by “pcq-rate” option
© MikroTik 2008
13
© MikroTik 2008
14
PCQ Part 2
In order to ensure that each PCQ sub-stream represents one particular client we need to create 2 different PCQ types:
PCQ_upload – source address as classifier PCQ_download - destination address as classifier...
Prague MUM Czech Republic 2009
© MikroTik 2008
Questions and Answers
Q: Is it possible to prioritize traffic by type for every single client while having strict per-user limitations on the same router? A: Yes!
Q: What will I need to achieve that? A: You will need: 1)Packet Flow Diagram 2)HTB (queue tree), 3)Mangle, 4)PCQ, 5)Address List© MikroTik 2008 2
Mangle
The mangle facility allows you to mark IP packets with special marks. These marks are used by other router facilities like routing and bandwidth management to identify the packets. Additionally, the mangle facility is used to modify some fields in the IP header, like TOS (DSCP) and TTL fields.
© MikroTik 2008
3
Hierarchical Token Bucket
All bandwidthmanagement implementation in RouterOS is based on Hierarchical Token Bucket (HTB) HTB allows you to create hierarchical queue structure and determine relations between queues RouterOS supports 3 virtual HTBs (global-in, global-total, global-out) and one more just before every output interface
© MikroTik 2008
4
QoS Packet Flow
This diagram is created from RouterOS Packet Flow diagram.http://wiki.mikrotik.com/wiki/Packet_Flow
© MikroTik 2008 5
Double QoS
It is possible to mark and shape traffic twice in the same router:
Mangle chain Prerouting – for first marking Global-in HTB – for first shaping Mangle chain Forward or Postrouting for second marking Global-out or Out-interface HTB for second marking
Double QoS is only possible with Queue Tree
© MikroTik 2008
6 Why not Simple Queues?
Simple queues are ordered - similar to firewall rules
In order to get to 999th queue packet will have to be checked for match to all 998 previous queues
Each simple queue might stand for 3 separate queues:
One in Global-in (“direct” part) One in Global-out (“reverse” part) One in Global-total (“total” part)
© MikroTik 2008
7
Simple Queues and Mangle
© MikroTik2008
8
Queue Tree
Tree queue is one directional only and can be placed in any of the available HTBs Queue Tree queues don't have any order – all traffic is processed simultaneously All child queues must have packet marks from “/ip firewall mangle” facility assigned to them If placed in the same HTB, Simple queue will take all the traffic away from the Queue Tree queue
© MikroTik 2008 9 Global-Out or Interface HTB?
There are two fundamental differences In case of SRC-NAT (masquerade) Global-Out will be aware of private client addresses, but Interface HTB will not – Interface HTB is after SRC-NAT Each Interface HTB only receives traffic that will be leaving through a particular interface – there is no need for to separate upload and download in mangle
© MikroTik 2008 10 Conclusions
We will use mangle and queue tree:
Mark traffic by traffic type in mangle chain Prerouting Prioritize and limit traffic by type in Global-in HTB Re-Mark traffic by clients in mangle chain Forward Limit traffic per client in Interface HTB
It is necessary to keep the amount of mangle rules and queues to a minimum to increase the performance of this configuration.
© MikroTik 2008 11 Client Limitation
T3/E3 line ~40 Mbps
You have more than 400 clients and 3 different connection types: ● Business (4Mbps/1Mbps) connection ● Standard (750kbps/250kbps) connection ● Basic (375kbps/125kbps) connection
●
© MikroTik 2008
12
PCQ
Per Connection Queue is a queue type capable of dividing traffic into sub-streams based on selected classifiers Each sub-stream will thengo through FIFO queue with queue size specified by “pcq-limit” option and maximal rate specified by “pcq-rate” option
© MikroTik 2008
13
© MikroTik 2008
14
PCQ Part 2
In order to ensure that each PCQ sub-stream represents one particular client we need to create 2 different PCQ types:
PCQ_upload – source address as classifier PCQ_download - destination address as classifier...
Leer documento completo
Regístrate para leer el documento completo.