MikroTik2009

MikroTik RouterOS Workshop

QoS Best Practice
Dallas/Fort Worth
MUM USA 2009
MikroTik2009 2
Q: Is it possible to prioritize traffic by type for
every si!le cliet "hile havi! strict per#$ser
li%itatios o the sa%e ro$ter&
A: 'es(
Q: What "ill I ee) to achieve that&
A: 'o$ "ill ee):
*+,ac-et Flo" Dia!ra% 2+./0 12$e$e tree+3
4+Ma!le3 5+,6Q3 7+A))ress 8ist
Q$estios a) As"ers
MikroTik2009 3
Ma!le
/he %a!le facility allo"s yo$ to %ar- I,
pac-ets "ith special %ar-s9
/hese %ar-s are $se) by other ro$ter facilities
li-e ro$ti! a) ba)"i)th %aa!e%et to
i)etify the pac-ets9
A))itioally3 the %a!le facility is $se) to %o)ify
so%e fiel)s i the I, hea)er3 li-e /:S 1DS6,+
a) //8 fiel)s9
MikroTik2009 4
.ierarchical /o-e 0$c-et
All ba)"i)th %aa!e%et i%ple%etatio i
;o$ter:S is base) o .ierarchical /o-e
0$c-et 1./0+
./0 allo"s yo$ to create hierarchical 2$e$e
str$ct$re a) )eter%ie relatios bet"ee
2$e$es
;o$ter:S s$pports 4 virt$al ./0s 1!lobal#i3
!lobal#total3 !lobal#o$t+ a) oe %ore <$st
before every o$tp$t iterface
MikroTik2009 5
QoS ,ac-et Flo"
/his )ia!ra% is create) fro% ;o$ter:S ,ac-et
Flo" )ia!ra%9
http://"i-i9%i-roti-9co%/"i-i/,ac-et=Flo"
MikroTik2009 6
Do$ble QoS
It is possible to %ar- a) shape traffic t"ice i
the sa%e ro$ter:
Mangle chain Prerouting > for first %ar-i!
Global-in HTB > for first shapi!
Mangle chain Forward or Postrouting for seco)
%ar-i!
Global-out or Out-interface HTB for seco) %ar-i!
Do$ble QoS is oly possible "ith Q$e$e /ree
MikroTik2009 7
Why ot Si%ple Q$e$es&
Si%ple 2$e$es are or)ere) # si%ilar to fire"all
r$les
I or)er to !et to 999
th
2$e$e pac-et "ill have to be
chec-e) for %atch to all 99? previo$s 2$e$es
@ach si%ple 2$e$e might sta) for 4 separate
2$e$es:
:e i Alobal#i 1B)irectC part+
:e i Alobal#o$t 1BreverseC part+
:e i Alobal#total 1BtotalC part+
MikroTik2009 8
Si%ple Q$e$es a) Ma!le
MikroTik2009 9
Q$e$e /ree
/ree 2$e$e is oe )irectioal oly a) ca be
place) i ay of the available ./0s
Q$e$e /ree 2$e$es )oDt have ay or)er > all
traffic is processe) si%$ltaeo$sly
All chil) 2$e$es %$st have pac-et %ar-s fro%
B/ip fire"all %a!leC facility assi!e) to the%
If place) i the sa%e ./03 Si%ple 2$e$e "ill
ta-e all the traffic a"ay fro% the Q$e$e /ree
2$e$e
MikroTik2009 10
Alobal#:$t or Iterface ./0&
/here are t"o f$)a%etal )iffereces
I case of S;6#EA/ 1%as2$era)e+ Alobal#:$t
"ill be a"are of private cliet a))resses3 b$t
Iterface ./0 "ill ot > Iterface ./0 is after
S;6#EA/
@ach Iterface ./0 oly receives traffic that "ill
be leavi! thro$!h a partic$lar iterface > there
is o ee) for to separate $ploa) a) )o"loa)
i %a!le
MikroTik2009 11
6ocl$sios
We "ill $se %a!le a) 2$e$e tree:
Mar- traffic by traffic type i %a!le chai
,rero$ti!
,rioritize a) li%it traffic by type i Alobal#i ./0
;e#Mar- traffic by cliets i %a!le chai For"ar)
8i%it traffic per cliet i Iterface ./0
It is ecessary to -eep the a%o$t of %a!le
r$les a) 2$e$es to a %ii%$% to icrease the
perfor%ace of this cofi!$ratio9
MikroTik2009 12
6liet 8i%itatio
~40 Mbps
T3/E3 line

You have more than 400 clients

and 3 different connection types:

Business 4Mbps/!Mbps"
connection

#tandard $%0&bps/'%0&bps"
connection

Basic 3$%&bps/!'%&bps"
connection
MikroTik2009 13
,6Q
,er 6oectio Q$e$e is a 2$e$e type capable
of )ivi)i! traffic ito s$b#strea%s base) o
selecte) classifiers
@ach s$b#strea% "ill the
!o thro$!h FIF: 2$e$e
"ith 2$e$e size specifie)
by Bpc2#li%itC optio a)
%aFi%al rate specifie)
by Bpc2#rateC optio
MikroTik2009 14
MikroTik2009 15
,6Q ,art 2
I or)er to es$re that each ,6Q s$b#strea%
represets oe partic$lar cliet "e ee) to
create 2 )ifferet ,6Q types:
,6Q=$ploa) > so$rce a))ress as classifier
,6Q=)o"loa) # )estiatio a))ress as classifier
,6Q "ill )istrib$te available traffic e2$ally
bet"ee s$b#2$e$es $til the pc2#rate is
reache) 1if it is specifie)+
MikroTik2009 16
MikroTik2009 17
MikroTik2009 18
,6Q /ypes > WiboF Gie"
MikroTik2009 19
A))ress 8ists
A))ress lists "as itro)$ce) to assi! %$ltiple
I, a))resses/ra!es to the sa%e fire"all r$le3 i
this "ay re)$ci! the total $%ber of fire"all
r$les a) icreasi! ro$ter perfor%ace
A))ress lists ca be create):
Ma$ally
A$to%atically fro% ,,, profile > <$st specify
a))ress#list optio a) as soo as the cliet
coects it "ill be a))e) to the proper a))ress list
A$to%atically fro% ;ADIUS > attrib$te BMi-roti-:*9C
MikroTik2009 20
A))ress 8ists
MikroTik2009 21
Where&
MikroTik2009 22
,ac-et Mar-i!
Use Bcoectio#%ar-C actio to classify all
coectios base) o cliet a))ress list
Use Bpac-et#%ar-C actio to classify all traffic
base) o coectio %ar-s
Q$estios to thi- abo$t:
What spee) sho$l) be available for 0$siess cliet
if )o"loa)i! fro% basic cliet&
Do yo$ still have $%ar-e) traffic&
MikroTik2009 23
6oectio#%ar- r$le
MikroTik2009 24
,ac-et#%ar- r$le
MikroTik2009 25
Wor-i! Ma!le# WiboF vie"
MikroTik2009 26
Wor-i! Ma!le# @Fport vie"
MikroTik2009 27
Q$e$e /ree > WiboF Gie"
MikroTik2009 28
Q$e$e /ree > @Fport Gie"
MikroTik2009 29
,6Q Q$e$e Size
/otal=li%it H I ca ta-e $p to
IJ12000 bytes K 200 bytes+ of ;AM
2000 bytes > b$ffer for * pac-et
200 bytes > service )ata for * pac-et
total=li%it H 2000 HL 532M0 ;AM
total=li%it H 7000 HL *037M0 ;AM
It ca ta-e oly 50
$sers to fill the 2$e$e
1beca$se total=li%it/li%it H 2000/70 H 50+
It is ecessary to
icrease Btotal=li%itC
a)/or )ecrease the
Bli%itC val$e
/here sho$l) be at
least *0#20 pac-et
places i 2$e$e
available per $ser
MikroTik2009 30
Q$e$e Size
MikroTik2009 31
,6Q A)<$st%ets
/here are M450 0asic class cliets so:
pc2=li%it H 50
pc2=total=li%it H N000 1 M20J450+ 1M*7M0+
/here are M50 Sta)ar) class cliets so:
pc2=li%it H 40
pc2=total=li%it H *000 1 M20J50+ 1M2M0+
/here are M20 0$siess class cliets so:
pc2=li%it H 20 1(((+
pc2=total=li%it H 700 1 M20J20+ 1M*M0+
MikroTik2009 32
/raffic ,rioritizatio
Business (lass (lients
#tandard (lass (lients
Basic (lass (lients
~40 Mbps
T3/E3 line
You have problems )ith on*line
communications video+ audio+ ,-./+
0ames"
Task:
/rioriti1e the traffic
~%Mbps abroad
MikroTik2009 33
,rioritizatio ,la
MikroTik2009 34
Where&
MikroTik2009 35
.o"&
MikroTik2009 36
,riorities
6reate pac-et %ar-s i the %a!le chai
B,rero$ti!C for traffic prioritizatio i the !lobal#
i 2$e$e
@si!=services 1,riorityH*+
User=re2$ests 1,riorityH4+
6o%%$icatio=services 1,riorityH7+
Do"loa)=services 1,riorityHN+
,2,=services 1,riorityH?+