prev
next
out of 6

QoS No Mikrotik Esta é a Versão 6 Do RouterOS

Embed Size (px)

Citation preview

  • 8/11/2019 QoS No Mikrotik Esta a Verso 6 Do RouterOS

    1/6

    * Esta a verso 6 do RouterOS *****

    # # Oferecido pela Greg Sowell em Greg Sowell Consulting.# # # Email: [email protected] HTTP: http://GregSowell.com## # As filas so baseados fora de uma conexo de 10Mb terica. Desta forma, voc pode# # # usar os valores como porcentagens do todo. A coisa mais fcil a fazer # # # aplicar o script, em seguida, em WinBox ajustar os valores para o tamanhoda fila.## # 1.1.1.0/29 sua sub-rede WAN externo, substituir este.# # 2.2.2.0/24 uma sub-rede adicional encaminhado para voc no lado da WAN, substituir ou remover todas as linhas que contm este.# # 172.22.0.0/16 listado como sua sub-rede interna e deve ser modificado para atender seu ambiente.# # 172.22.0.5 listado como "cliente servidores ". Esta uma fila especial listado em 10 por cento# # # da largura de banda total. Isto d servio elevado para todos os clientes internos. Para desativar# # # essa funcionalidade, emita os seguintes comandos uma vez que tudo foi posto em prtica:# # # / ip firewall mangle dis 2,3rvore # # # / fila dis 8,9# # # Voc pode ento apropriar-se da fila largura de banda, como voc v o ajuste.

    ## # Voc tambm vai querer mudar a interface ether1 para qualquer que seja sua interface WAN passa a ser.## # Como sempre, muito obrigado para o seu negcio e obrigado por ajudar a alimentar os meus filhos :)

    # Aqui est nossas demonstraes l7 regex:

    /ip firewall layer7-protocoladd comment="" name=speedtest-servers regexp="^.*(get|GET).+speedtest.*\$"add comment="" name=torrent-wwws regexp="^.*(get|GET).+(torrent|thepiratebay|i\ sohunt|entertane|demonoid|btjunkie|mininova|flixflux|vertor|h33t|zoozle|bi\

    tnova|bitsoup|meganova|fulldls|btbot|fenopy|gpirate|commonbits).*\$"add comment="" name=torrent-dns regexp="^.+(torrent|thepiratebay|isohunt|enter\ tane|demonoid|btjunkie|mininova|flixflux|vertor|h33t|zoozle|bitnova|bitsou\ p|meganova|fulldls|btbot|fenopy|gpirate|commonbits).*\$"add comment="" name=netflix regexp="^.*(get|GET).+(netflix).*\$"add comment="" name=mp4 regexp="^.*(get|GET).+\\.mp4.*\$"add comment="" name=swf regexp="^.*(get|GET).+\\.swf.*\$"add comment="" name=flv regexp="^.*(get|GET).+\\.flv.*\$"add name=video regexp="^.*(get|GET).+(\\.flv|\\.mp4|netflix|\\.swf).*\$"

    # Configurando nossa listas de endereos

    /ip firewall address-listadd address=172.22.0.0/16 comment="" disabled=no list=internal-netsadd address=1.1.1.0/29 comment="" disabled=no list=external-netsadd address=2.2.2.0/24 comment="" disabled=no list=external-netsadd address=172.22.0.5 comment="customer 1" disabled=no list=customer-servers

    # Mangle identifica nossas diversas pores de trfego

    /ip firewall mangle

  • 8/11/2019 QoS No Mikrotik Esta a Verso 6 Do RouterOS

    2/6

    add action=mark-packet chain=prerouting comment="internal-traffic packet mark" dst-address-list=\ internal-nets new-packet-mark=internal-traffic passthrough=no src-address-list=internal-netsadd action=mark-packet chain=prerouting comment="customer-servers-out packet mark" new-packet-mark=\ customer-servers-out passthrough=no src-address-list=customer-serversadd action=mark-packet chain=prerouting comment="customer-servers-in packet mark" dst-address-list=\ customer-servers new-packet-mark=customer-servers-in passthrough=noadd action=mark-packet chain=prerouting comment="admin-in packet mark DNS" in-interface=ether1 \ new-packet-mark=admin-in passthrough=no protocol=udp src-port=53add action=mark-packet chain=prerouting comment="admin-in packet mark snmp" dst-port=161 \ in-interface=ether1 new-packet-mark=admin-in passthrough=no protocol=udpadd action=mark-connection chain=prerouting comment="Remote Protocols admin connection mark" \ new-connection-mark=admin port=20,21,22,23,3389,8291 protocol=tcpadd action=mark-connection chain=prerouting comment="icmp connection mark as admin" \ new-connection-mark=admin protocol=icmp src-address-list=internal-netsadd action=mark-packet chain=prerouting comment="admin-in packet mark" connection-mark=admin \

    in-interface=ether1 new-packet-mark=admin-in passthrough=noadd action=mark-packet chain=prerouting comment="admin-out packet mark" connection-mark=admin \ new-packet-mark=admin-out passthrough=noadd action=mark-connection chain=prerouting comment="streaming video connectionmark" dst-port=80 \ layer7-protocol=video new-connection-mark=streaming-video protocol=tcp src-address-list=\ internal-netsadd action=mark-packet chain=prerouting comment="streaming video in packet mark"connection-mark=\ streaming-video in-interface=ether1 new-packet-mark=streaming-video-in passthrough=no

    add action=mark-packet chain=prerouting comment="streaming video out packet mark" connection-mark=\ streaming-video new-packet-mark=streaming-video-out passthrough=noadd action=mark-connection chain=prerouting comment="http traffic connection mark" dst-port=80,443 \ new-connection-mark=http protocol=tcp src-address-list=internal-netsadd action=mark-connection chain=prerouting comment="http traffic connection mark" \ connection-bytes=5000000-4294967295 dst-port=80,443 new-connection-mark=http-download protocol=\ tcp src-address-list=internal-netsadd action=mark-packet chain=prerouting comment="http in packet mark" connection-mark=http \

    in-interface=ether1 new-packet-mark=http-in passthrough=noadd action=mark-packet chain=prerouting comment="http out packet mark" connection-mark=http \ new-packet-mark=http-out passthrough=noadd action=mark-connection chain=prerouting comment="wow connetion mark as gaming" dst-port=\ 1119,3724,6112-6114,4000,6881-6999 new-connection-mark=games protocol=tcp src-address-list=\ internal-netsadd action=mark-connection chain=prerouting comment="eve online connetion mark a

  • 8/11/2019 QoS No Mikrotik Esta a Verso 6 Do RouterOS

    3/6

    s gaming" \ dst-address=87.237.38.200 new-connection-mark=games src-address-list=internal-netsadd action=mark-connection chain=prerouting comment="starcraft 2 connetion markas gaming" \ dst-port=1119 new-connection-mark=games protocol=tcp src-address-list=internal-netsadd action=mark-connection chain=prerouting comment="heros of newerth connetionmark as gaming" \ dst-port=11031,11235-11335 new-connection-mark=games protocol=tcp src-address-list=\ internal-netsadd action=mark-connection chain=prerouting comment="steam connetion mark as gaming" dst-port=\ 27014-27050 new-connection-mark=games protocol=tcp src-address-list=internal-netsadd action=mark-connection chain=prerouting comment="xbox live connetion mark asgaming" dst-port=\ 3074 new-connection-mark=games protocol=tcp src-address-list=internal-netsadd action=mark-connection chain=prerouting comment="ps3 online connetion mark as gaming" dst-port=\ 5223 new-connection-mark=games protocol=tcp src-address-list=internal-netsadd action=mark-connection chain=prerouting comment="wii online connetion mark as gaming" dst-port=\

    28910,29900,29901,29920 new-connection-mark=games protocol=tcp src-address-list=internal-netsadd action=mark-packet chain=prerouting comment="games packet mark forever-saken-game" \ dst-address-list=external-nets new-packet-mark=games-in passthrough=no src-address-list=\ forever-saken-gameadd action=mark-packet chain=prerouting comment="games packet mark wow" dst-address-list=\ external-nets new-packet-mark=games-in passthrough=no protocol=udp src-port=53,3724add action=mark-packet chain=prerouting comment="games packet mark starcraft2" dst-address-list=\

    external-nets new-packet-mark=games-in passthrough=no protocol=udp src-port=1119,6113add action=mark-packet chain=prerouting comment="games packet mark HoN" dst-address-list=\ external-nets new-packet-mark=games-in passthrough=no protocol=udp src-port=11031,11235-11335add action=mark-packet chain=prerouting comment="games packet mark steam in" dst-address-list=\ external-nets new-packet-mark=games-in passthrough=no port=4380,28960,27000-27030 protocol=udpadd action=mark-packet chain=prerouting comment="games packet mark steam out" dst-port=\ 53,1500,3005,3101,3478,4379-4380,4380,28960,27000-27030,28960 new-packet-mar

    k=games-out \ passthrough=no protocol=udp src-address-list=internal-netsadd action=mark-packet chain=prerouting comment="games packet mark xbox live" dst-address-list=\ external-nets new-packet-mark=games-in passthrough=no protocol=udp src-port=88,3074,3544,4500add action=mark-packet chain=prerouting comment="games packet mark ps3 online" dst-address-list=\ external-nets new-packet-mark=games-in passthrough=no protocol=udp src-port=3478,3479,3658

  • 8/11/2019 QoS No Mikrotik Esta a Verso 6 Do RouterOS

    4/6

    add action=mark-packet chain=prerouting comment="games packet mark in" connection-mark=games \ dst-address-list=external-nets new-packet-mark=games-in passthrough=noadd action=mark-packet chain=prerouting comment="games packet mark out" connection-mark=games \ new-packet-mark=games-out passthrough=noadd action=mark-packet chain=prerouting comment="voip-in packet mark teamspeak"dst-address-list=\ external-nets new-packet-mark=voip-in passthrough=no protocol=udp src-port=9987add action=mark-packet chain=prerouting comment="voip-out packet mark teamspeak"dst-port=9987 \ new-packet-mark=voip-out passthrough=no protocol=udp src-address-list=internal-netsadd action=mark-packet chain=prerouting comment="voip-out packet mark teamspeak"dst-address-list=\ external-nets new-packet-mark=voip-in passthrough=no protocol=udp src-port=9987add action=mark-packet chain=prerouting comment="voip-in packet mark ventrilo" dst-address-list=\ external-nets new-packet-mark=voip-in passthrough=no protocol=udp src-port=3784add action=mark-packet chain=prerouting comment="voip-out packet mark ventrilo"dst-port=3784 \

    new-packet-mark=voip-out passthrough=no protocol=udp src-address-list=internal-netsadd action=mark-packet chain=prerouting comment="voip-in packet mark ventrilo" dst-address-list=\ external-nets new-packet-mark=voip-in passthrough=no protocol=tcp src-port=3784add action=mark-packet chain=prerouting comment="voip-out packet mark ventrilo"dst-port=3784 \ new-packet-mark=voip-out passthrough=no protocol=tcp src-address-list=internal-netsadd action=mark-packet chain=prerouting comment="voip-in packet mark SIP" dst-address-list=\ internal-nets new-packet-mark=voip-in passthrough=no port=5060 protocol=tcp

    add action=mark-packet chain=prerouting comment="voip-out packet mark SIP" new-packet-mark=voip-out \ passthrough=no port=5060 protocol=tcp src-address-list=internal-netsadd action=mark-packet chain=prerouting comment="voip-in packet mark udp SIP" dst-address-list=\ internal-nets new-packet-mark=voip-in passthrough=no port=5004,5060 protocol=udpadd action=mark-packet chain=prerouting comment="voip-out packet mark udp SIP" new-packet-mark=\ voip-out passthrough=no port=5004,5060 protocol=udp src-address-list=internal-netsadd action=mark-packet chain=prerouting comment="voip-in packet mark RTP" dst-address-list=\

    internal-nets new-packet-mark=voip-in packet-size=100-400 passthrough=no port=16348-32768 \ protocol=udpadd action=mark-packet chain=prerouting comment="voip-out packet mark RTP" new-packet-mark=voip-in \ packet-size=100-400 passthrough=no port=16348-32768 protocol=udp src-address-list=internal-netsadd action=mark-packet chain=prerouting comment="vpn-in packet mark GRE" in-interface=ether1 \ new-packet-mark=vpn-in passthrough=no protocol=gre

  • 8/11/2019 QoS No Mikrotik Esta a Verso 6 Do RouterOS

    5/6

    add action=mark-packet chain=prerouting comment="vpn-out packet mark GRE" new-packet-mark=vpn-out \ passthrough=no protocol=greadd action=mark-packet chain=prerouting comment="vpn-in packet mark ESP" in-interface=ether1 \ new-packet-mark=vpn-in passthrough=no protocol=ipsec-espadd action=mark-packet chain=prerouting comment="vpn-out packet mark ESP" new-packet-mark=vpn-out \ passthrough=no protocol=ipsec-espadd action=mark-packet chain=prerouting comment="vpn-in packet mark VPN UDP ports" in-interface=\ ether1 new-packet-mark=vpn-in passthrough=no protocol=udp src-port=500,1701,4500add action=mark-packet chain=prerouting comment="vpn-out packet mark VPN UDP ports" \ new-packet-mark=vpn-out passthrough=no protocol=udp src-port=500,1701,4500add action=mark-packet chain=prerouting comment="vpn-in packet mark PPTP" in-interface=ether1 \ new-packet-mark=vpn-in passthrough=no protocol=tcp src-port=1723add action=mark-packet chain=prerouting comment="vpn-out packet mark PPTP" new-packet-mark=vpn-out \ passthrough=no protocol=tcp src-port=1723add action=mark-packet chain=prerouting comment="all in" in-interface=ether1 new-packet-mark=in \

    passthrough=noadd action=mark-packet chain=prerouting comment="all out" new-packet-mark=out passthrough=no

    # Vamos agora comear a configurar o nosso filas

    /queue typeadd kind=pfifo name=streaming-video-in pfifo-limit=500add kind=pcq name=games-in-pcq pcq-burst-rate=0 pcq-burst-threshold=0 pcq-burst-time=10s pcq-classifier=dst-address pcq-dst-address-mask=32 pcq-dst-address6-mask=64 \ pcq-limit=50 pcq-rate=100k pcq-src-address-mask=32 pcq-src-address6-mask=64

    pcq-total-limit=750000

    /queue treeadd burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \ max-limit=10M name=in parent=global priority=8add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \ max-limit=10M name=out parent=global priority=8

    /queue treeadd max-limit=10M name=in parent=global queue=defaultadd max-limit=10M name=out parent=global queue=default

    add limit-at=3M max-limit=10M name=http-in packet-mark=http-in parent=in priority=4 queue=defaultadd limit-at=4M max-limit=10M name=streaming-video-in packet-mark=streaming-video-in parent=in \ priority=3 queue=streaming-video-inadd limit-at=500k max-limit=10M name=gaming-in packet-mark=games-in parent=in priority=2 queue=\ games-in-pcqadd max-limit=10M name=download-in packet-mark=in parent=in queue=defaultadd max-limit=10M name=upload-out packet-mark=out parent=out queue=default

  • 8/11/2019 QoS No Mikrotik Esta a Verso 6 Do RouterOS

    6/6

    add limit-at=500k max-limit=10M name=gaming-out packet-mark=games-out parent=outpriority=2 queue=\ defaultadd limit-at=3M max-limit=10M name=http-out packet-mark=http-out parent=out priority=4 queue=defaultadd limit-at=4M max-limit=10M name=streaming-video-out packet-mark=streaming-video-out parent=out \ priority=3 queue=defaultadd limit-at=1M max-limit=10M name=customer-servers-in packet-mark=customer-servers-in parent=in \ priority=1 queue=defaultadd limit-at=1M max-limit=10M name=customer-servers-out packet-mark=customer-servers-out parent=out \ priority=1 queue=defaultadd limit-at=500k max-limit=10M name=voip-in packet-mark=voip-in parent=in priority=1 queue=defaultadd limit-at=500k max-limit=10M name=vpn-in packet-mark=vpn-in parent=in priority=2 queue=defaultadd limit-at=500k max-limit=10M name=voip-out packet-mark=voip-out parent=out priority=1 queue=\ defaultadd limit-at=500k max-limit=10M name=vpn-out packet-mark=vpn-out parent=out priority=2 queue=defaultadd limit-at=500k max-limit=10M name=admin-in packet-mark=admin-in parent=in pri

    ority=1 queue=defaultadd limit-at=500k max-limit=10M name=admin-out packet-mark=admin-out parent=outpriority=1 queue=\ default


Manual Mikrotik Completo(((((((((

Manual Mikrotik Completo(((((((((

Documents
Tutorail FailOver Mikrotik

Tutorail FailOver Mikrotik

Documents
TREINAMENTO MIKROTIK - MTCWE

TREINAMENTO MIKROTIK - MTCWE

Documents
Palestra QoS

Palestra QoS

Technology
Mikrotik 001

Mikrotik 001

Documents
Curso oficial Mikrotik

Curso oficial Mikrotik

Technology
Mikrotik Firewall

Mikrotik Firewall

Documents
PEMANFAATAN MIKROTIK ROUTERBOARD SEBAGAI …

PEMANFAATAN MIKROTIK ROUTERBOARD SEBAGAI …

Documents
Rede TEL-Mikrotik

Rede TEL-Mikrotik

Documents
QUADRO DO EFETIVO POR POSTO EXISTENTE QUADRO/POSTOCEL TEN CEL MAJCAP1ºTEN2ºTENASP OFTOTAL QOC QOA/E QOS/MÉD. QOS/FA QOS/ENF QOS/DENT TOTAL

QUADRO DO EFETIVO POR POSTO EXISTENTE QUADRO/POSTOCEL TEN CEL MAJCAP1ºTEN2ºTENASP OFTOTAL QOC QOA/E QOS/MÉD. QOS/FA QOS/ENF QOS/DENT TOTAL

Documents
RouterOS + SwOS - mum.mikrotik.commum.mikrotik.com/presentations/BR10/08-antonio.pdf · Objetivo Como implementar e gerenciar uma rede totalmente baseada em soluções Mikrotik?

RouterOS + SwOS - mum.mikrotik.commum.mikrotik.com/presentations/BR10/08-antonio.pdf · Objetivo Como implementar e gerenciar uma rede totalmente baseada em soluções Mikrotik?

Documents
Introducao mikrotik

Introducao mikrotik

Technology
Wireless Com Mikrotik

Wireless Com Mikrotik

Documents
Magdiel da Costa Santos Bel. Ciências da Computação e Pós Graduado em Redes. Provimento de Acesso desde 1995 RouterOS desde 2002 Trainer Mikrotik

Magdiel da Costa Santos Bel. Ciências da Computação e Pós Graduado em Redes. Provimento de Acesso desde 1995 RouterOS desde 2002 Trainer Mikrotik

Documents
Mikrotik manual

Mikrotik manual

Documents
Mikrotik - WebProxy

Mikrotik - WebProxy

Documents
Mikrotik Smart Server Rev1

Mikrotik Smart Server Rev1

Documents
configuraçoes iniciais mikrotik

configuraçoes iniciais mikrotik

Documents
6 motivos para atualizar a versão do RouterOS · 6 motivos para atualizar a versão do RouterOS Pietro Scherer MUM Brazil 2018 - São Paulo

6 motivos para atualizar a versão do RouterOS · 6 motivos para atualizar a versão do RouterOS Pietro Scherer MUM Brazil 2018 - São Paulo

Documents
Dual Stack / Pilha Dupla - mum.mikrotik.com · - O IPv6 aumentou o endereçamento IP de 32 para 128 bits. Um pouco sobre IPv6. 6 IPv6 no MikroTik RouterOS: 7 IPv6 no MikroTik RouterOS:

Dual Stack / Pilha Dupla - mum.mikrotik.com · - O IPv6 aumentou o endereçamento IP de 32 para 128 bits. Um pouco sobre IPv6. 6 IPv6 no MikroTik RouterOS: 7 IPv6 no MikroTik RouterOS:

Documents
Mikrotik Recife (1)

Mikrotik Recife (1)

Documents
Curso Oficial Do Mikrotik

Curso Oficial Do Mikrotik

Documents
Novas implementações do MikroTik RouterOS para 2017usetelecom.com.br/site/wp-content/uploads/2016/12/ISP-Padrão... · Oficial MikroTik desde 2012. Tem experiência com FreeBSD,

Novas implementações do MikroTik RouterOS para 2017usetelecom.com.br/site/wp-content/uploads/2016/12/ISP-Padrão... · Oficial MikroTik desde 2012. Tem experiência com FreeBSD,

Documents
IPv6 ! Por que? Quando? Como? · - Consultor e trainer oficial Mikrotik Francisco Neto ... O cabeçalho possui um campo para QoS. ... • Configurando um DHCP client v6

IPv6 ! Por que? Quando? Como? · - Consultor e trainer oficial Mikrotik Francisco Neto ... O cabeçalho possui um campo para QoS. ... • Configurando um DHCP client v6

Documents
Mikrotik Step by Step2

Mikrotik Step by Step2

Documents
Seguranca em IPv6 com Mikrotik RouterOS

Seguranca em IPv6 com Mikrotik RouterOS

Technology
TREINAMENTO MIKROTIK - MTCRE.pdf

TREINAMENTO MIKROTIK - MTCRE.pdf

Documents
Mikrotik Manual Hotspot

Mikrotik Manual Hotspot

Documents
QoS for voice applications - MUM - MikroTik User Meetingmum.mikrotik.com/presentations/BR11/11_Antonio.pdf · Objetivo Como aplicar qualidade de serviço em aplicações de voz sobre

QoS for voice applications - MUM - MikroTik User Meetingmum.mikrotik.com/presentations/BR11/11_Antonio.pdf · Objetivo Como aplicar qualidade de serviço em aplicações de voz sobre

Documents
Mikrotik User’s Meeting Rio de Janeiro - 2009 · Mikrotik User’s Meeting Rio de Janeiro ... VPN, etc. (graças ao Mikrotik) Maila Networks. ESCOLHENDO A PLATAFORMA Mikrotik

Mikrotik User’s Meeting Rio de Janeiro - 2009 · Mikrotik User’s Meeting Rio de Janeiro ... VPN, etc. (graças ao Mikrotik) Maila Networks. ESCOLHENDO A PLATAFORMA Mikrotik

Documents