※ 本文為 layzer 轉寄自 ptt.cc 更新時間: 2012-10-15 07:29:34
看板 Network
作者 標題 Re: [心得] 軟路由的使用心得-RouterOS
時間 Fri Sep 17 01:56:25 2010
逐行解釋,不知道要寫到什麼時候,我還是直接貼我的設定,有興趣的再去找document對照著看,
一般HTB+PCQ只需靠in-interface來分別判斷封包是由內而外還是由外而內
但不知道是不是我設定pppoe的方式導致mangle總抓不到全部由內而外(上傳)的封包,導致queue tree也變得很怪,會被突破限制,
後來試出使用src-address來抓出上傳封包,終於都抓到了,且連靜態IP & DHCP都一併解決了。
我的網路環境是20m光纖,RouterOS的版本是4.10,需注意的是3.x版queue type及queue tree有其他的bug無法使用以下的設定
也許官方並沒考慮到pppoe這種類似虛擬網卡的裝置要如何被歸類,總之他無法由對內的網卡截取到
/ip firewall mangle
chain=prerouting action=mark-packet new-packet-mark=first-priority-up passthrough=no dst-address=xxx.xxx.xxx.xxx
chain=prerouting action=mark-packet new-packet-mark=first-priority-down passthrough=no src-address=xxx.xxx.xxx.xxx
;;; Qos_SYN-up
chain=prerouting action=mark-packet new-packet-mark=first-priority-up passthrough=no tcp-flags=syn protocol=tcp src-address=192.168.0.0/16 packet-size=0-666
;;; Qos_ACK-up
chain=prerouting action=mark-packet new-packet-mark=first-priority-up passthrough=no tcp-flags=ack protocol=tcp src-address=192.168.0.0/16 packet-size=0-123
;;; p2p-up
chain=prerouting action=mark-packet new-packet-mark=p2p-up passthrough=no p2p=all-p2p src-address=192.168.0.0/16
;;; small_packet-up
chain=prerouting action=mark-packet new-packet-mark=small_packet-up passthrough=no p2p=!all-p2p src-address=192.168.0.0/16 packet-size=1-512
;;; big_packet-up
chain=prerouting action=mark-packet new-packet-mark=big_packet-up passthrough=no p2p=!all-p2p src-address=192.168.0.0/16 packet-size=512-1200
;;; general-up
chain=prerouting action=mark-packet new-packet-mark=general-up passthrough=no p2p=!all-p2p src-address=192.168.0.0/16
;;; Qos_SYN-down
chain=prerouting action=mark-packet new-packet-mark=first-priority-down passthrough=no tcp-flags=syn protocol=tcp in-interface=Hinet-Vdsl packet-size=0-666
;;; Qos_ACK-down
chain=prerouting action=mark-packet new-packet-mark=first-priority-down passthrough=no tcp-flags=ack protocol=tcp in-interface=Hinet-Vdsl packet-size=0-123
;;; ICMP
chain=prerouting action=mark-packet new-packet-mark=icmp_packet passthrough=no protocol=icmp
;;; p2p-down
chain=prerouting action=mark-packet new-packet-mark=p2p-down passthrough=no p2p=all-p2p in-interface=Hinet-Vdsl
;;; small_packet-down
chain=prerouting action=mark-packet new-packet-mark=small_packet-down passthrough=no p2p=!all-p2p in-interface=Hinet-Vdsl packet-size=1-512
;;; big_packet-down
chain=prerouting action=mark-packet new-packet-mark=big_packet-down passthrough=no p2p=!all-p2p in-interface=Hinet-Vdsl packet-size=512-1200
;;; general-down
chain=prerouting action=mark-packet new-packet-mark=general-down passthrough=no p2p=!all-p2p in-interface=Hinet-Vdsl
設定queue type,使用pcq作為佇列類型,pcq-rate對應到每個ip的最大速度
/queue type
name="Gen_download" kind=pcq pcq-rate=13000000 pcq-limit=50 pcq-classifier=dst-address pcq-total-limit=1000
name="Gen_upload" kind=pcq pcq-rate=400000 pcq-limit=50 pcq-classifier=src-address pcq-total-limit=100
建立queue tree設定每個queue及sub-queue的優先權和該queue的最大頻寬
/queue tree
name="Download" parent=global-in limit-at=0 priority=8 max-limit=19M burst-limit=0 burst-threshold=0 burst-time=0s
name="Upload" parent=global-in limit-at=0 priority=8 max-limit=1650k burst-limit=0 burst-threshold=0 burst-time=0s
name="p2p_download" parent=Download packet-mark=p2p-down limit-at=0 queue=Gen_download priority=8 max-limit=15M burst-limit=0 burst-threshold=0 burst-time=0s
name="p2p_upload" parent=Upload packet-mark=p2p-up limit-at=0 queue=Gen_upload priority=8 max-limit=1M burst-limit=0 burst-threshold=0 burst-time=0s
name="first_prioity-up" parent=Upload packet-mark=first-priority-up limit-at=32k queue=default priority=1 max-limit=1M burst-limit=0 burst-threshold=0 burst-time=0s
name="general_download" parent=Download packet-mark=general-down limit-at=0 queue=Gen_download priority=7 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s
name="small_upload" parent=Upload packet-mark=small_packet-up limit-at=0 queue=default priority=5 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s
name="big_upload" parent=Upload packet-mark=big_packet-up limit-at=0 queue=default priority=6 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s
name="small_download" parent=Download packet-mark=small_packet-down limit-at=0 queue=Gen_download priority=5 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s
name="big_download" parent=Download packet-mark=big_packet-down limit-at=0 queue=Gen_download priority=6 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s
name="first_prioity-down" parent=Download packet-mark=first-priority-down limit-at=32k queue=Gen_download priority=1 max-limit=1M burst-limit=0 burst-threshold=0 burst-time=0s
name="general-up" parent=Upload packet-mark=general-up limit-at=0 queue=Gen_upload priority=7 max-limit=1M burst-limit=0 burst-threshold=0 burst-time=0s
name="icmp_download" parent=global-out packet-mark=icmp_packet limit-at=32k queue=Gen_download priority=1 max-limit=2M burst-limit=0 burst-threshold=0 burst-time=0s
name="icmp_upload" parent=global-in packet-mark=icmp_packet limit-at=32k queue=default priority=1 max-limit=512k burst-limit=0 burst-threshold=0 burst-time=0s
--
※ 發信站: 批踢踢實業坊(ptt.cc)
◆ From: 122.116.219.48
--
※ 看板: layzer 文章推薦值: 0 目前人氣: 0 累積人氣: 927
回列表(←)
分享