Hello friends
For every larger scale WISP, one of the biggest problems is the allways improving Bittorrent with encrypted protocols etc. The Mikrotik "all-p2p" is not powerfull enough to do the job. And if you don't handle this problem, you often see entire cells totally dominated by one or two users communicating with "the entire internet", effectively leaving all the reamining users on the cell off-line.
We have been figthing this problem for a long time, and I believe that we have found a better way, which I would like to share with you. Here are some tips, that should get you started:
Generally:
- Use central traffic identification on your powerfull main router (or on a bridged shaper on your uplink).
- On the shaper you need to mark all known p2p-connections. Then add all external adresses to a dynamic address-list (experiment with time-out for memory/performance reasons).
- Use the address-list to mark your local p2p-traffic, as it represents all known p2p-destinations (if you analyze BT-traffic, you always detect some un-encrypted packets in the beginning of a session).
- Use four priority levels (voip, surf with limited conn-bytes, best effort and p2p)
- Use DSCP-tagging on all traffic, and make sure that TOS=0 goes into "best effort". You allways tend to forget some traffic
- On all local equipment, you must use the DSCP-tags to mark the four traffic categories in order to queue them correctly
On the local routers with AP, you
- Create dynamic address lists for voip-destinations and p2p-users.
- Create your normal queues, but make the p2p-type more restrictive (very limited upload and a reasonable download)
- If a local user receives p2p-traffic, add him to the p2p address-list.
- All traffic to/from p2p-users is going through the restricted p2p-queue, except their voip-traffic
- Upload traffic is tagged and queued as follows:
- Voip as voip (use the DSCP info you already have through your address-list and the download traffic)
- P2P as P2P (all traffic except voip from your p2p-users)
- Surf upload from known surf-connections (via DSCP)
- The rest as best-effort
As a result, you are in control again. If a user starts using p2p, it is most likely identified quickly, as all the other known p2p-users are "telling" about the new p2p-user via the central address-list. The local p2p-user is effectively controlled the way you like. When the user quits his p2p-program, he will be "released" according to the time-out on the local p2p-users address-list.
And most important - if a p2p-user is calling support about his lower quality connection, you just give him the truth: He can use p2p as much as he wants, but when he does, the upload will be very restricted. As soon as he quits, his internet will be as good as his neighbors... and they need to be able to watch tv, speak on their phones etc...
And finally: The above is the key to have a well functioning QOS on the low-power Mikrotik gear we all loves. Let the hard work be done on an appropriate sized main router, and let the easy tasks be done locally.
I hope, that the above will help you to implement a better QOS ! Please don't beg for configurations - you will not get them from me, as I believe in "understanding before implementing".
Best regards
Kim