Community discussions

MikroTik App
  4. RouterOS
  5. General

Mangle rules / queues & CPU, how to do it better

Post Reply
 
icepicknz
just joined
Topic Author
Posts: 18
Joined: Thu Jul 29, 2010 1:39 am

Mangle rules / queues & CPU, how to do it better

Wed Feb 22, 2012 1:04 am

Hey guys,

I have a set of rules as shown below. These are working fine with cpu averaging between 20-55% with 40-80Mbps throughput; and I'm hoping there is possibly a better way of doing it. I currently have 3 sets of queues, business users, residential users & unlimited users

I've been reading http://wiki.mikrotik.com/wiki/Manual:IP/Firewall/Mangle which suggests to use a mark-connection so not every packet needs to be inspected. I attempted this but had no joy so was wondering if anyone else had any suggestions on improving these queues to lower the CPU
Code: Select all
/queue tree
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=5M max-limit=10M name=Business_Users_IN packet-mark=Business_Users_Packet parent=Customers priority=4
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=2M max-limit=4M name="1 - IN - Critical Business_Users" packet-mark=Management_Business_Users,VoIP_Traffic_Business_Users parent=Business_Users_IN priority=1 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=1M max-limit=2M name="2 - IN - Urgent Business_Users" packet-mark="DNS Traffic_Business_Users,ICMP Traffic_Business_Users" parent=Business_Users_IN priority=2 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=3M max-limit=8M name="3 - IN - Small Business_Users" packet-mark="HTTP traffic_Business_Users,remain_512k_Business_Users" parent=Business_Users_IN priority=3 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=1500k max-limit=5M name="4 - IN - Remaining 1.5Mb Business_Users" packet-mark=remain_1.5mb_Business_Users parent=Business_Users_IN priority=4 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=1M max-limit=5M name="5 - IN - Remaining 5Mb Business_Users" packet-mark=remain_5mb_Business_Users parent=Business_Users_IN priority=5 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=512k max-limit=4M name="6 - IN - Mail Business_Users" packet-mark="MAIL traffic_Business_Users" parent=Business_Users_IN priority=6 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=1M max-limit=6M name="7 - IN - Download Business_Users" packet-mark="Download traffic_Business_Users,remaining_in_Business_Users" parent=Business_Users_IN priority=7 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=256k max-limit=2M name="8 - IN - P2P Business_Users" packet-mark="P2P traffic_Business_Users" parent=Business_Users_IN priority=8 queue=default


/ip firewall mangle
add action=mark-connection chain=forward comment="Business_Users Connection" disabled=no dst-address-list=Business_Users new-connection-mark=Business_Users_Conn passthrough=yes
add action=mark-packet chain=forward comment="Business_Users Pool Packet" connection-mark=Business_Users_Conn disabled=no new-packet-mark=Business_Users_Packet passthrough=no

add action=mark-packet chain=postrouting comment="DNS traffic Business_Users" disabled=no dst-address-list=Business_Users new-packet-mark="DNS Traffic_Business_Users" passthrough=yes protocol=tcp src-port=53
add action=mark-packet chain=postrouting comment="DNS traffic Business_Users" disabled=no dst-address-list=Business_Users new-packet-mark="DNS Traffic_Business_Users" passthrough=no protocol=udp src-port=53
add action=mark-packet chain=postrouting comment="Telnet traffic Business_Users" disabled=no dst-address-list=Business_Users new-packet-mark=Management_Business_Users passthrough=no protocol=tcp src-port=23
add action=mark-packet chain=postrouting comment="SSH traffic Business_Users" disabled=no dst-address-list=Business_Users new-packet-mark=Management_Business_Users packet-size=0-1400 passthrough=no protocol=tcp src-port=22
add action=mark-packet chain=postrouting comment="SIP Traffic 2Talk group" disabled=no dst-address-list=Business_Users new-packet-mark=VoIP_Traffic_Business_Users passthrough=no src-address-list=2Talk
add action=mark-packet chain=postrouting comment="SIP UDP Traffic Business_Users" disabled=no dst-address-list=Business_Users new-packet-mark=VoIP_Traffic_Business_Users passthrough=no protocol=udp src-port=5060
add action=mark-packet chain=postrouting comment="SIP TCP Traffic Business_Users" disabled=no dst-address-list=Business_Users new-packet-mark=VoIP_Traffic_Business_Users passthrough=no protocol=tcp src-port=5060
add action=mark-connection chain=postrouting comment="HTTP Mark Traffic Business_Users" disabled=no dst-address-list=Business_Users new-connection-mark="HTTP Connection_Business_Users" passthrough=yes protocol=tcp src-port=80
add action=mark-packet chain=postrouting comment="HTTP Traffic Business_Users" connection-bytes=0-1048576 disabled=no dst-address-list=Business_Users new-packet-mark="HTTP traffic_Business_Users" passthrough=no protocol=tcp src-port=80
add action=mark-packet chain=postrouting comment="DOWNLOAD HTTP Traffic Business_Users" connection-bytes=1048576-0 disabled=no dst-address-list=Business_Users new-packet-mark="Download traffic_Business_Users" passthrough=no protocol=tcp src-port=80
add action=mark-packet chain=postrouting comment="DOWNLOAD FTP Data traffic Business_Users" disabled=no dst-address-list=Business_Users new-packet-mark="Download traffic_Business_Users" passthrough=no protocol=tcp src-port=20
add action=mark-packet chain=postrouting comment="DOWNLOAD FTP traffic Business_Users" disabled=no dst-address-list=Business_Users new-packet-mark="Download traffic_Business_Users" passthrough=no protocol=tcp src-port=21
add action=mark-packet chain=postrouting comment="DOWNLOAD SFTP traffic Business_Users" disabled=no dst-address-list=Business_Users new-packet-mark="Download traffic_Business_Users" packet-size=1400-1500 passthrough=no protocol=tcp src-port=22
add action=mark-packet chain=postrouting comment="SSL Traffic Business_Users" disabled=no dst-address-list=Business_Users new-packet-mark="HTTP traffic_Business_Users" passthrough=no protocol=tcp src-port=443
add action=mark-packet chain=postrouting comment="POP3 Traffic Business_Users" disabled=no dst-address-list=Business_Users new-packet-mark="MAIL traffic_Business_Users" passthrough=no protocol=tcp src-port=110
add action=mark-packet chain=postrouting comment="SMTP Traffic Business_Users" disabled=no dst-address-list=Business_Users new-packet-mark="MAIL traffic_Business_Users" passthrough=no protocol=tcp src-port=25
add action=mark-packet chain=postrouting comment="IMAPS Traffic Business_Users" disabled=no dst-address-list=Business_Users new-packet-mark="MAIL traffic_Business_Users" passthrough=no protocol=tcp src-port=993
add action=mark-packet chain=postrouting comment="IMAP Traffic Business_Users" disabled=no dst-address-list=Business_Users new-packet-mark="MAIL traffic_Business_Users" passthrough=no protocol=tcp src-port=143
add action=mark-packet chain=postrouting comment="POP3S Traffic Business_Users" disabled=no dst-address-list=Business_Users new-packet-mark="MAIL traffic_Business_Users" passthrough=no protocol=tcp src-port=995
add action=mark-packet chain=postrouting comment="ICMP Traffic Business_Users" disabled=no dst-address-list=Business_Users new-packet-mark="ICMP Traffic_Business_Users" passthrough=no protocol=icmp
add action=mark-packet chain=postrouting comment="P2P Traffic Business_Users" disabled=no dst-address-list=Business_Users new-packet-mark="P2P traffic_Business_Users" p2p=all-p2p passthrough=no
add action=mark-packet chain=postrouting comment="Remaining to 512K Business_Users" connection-bytes=0-524288 disabled=no dst-address-list=Business_Users new-packet-mark=remain_512k_Business_Users passthrough=yes
add action=mark-packet chain=postrouting comment="Remaining to 1.5Mb Business_Users" connection-bytes=524288-1572864 disabled=no dst-address-list=Business_Users new-packet-mark=remain_1.5mb_Business_Users passthrough=yes
add action=mark-packet chain=postrouting comment="Remaining to 5mb Business_Users" connection-bytes=1572864-5242880 disabled=no dst-address-list=Business_Users new-packet-mark=remain_5mb_Business_Users passthrough=yes
add action=mark-packet chain=postrouting comment="Everything else that remains over 5mb Business_Users" connection-bytes=5242880-0 disabled=no dst-address-list=Business_Users new-packet-mark=remaining_in_Business_Users passthrough=no
Thanks in advance
Barry
Top
Post Reply

Who is online

Users browsing this forum: Semrush [Bot] and 105 guests
  4. RouterOS
  5. General