Mangler

desertadmin · July 26, 2005, 3:53pm

How do I effectively deploy the mangler against p2p users? I mean I know what commands to give the RouterBoard but the CPU jumpts to 80+ percent which really can kill the operation of the routerboard. I think perhaps this was a bug in 2.8.26. Should I just upgrade to the newest one? I have not seen much information as to whether that has been addressed or not.

If anyone has heard differently please post for me.

Thank you.

-Sincerely,
..::Eric::..

spire2z · July 26, 2005, 5:19pm

Maybe if the mangle uses too much CPU a tcp connetion limit on ports above 80 to a low number like 4 should stop p2p because it needs lots of connections.

desertadmin · July 26, 2005, 8:24pm

So do most people use the normal Routerboard with the mangler function or do most people use a 2.4 GHZ + Processor of a PC? I am just curious.

-Sincerely,
..::eric::..

UniKyrn · July 26, 2005, 10:41pm

One firewall forwarding rule; all-p2p->drop

spire2z · July 26, 2005, 10:46pm

From personal experience I found you need over 1 ghz to do complex queues and mangle. The connection limit helps to block p2p which is not droped by MT’s packet scanning engine whatever it is?

desertadmin · July 26, 2005, 10:51pm

Thank you for that command but I would rather not kill the p2p. See if you kill p2p then you are really not killing it. p2p will function on a different port and change its standard port numbers that they use to do the initial communications and that would sorta make the whole mangling process a lot uglier.

If you mangle straight p2p then it causes your other regular protocols/service requests to continue unintrruped but slow down the p2p sharing.

So.. I would like to know if the mangler is slowing down the CPU of the Mikrotik when mangling the p2p or if it is just not possible to run the p2p mangler for more than 8 clients.

wildbill442 · July 27, 2005, 7:32am

actually RouterOS with connection tracking enabled allows the router to detect P2P traffic regaurdless of the port.

And on our network we have a dedicated MT Box w/ a 1.8Ghz processor for firewalling, and queues.. It also has a few 2.4ghz cards in it that we used to replace antiquated equipment. It’s a little overkill tho our CPU usage rarely peaks above 20% but at least we know it will grow with our network.

desertadmin · July 27, 2005, 3:59pm

So then you really must have a 1 GHZ or better to provide best results with the mangler. We just have the standard 266 processor on the Router board and so of course that is not enough for the mangler to work properly.

Thank you all for your input.

-Sincerely,
..::eric::..