Is there a way to mark Windows 10 update packets on the fly, allowing to perform QOS on them?
Many of my clients complain that MS updates are bogging down their available bandwidth, and when they want to do something.
Every case has been on Windows 10 machines, and I would like to mitigate this so their user experience is better.
The end goal is to have rules set so Windows 10 updates have the lower priority to normal web usage.
Any idea how this can be achieved?
You can follow a more general approach, and mark regular HTTP/S, and HTTP/HTTPs “downloads” (more than X Mb on a given established connection, 5MB in this example) using mangle connection-bytes:
add action=mark-connection chain=prerouting dst-port=80,443 new-connection-mark=HTTP packet-mark=no-mark protocol=tcp
add action=mark-packet chain=forward connection-bytes=5000000-0 connection-mark=HTTP new-packet-mark=HTTP_PD passthrough=no protocol=tcp
add action=mark-packet chain=forward connection-mark=HTTP new-packet-mark=HTTP_P passthrough=no
Then assign a lower priority, and stricter bandwidth allowances using different queues for regular HTTP/S (HTTP_P packet mark) and “download” HTTP/S (HTTP_PD) queue tree.
This way not only MS updates will be “throttled down”, but iOS, OS X, android updates, jdownloader, youtube…
This solution is a little broad.
I am trying to mark using layer7 “User-Agent:.Microsoft-Delivery-Optimization”
Then marking packets, then creating queue to set maximum bandwidth allowed by Windows 10 updates.
Busy testing now, will need to test for some time, but so far it seems to be working
ip firewall layer7-protocol add name=MicrosoftUpdates regexp=User-Agent:.Microsoft-Delivery-Optimization
ip firewall mangle add action=mark-packet chain=prerouting comment="Microsoft Updates" layer7-protocol=MicrosoftUpdates new-packet-mark=msupdates
queue tree add max-limit=10M name=Limit_Windows_Update packet-mark=ms parent="Parent_Interface_Here" queue=default
Some of the domains for windows update can be found @ https://technet.microsoft.com/en-gb/library/bb693717.aspx
You can add these to address list in the firewall and use that to mark packets. You would probably also need to use the Layer 7 approach you’re also looking into to catch the new inter PC Windows updates that now share updates similar to BitTorrent. Either that or start sniffing the traffic to see if you can find the traffic relating to some form of tracker\s that Microsoft is using to coordinate the new update sharing and produce a method to identify it.