I have made some setup I’d like to share with forum to see if any improvements can be made.
First, situation:
1 4M/4M symmetric line with little latency
2 8M/800k adsl line with some higher latency.
3 200 Customers can download with 3Mb and most of them have Voip or Skype etc.
4 Some customers pay for higher then 4Mb download. (Their port 80 traffic goes to adsl anyway.)
5 All local customer IP are masqueraded to public IP of interface where traffic is leaving router to internet.
Goal:
Fast browsing and fast and reliable ´real time´ traffic like Voip, Skype etc.
Heavy download traffic to make use of adsl line to keep 4/4 free for ´real time´traffic. ADSL also has more capacity to full fill heavy download demands.
Device:
RB1000, 3 public and 1 local interface.
For purpose of this example 3rd public interface is left out. This is an extra adsl line but for simplicity we disregard this one now.
Approach:
Most heavy downloads from customer that are difficult to catch (not P2P, or ftp. Existing filters give them mark for low priority queue) are just port 80 kind of traffic. Streaming video, buffered video, file download sessions and even some P2P that slipped through other filters.
The idea is with the use of Conn. rate limiter combined with PCC filter traffic that after some time data stream has shown to be heavy download, the src-address of this stream is put in special address list “gw_jump” and gets a timeout of at least 30 secs.
Next filter with src address list classifier mark traffic with new conn.mark whereafter that connection is given router mark in next filter. Router mark now depicts adsl line in the policy routing table.
All other traffic not falling in heavy category is returned to original prerouting chain and gets routing mark to go to 4/4 symmetric line.
I am aware that when traffic stream reaches limits the routing mark will jump and thus the route to the internet which break the data stream. Server lost connection and download have to be started again by client which then comes to server with new IP. But this is one time event for such download, after this download proceeds faster.
The idea is that usual people start several downloads in same ´internet´ session while other times they only browse a bit, read mail and chat online. I want them to give best line most of the time, but biggest pipe when they need it.
The only disadvantage I see so far is the break in the data stream due the WAN interface jump.
I tested this with MT ROS package download and yes, after some secs download stops. But with a simple click to restart it download starts again from where it stopped and now download runs on adsl line and completes.
After download finished and address-list time-out is passed all port 80 traffic is back to 4/4 line again, until download triggers route jump again…
I tested it with streaming live television. With a small hiccup the stream just picked up by itself! On the new public interface! Great!
But maybe some setbacks? Or improvements to be made?
Code:
Part of routing table:
/ip route
add check-gateway=ping comment=“” disabled=no distance=1 dst-address=0.0.0.0/0 gateway=xx.xxx.xx.1 routing-mark=GW1 scope=30 target-scope=10
add comment=“” disabled=no distance=1 dst-address=0.0.0.0/0 gateway=10.10.4.1 routing-mark=GW2 scope=30 target-scope=10
add comment=“” disabled=no distance=1 dst-address=0.0.0.0/0 gateway=10.10.5.1 routing-mark=GW3 scope=30 target-scope=10
policy routes. GW3 is second adsl line, just to be complete.
Mangle:
add action=jump chain=prerouting comment=“All traffic jumps to chain "gw_test"” disabled=no jump-target=gw_test
traffic jump to new chain
add action=mark-connection chain=gw_test comment=“ALL but "heavy_traffic_conn" get "all_conn" connection mark” connection-mark=!heavy_traffic_conn
disabled=no dst-port=80 new-connection-mark=all_conn passthrough=yes protocol=tcp
traffic in new chain get “all_conn” mark for further processing
add action=add-src-to-address-list address-list=Re_Route address-list-timeout=30s chain=gw_test comment=
“"all_conn" marked connections that also apply to CB, CR and PCC see its src address listed in "Re-Route" src address with timeout of 30 secs”
connection-bytes=500000-0 connection-mark=all_conn connection-rate=200k-100M disabled=no in-interface=Local per-connection-classifier=src-address:1/0
protocol=tcp
If data stream is falling in filter classifier (and PCC looks only to connection that has same src address) then the src address of this connection gets listed in address-list with a timeout of 30 secs
add action=mark-connection chain=gw_test comment=“"Re-Route" src address list connections get connection mark "heavy_traffic_conn"” disabled=no
new-connection-mark=heavy_traffic_conn passthrough=yes protocol=tcp src-address-list=Re_Route
connections with src-address-list “Re-Route” get new connection mark
add action=mark-routing chain=gw_test comment=“"heavy_traffic_conn" gets routing mark "GW2"” connection-mark=heavy_traffic_conn disabled=no dst-port=80
new-routing-mark=GW2 passthrough=no protocol=tcp
“heavy_traffic_conn” marked connection gets new routing mark GW2 and is not passed through (=leaves filter=)
add action=return chain=gw_test comment=“Rest of traffic gets "other_traffic" traffic mark.” connection-mark=all_conn disabled=no
All traffic not falling in process and still in the chain is returned to preroute chain were further decisions are made for routing.
The setup worked with me in the middle of the night when there was ample traffic around. Tomorrow we see if this also works when bulk traffic of users start to use the network…