qos with pcc

Slyder · March 5, 2013, 7:03pm

Hi,

I am using a Mikrotik to share 2 adsl lines with a wireless network.
I followed this tutorial for the sharing:
http://wiki.mikrotik.com/wiki/Manual:PCC

The sharing is working fine, my problem though is that I cannot figure out how to block p2p. I have tried adding a filter rule chain: forward, p2p: all-p2p, action: drop.
This doesnt appear to work as I can still download from p2p.

I have also tried mangle as follows
chain: prerouting, p2p: all-p2p, action: mark-connection, new conn. mark: p2p and I unticked passthrough.

I thought that maybe if the connection mark is different to what pcc uses the connection will skip the routing gateway. I don’t really understand how mangle and routing ties together.

Is there somewhere where I can get a good guide on how everything works, I have searched online but just find the mikrotik guides which are really in depth, no beginner stuff.

Thanx

dotnet · March 13, 2013, 8:26am

i think you don’t need to block p2p. it will be open but bandwidth will set as your requirement …
just follow the rule …

/queue simple
add name=“main” target-addresses=192.168.0.0/24 max-limit=512000/512000
add name=“http” parent=main packet-marks=http max-limit=256000/256000 priority=1
add name=“p2p” parent=main packet-marks=p2p max-limit=56000/56000 priority=8
add name=“other” parent=main packet-marks=other max-limit=200000/200000 priority=5

/ip firewall mangle
add chain=prerouting protocol=tcp dst-port=80 action=mark-connection new-connection-mark=http_conn passthrough=yes
add chain=prerouting connection-mark=http_conn action=mark-packet new-packet-mark=http passthrough=no

add chain=prerouting p2p=all-p2p action=mark-connection new-connection-mark=p2p_conn passthrough=yes
add chain=prerouting connection-mark=p2p_conn action=mark-packet new-packet-mark=p2p passthrough=no

add chain=prerouting action=mark-connection new-connection-mark=other_conn passthrough=yes
add chain=prerouting connection-mark=other_conn action=mark-packet new-packet-mark=other passthrough=no

Slyder · March 15, 2013, 10:08am

Thanx Suman,

I have tested and this works if I don’t have load balancing but what about if I have load balancing enabled?

This could get a lot more complex so I am not sure if it is possible?

Thanx

dotnet · March 18, 2013, 4:57am

1st your have to need setup a bridge then it will be ok
pls follow the rules :

/ interface bridge
add name=“bridge1”
/ interface bridge port
add interface=ether2 bridge=bridge1
add interface=ether3 bridge=bridge1

/interface bridge settings
set use-ip-firewall=yes

Best regards