Friends, because my QoS for some time now marks the packages of YOUTUBE in the packages of the WEB navigation, someone to help me with that. Thank you.
Google’s use of same IP addresses (often of local caches) for all their services doesn’t make it exactly easy to distinguish web browsing on their less bandwidth-intensive services from downloading of youtube videos. So if you want to slow down the download of Youtube videos in favor of faster download of regular web pages, it makes more sense to prioritize connections until they reach some volume of transported data and then start using lower bandwidth and/or priority queue for them.
A separate quest is to tell QUIC from other UDP streams, as there is usually no point in throttling “normal” UDP while QUIC is a TCP-like protocol encapsulated into UDP so throtlling it makes sense.
you want to say that it is better to mark YOUTUBE packages by QUIC, instead of marking them by layer protocol 7?
No, I just gave my recommendations to classify by connection data volume rather than the particular service. And I’ve pointed out that QUIC is a specific issue to address which may not have been there when you’ve set up your configuration.
What else did you expect to get when you haven’t posted your current configuration?
this is my mangle:
/ip firewall mangle
add action=mark-connection chain=prerouting comment=“-----ICMP (PING)-----”
new-connection-mark=ICMP_C passthrough=yes protocol=icmp
add action=mark-packet chain=prerouting connection-mark=ICMP_C new-packet-mark=
ICMP passthrough=no
add action=mark-connection chain=prerouting comment=-----DNS-----
new-connection-mark=DNS_C passthrough=yes port=53 protocol=udp
add action=mark-packet chain=prerouting connection-mark=DNS_C new-packet-mark=
DNS passthrough=no
add action=mark-connection chain=prerouting comment=-----FACEBOOK-----
layer7-protocol=FACEBOOK new-connection-mark=FACEBOOK_C passthrough=yes
add action=mark-packet chain=prerouting connection-mark=FACEBOOK_C
new-packet-mark=FACEBOOK passthrough=no
add action=mark-connection chain=prerouting comment=-----YOUTUBE-----
layer7-protocol=YOUTUBE new-connection-mark=YOUTUBE_C passthrough=yes
add action=mark-packet chain=prerouting connection-mark=YOUTUBE_C
new-packet-mark=YOUTUBE passthrough=no
add action=mark-connection chain=prerouting comment=-----WEB-----
connection-mark=!WEB_BIG new-connection-mark=WEB_C passthrough=yes port=
80,443,554,8000-9000 protocol=tcp
add action=mark-connection chain=prerouting comment=-----WEB-BIG-----
connection-bytes=2496000-0 connection-mark=WEB_C connection-rate=
2112k-10240k new-connection-mark=WEB_BIG passthrough=yes src-address-list=
“BLOQUEO CYBER”
add action=mark-packet chain=prerouting connection-mark=WEB_BIG
new-packet-mark=WEB-BIG passthrough=no
add action=mark-packet chain=prerouting connection-mark=WEB_C new-packet-mark=
WEB passthrough=no
add action=mark-connection chain=prerouting comment=-----REST-----
new-connection-mark=REST_C passthrough=yes
add action=mark-packet chain=prerouting connection-mark=REST_C new-packet-mark=
REST passthrough=no
Who guides me in my concern?
Do you expect us to magically know your layer7 rules? Instead of the full configuration minus sensitive information, you’ve posted just the mangle rules.
layer 7 protocol:
/ip firewall layer7-protocol
add name=YOUTUBE regexp=“^..+\.(youtube.com|googlevideo.com|akamaihd.net).$"
add name=FACEBOOK regexp="^..+\.(facebook.com|facebook.net|fbcdn.com|fbsbx.com|
fbcdn.net|fb.com|tfbnw.net).$”
what else do you need syndi
At the moment just time. Your L7 rules rely on a couple of domain names to be present in the initial packets of a connection, but something may have changed in how Google names the sites from which the videos are downloaded, and also if your browser supports QUIC, the domain name may not be there in plaintext at all. Such changes may happen any time, that’s why I prefer the classification based on traffic characteristics rather than on particular site names.
ok, then how would the mangle rules for good QoS be, according to your criteria?
You mentioned your rule already works so why not just skip youtube connections in your WEB marking
connection-mark=!YOUTUBE
and how would that brand friend?
someone who has a QoS, if you can attach your mangle?
Have you already solved this topic?
Actually i’m configuring my QoS but the QUIC protocol its a big problem. I used wireshark to catch youtube’s packets and the first QUIC packet (packet that initiates the session) have a server name field as “www.youtube.com” but when i configure mangle rules don’t works.
My layer 7 regexs works fine (i probed on many regex pages).
Any ideas?
here’s the simple mangle rule:
/ip firewall mangle
add action=mark-connection chain=forward comment=“DownYoutube” in-interface=
out-interface layer7-protocol=Youtube new-connection-mark=DownUDP
passthrough=yes port=80,443 protocol=udp
First, I am a bit confused about your in-interface=out-interface matching. If out-interface is the name of the WAN interface, then this rule can only match on the response packets from the server, and I hazily remember the server name in plaintext is in the request packet from the client.
Second, there are few services that use UDP and port 443, so unless you want to assign different priority to QUIC streams depending on server name, you may skip matching on layer7-protocol at all?
Reply the first point: i didn’t see the src address in that quic packet. Its from my local host. Thank’s men
Second: I’m trying to differentiate services to do quality of service. For example, the QUIC protocol is already on facebook and youtube. I would like to give youtube more priority for my clients but with this google protocol I can’t tell them apart. I could disable QUIC in chrome browsers, but in apps on every phone for every client, it’s impossible.