Page 1 of 1

QoS

Posted: Fri Jun 14, 2019 6:02 pm
by eldoncito2019
Friends, because my QoS for some time now marks the packages of YOUTUBE in the packages of the WEB navigation, someone to help me with that. Thank you.

Re: QoS

Posted: Fri Jun 14, 2019 6:57 pm
by sindy
Google's use of same IP addresses (often of local caches) for all their services doesn't make it exactly easy to distinguish web browsing on their less bandwidth-intensive services from downloading of youtube videos. So if you want to slow down the download of Youtube videos in favor of faster download of regular web pages, it makes more sense to prioritize connections until they reach some volume of transported data and then start using lower bandwidth and/or priority queue for them.

A separate quest is to tell QUIC from other UDP streams, as there is usually no point in throttling "normal" UDP while QUIC is a TCP-like protocol encapsulated into UDP so throtlling it makes sense.

Re: QoS

Posted: Fri Jun 14, 2019 9:33 pm
by eldoncito2019
you want to say that it is better to mark YOUTUBE packages by QUIC, instead of marking them by layer protocol 7?

Re: QoS

Posted: Fri Jun 14, 2019 10:40 pm
by sindy
No, I just gave my recommendations to classify by connection data volume rather than the particular service. And I've pointed out that QUIC is a specific issue to address which may not have been there when you've set up your configuration.

What else did you expect to get when you haven't posted your current configuration?

Re: QoS

Posted: Fri Jun 14, 2019 11:10 pm
by eldoncito2019
this is my mangle:


/ip firewall mangle
add action=mark-connection chain=prerouting comment="-----ICMP (PING)-----" \
new-connection-mark=ICMP_C passthrough=yes protocol=icmp
add action=mark-packet chain=prerouting connection-mark=ICMP_C new-packet-mark=\
ICMP passthrough=no
add action=mark-connection chain=prerouting comment=-----DNS----- \
new-connection-mark=DNS_C passthrough=yes port=53 protocol=udp
add action=mark-packet chain=prerouting connection-mark=DNS_C new-packet-mark=\
DNS passthrough=no
add action=mark-connection chain=prerouting comment=-----FACEBOOK----- \
layer7-protocol=FACEBOOK new-connection-mark=FACEBOOK_C passthrough=yes
add action=mark-packet chain=prerouting connection-mark=FACEBOOK_C \
new-packet-mark=FACEBOOK passthrough=no
add action=mark-connection chain=prerouting comment=-----YOUTUBE----- \
layer7-protocol=YOUTUBE new-connection-mark=YOUTUBE_C passthrough=yes
add action=mark-packet chain=prerouting connection-mark=YOUTUBE_C \
new-packet-mark=YOUTUBE passthrough=no
add action=mark-connection chain=prerouting comment=-----WEB----- \
connection-mark=!WEB_BIG new-connection-mark=WEB_C passthrough=yes port=\
80,443,554,8000-9000 protocol=tcp
add action=mark-connection chain=prerouting comment=-----WEB-BIG----- \
connection-bytes=2496000-0 connection-mark=WEB_C connection-rate=\
2112k-10240k new-connection-mark=WEB_BIG passthrough=yes src-address-list=\
"BLOQUEO CYBER"
add action=mark-packet chain=prerouting connection-mark=WEB_BIG \
new-packet-mark=WEB-BIG passthrough=no
add action=mark-packet chain=prerouting connection-mark=WEB_C new-packet-mark=\
WEB passthrough=no
add action=mark-connection chain=prerouting comment=-----REST----- \
new-connection-mark=REST_C passthrough=yes
add action=mark-packet chain=prerouting connection-mark=REST_C new-packet-mark=\
REST passthrough=no

Re: QoS

Posted: Sat Jun 15, 2019 9:19 pm
by eldoncito2019
Who guides me in my concern?

Re: QoS

Posted: Sat Jun 15, 2019 9:29 pm
by sindy
Who guides me in my concern?
Do you expect us to magically know your layer7 rules? Instead of the full configuration minus sensitive information, you've posted just the mangle rules.

Re: QoS

Posted: Sat Jun 15, 2019 10:08 pm
by eldoncito2019
layer 7 protocol:


/ip firewall layer7-protocol
add name=YOUTUBE regexp="^..+\\.(youtube.com|googlevideo.com|akamaihd.net).*\$"
add name=FACEBOOK regexp="^..+\\.(facebook.com|facebook.net|fbcdn.com|fbsbx.com|\
fbcdn.net|fb.com|tfbnw.net).*\$"

Re: QoS

Posted: Sat Jun 15, 2019 10:30 pm
by eldoncito2019
Who guides me in my concern?
Do you expect us to magically know your layer7 rules? Instead of the full configuration minus sensitive information, you've posted just the mangle rules.
what else do you need syndi

Re: QoS

Posted: Sat Jun 15, 2019 10:56 pm
by sindy
what else do you need syndi
At the moment just time. Your L7 rules rely on a couple of domain names to be present in the initial packets of a connection, but something may have changed in how Google names the sites from which the videos are downloaded, and also if your browser supports QUIC, the domain name may not be there in plaintext at all. Such changes may happen any time, that's why I prefer the classification based on traffic characteristics rather than on particular site names.

Re: QoS

Posted: Sat Jun 15, 2019 11:48 pm
by eldoncito2019
ok, then how would the mangle rules for good QoS be, according to your criteria?

Re: QoS

Posted: Sun Jun 16, 2019 7:12 am
by pegasus123
You mentioned your rule already works so why not just skip youtube connections in your WEB marking

connection-mark=!YOUTUBE

Re: QoS

Posted: Mon Jun 17, 2019 9:19 pm
by eldoncito2019
You mentioned your rule already works so why not just skip youtube connections in your WEB marking

connection-mark=!YOUTUBE

    and how would that brand friend?

    Re: QoS

    Posted: Wed Jun 19, 2019 4:10 pm
    by eldoncito2019
    someone who has a QoS, if you can attach your mangle?

    Re: QoS

    Posted: Wed Jun 19, 2019 4:22 pm
    by sindy