Community discussions

MikroTik App
 
bunthorn
just joined
Topic Author
Posts: 1
Joined: Wed Aug 22, 2012 5:52 pm

How to manage bandwidth youtube with Layer 7?

Wed Aug 22, 2012 6:10 pm

good evening everybody.
I would like to know now to manage bandwidth youtube with layer7?, this is detail as below
- I got bandwidth from ISP, Internet= 2Mbps, game online = 20Mbps, Youtube = 10Mbps and my PC =60pc
- so I want to limit bandwidth all of PC = 256Kbps game online 20Mbps and youtube =10Mbps
- but when i used with simple Queue limit all. 1pc=256kbps game online=256kbps and youtube=256kbps
- so it very slowly.
- play help me about this my issue!.

Thanks
Regard
 
z3ro647
newbie
Posts: 27
Joined: Fri Jun 20, 2014 12:00 pm

Re: How to manage bandwidth youtube with Layer 7?

Sun Aug 03, 2014 9:04 am

hehehe same problem........ does any one have solution to this problem........
 
User avatar
arjuneu
Member Candidate
Member Candidate
Posts: 173
Joined: Fri Oct 07, 2011 10:24 am

Re: How to manage bandwidth youtube with Layer 7?

Tue Aug 05, 2014 8:23 am

Have a look at it. Its just only for youtube.

http://radiusm.blogspot.com/2014/08/you ... rotik.html
 
ven16
newbie
Posts: 36
Joined: Tue Mar 26, 2013 5:35 pm

Re: How to manage bandwidth youtube with Layer 7?

Wed Aug 06, 2014 5:01 pm

Hi,

what is the speed will clients will get for youtube?
sorry I am beginner in Mikrotik.

thank you,
Ven

ip firewall layer7-protocol
add name=streaming regexp=videoplayback|video

/ip firewall mangle
add action=mark-connection chain=prerouting comment="Youtube_ Client" \
disabled=no layer7-protocol=streaming new-connection-mark=youtube \
passthrough=no src-address-list=256kbps+
add action=mark-packet chain=output connection-mark=youtube disabled=no \
new-packet-mark=youtube passthrough=no protocol=tcp

/queue type
add kind=pcq name=PCQ_Upload pcq-burst-rate=0 pcq-burst-threshold=0 \
pcq-burst-time=10s pcq-classifier=src-address pcq-dst-address-mask=32 \
pcq-dst-address6-mask=64 pcq-limit=50 pcq-rate=1024k \
pcq-src-address-mask=32 pcq-src-address6-mask=64 pcq-total-limit=2000


I have set 1024kbps for Youtube, for limitation set 1024k to 1k or so.

/queue tree
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=Youtube_Up packet-mark=youtube parent=global-out \
priority=8 queue=PCQ_Upload
 
User avatar
arjuneu
Member Candidate
Member Candidate
Posts: 173
Joined: Fri Oct 07, 2011 10:24 am

Re: How to manage bandwidth youtube with Layer 7?

Wed Aug 06, 2014 6:45 pm

Hi,

what is the speed will clients will get for youtube?
sorry I am beginner in Mikrotik.

thank you,
Ven

ip firewall layer7-protocol
add name=streaming regexp=videoplayback|video

/ip firewall mangle
add action=mark-connection chain=prerouting comment="Youtube_ Client" \
disabled=no layer7-protocol=streaming new-connection-mark=youtube \
passthrough=no src-address-list=256kbps+
add action=mark-packet chain=output connection-mark=youtube disabled=no \
new-packet-mark=youtube passthrough=no protocol=tcp

/queue type
add kind=pcq name=PCQ_Upload pcq-burst-rate=0 pcq-burst-threshold=0 \
pcq-burst-time=10s pcq-classifier=src-address pcq-dst-address-mask=32 \
pcq-dst-address6-mask=64 pcq-limit=50 pcq-rate=1024k \
pcq-src-address-mask=32 pcq-src-address6-mask=64 pcq-total-limit=2000


I have set 1024kbps for Youtube, for limitation set 1024k to 1k or so.

/queue tree
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=Youtube_Up packet-mark=youtube parent=global-out \
priority=8 queue=PCQ_Upload

Your client will get 1024kbps for youtube. You can change as
add kind=pcq name=PCQ_Upload pcq-burst-rate=0 pcq-burst-threshold=0 \
    pcq-burst-time=10s pcq-classifier=src-address pcq-dst-address-mask=32 \
    pcq-dst-address6-mask=64 pcq-limit=50 pcq-rate=your rate \
    pcq-src-address-mask=32 pcq-src-address6-mask=64 pcq-total-limit=2000
change your rate above.

Also, you don't have to set src-address-list=256kbps+ (if you want to provide all users the same bandwidth for youtube)
 
Abbasmcse
just joined
Posts: 16
Joined: Sat Oct 31, 2015 12:11 pm

Re: How to manage bandwidth youtube with Layer 7?

Thu Dec 31, 2015 2:00 am

My Question :
MT = RouterBoard 750UP
Ether1: 200.200.201.100/29 (WAN)
Ether2: 192.168.1.100 (LAN network)

I want PC1- 192.168.1.150/24 get only 1Mbps traffic while he requesting for browsing internet, but PC1 get 10M speed while it's request for youtube streaming.


I am using this script to achieve this task.

/ip firewall mangle add action=add-dst-to-address-list address-list=Youtube address-list-timeout=10m chain=prerouting comment=youtube content=youtube.com dst-port=80,443 protocol=tcp
/ip firewall mangle add action=mark-packet chain=forward comment=youtube new-packet-mark=Youtube passthrough=no src-address-list=Youtube

but i don't know how to create separates parent queue to match.

Thanks
Abbas
 
User avatar
ZeroByte
Forum Guru
Forum Guru
Posts: 4047
Joined: Wed May 11, 2011 6:08 pm

Re: How to manage bandwidth youtube with Layer 7?

Thu Dec 31, 2015 3:16 am

You can't use layer7 for Youtube because Youtube uses SSL.

Period.

You could use an IP list from somewhere, but that wouldn't be easy to get or easy to maintain because Youtube has content delivery networks all over the world and I'm sure that they change and that other services use the same IP addresses for content delivery as well....
 
HuyTX
just joined
Posts: 3
Joined: Thu Jun 09, 2016 1:21 pm
Location: Ha Noi, Viet Nam

Re: How to manage bandwidth youtube with Layer 7?

Fri Jun 10, 2016 4:42 am

Some people suggest using Regexp videoplayback|video in Layer-7 protocol feature, this means all type videos anywhere will be limited/prevented, you should be carefull.

@ZeroByte : I totally agree with you. Mikrotik could only recognize YouTube traffic if having SSL certification by YouTube :(
 
volkirik
Member Candidate
Member Candidate
Posts: 208
Joined: Sat Jul 23, 2016 2:03 pm

Re: How to manage bandwidth youtube with Layer 7?

Fri Jan 15, 2021 7:36 pm

we use tls-host matcher for eba.gov.tr online education portal's bandwidth management

you can do the same, just need to rename rules and hostname (domain)
/ip firewall mangle
add action=mark-connection chain=forward comment="eba tls host eba.gov.tr" new-connection-mark=eba passthrough=yes port=443 \
    protocol=tcp tls-host=*.eba.gov.tr
add action=mark-connection chain=forward comment="eba tls host eba-video.mncdn.com" new-connection-mark=eba passthrough=yes \
    port=443 protocol=tcp tls-host=eba-video.mncdn.com
add action=mark-packet chain=forward comment="eba packet mark for eba connections" connection-mark=eba new-packet-mark=eba \
    passthrough=yes

/queue simple
add max-limit=1G/1G name=eba packet-marks=eba target=192.168.0.0/16
Last edited by volkirik on Sun Jan 17, 2021 4:33 am, edited 4 times in total.
 
volkirik
Member Candidate
Member Candidate
Posts: 208
Joined: Sat Jul 23, 2016 2:03 pm

Re: How to manage bandwidth youtube with Layer 7?

Sun Jan 17, 2021 3:07 am

I currently use following setup
/ip firewall mangle
add action=mark-connection chain=forward comment="youtube tls host youtube.com" new-connection-mark=youtube passthrough=yes \
    port=443 protocol=tcp tls-host=*.youtube.com
add action=mark-connection chain=forward comment="youtube tls host googlevideo.com" new-connection-mark=youtube passthrough=\
    yes port=443 protocol=tcp tls-host=*.googlevideo.com
add action=mark-packet chain=forward comment="youtube packet mark for youtube connections" connection-mark=youtube \
    new-packet-mark=youtube passthrough=yes

/queue simple
add max-limit=10M/10M name=youtube packet-marks=youtube target=192.168.0.0/16
quic & http/3 has SNI, too.

I can see www.youtube.com domain with QUIC in wireshark, But mikrotik does not have matcher for that, yet. maybe one can write L7/content matcher

temporary solution;
/ip firewall filter
add action=reject chain=forward comment="block QUIC & HTTP/3" port=80,443 protocol=udp reject-with=icmp-port-unreachable
 
User avatar
AmrSubZero
just joined
Posts: 17
Joined: Tue Dec 02, 2014 3:29 pm
Location: Egypt
Contact:

Re: How to manage bandwidth youtube with Layer 7?

Sat May 01, 2021 9:06 am

temporary solution;
/ip firewall filter
add action=reject chain=forward comment="block QUIC & HTTP/3" port=80,443 protocol=udp reject-with=icmp-port-unreachable

two days of unsuccessful tries & searching, i discovered the QUIC/HTTP3 snipped you added. applied it, and it worked.

but here's the question .. did you have any luck with this or maybe someone else?

But mikrotik does not have matcher for that, yet. maybe one can write L7/content matcher

Maybe configure the filter rule to only work on youtube.com/googlevideo.com

Thanks!
 
volkirik
Member Candidate
Member Candidate
Posts: 208
Joined: Sat Jul 23, 2016 2:03 pm

Re: How to manage bandwidth youtube with Layer 7?

Sat May 01, 2021 10:42 am

Unfortunately, most, if not all, firewalls do not currently recognize QUIC traffic as ‘web’ traffic, therefore it is not inspected, logged or reported on, leaving a gaping hole in your network’s security.
it is crypted.
With Google making changes to their protocol, we recommend creating additional security policy to block QUIC UDP traffic (UDP/443 and UDP/80).
just block UDP/443 and UDP/80.

Who is online

Users browsing this forum: FurfangosFrigyes, sybadi and 90 guests