Community discussions

 
eldoncito2019
newbie
Topic Author
Posts: 35
Joined: Fri Jun 14, 2019 1:07 pm

QoS

Fri Jun 14, 2019 6:02 pm

Friends, because my QoS for some time now marks the packages of YOUTUBE in the packages of the WEB navigation, someone to help me with that. Thank you.
 
sindy
Forum Guru
Forum Guru
Posts: 3810
Joined: Mon Dec 04, 2017 9:19 pm

Re: QoS

Fri Jun 14, 2019 6:57 pm

Google's use of same IP addresses (often of local caches) for all their services doesn't make it exactly easy to distinguish web browsing on their less bandwidth-intensive services from downloading of youtube videos. So if you want to slow down the download of Youtube videos in favor of faster download of regular web pages, it makes more sense to prioritize connections until they reach some volume of transported data and then start using lower bandwidth and/or priority queue for them.

A separate quest is to tell QUIC from other UDP streams, as there is usually no point in throttling "normal" UDP while QUIC is a TCP-like protocol encapsulated into UDP so throtlling it makes sense.
Instead of writing novels, post /export hide-sensitive. Use find&replace in your favourite text editor to systematically replace all occurrences of each public IP address potentially identifying you by a distinctive pattern such as my.public.ip.1.
 
eldoncito2019
newbie
Topic Author
Posts: 35
Joined: Fri Jun 14, 2019 1:07 pm

Re: QoS

Fri Jun 14, 2019 9:33 pm

you want to say that it is better to mark YOUTUBE packages by QUIC, instead of marking them by layer protocol 7?
 
sindy
Forum Guru
Forum Guru
Posts: 3810
Joined: Mon Dec 04, 2017 9:19 pm

Re: QoS

Fri Jun 14, 2019 10:40 pm

No, I just gave my recommendations to classify by connection data volume rather than the particular service. And I've pointed out that QUIC is a specific issue to address which may not have been there when you've set up your configuration.

What else did you expect to get when you haven't posted your current configuration?
Instead of writing novels, post /export hide-sensitive. Use find&replace in your favourite text editor to systematically replace all occurrences of each public IP address potentially identifying you by a distinctive pattern such as my.public.ip.1.
 
eldoncito2019
newbie
Topic Author
Posts: 35
Joined: Fri Jun 14, 2019 1:07 pm

Re: QoS

Fri Jun 14, 2019 11:10 pm

this is my mangle:


/ip firewall mangle
add action=mark-connection chain=prerouting comment="-----ICMP (PING)-----" \
new-connection-mark=ICMP_C passthrough=yes protocol=icmp
add action=mark-packet chain=prerouting connection-mark=ICMP_C new-packet-mark=\
ICMP passthrough=no
add action=mark-connection chain=prerouting comment=-----DNS----- \
new-connection-mark=DNS_C passthrough=yes port=53 protocol=udp
add action=mark-packet chain=prerouting connection-mark=DNS_C new-packet-mark=\
DNS passthrough=no
add action=mark-connection chain=prerouting comment=-----FACEBOOK----- \
layer7-protocol=FACEBOOK new-connection-mark=FACEBOOK_C passthrough=yes
add action=mark-packet chain=prerouting connection-mark=FACEBOOK_C \
new-packet-mark=FACEBOOK passthrough=no
add action=mark-connection chain=prerouting comment=-----YOUTUBE----- \
layer7-protocol=YOUTUBE new-connection-mark=YOUTUBE_C passthrough=yes
add action=mark-packet chain=prerouting connection-mark=YOUTUBE_C \
new-packet-mark=YOUTUBE passthrough=no
add action=mark-connection chain=prerouting comment=-----WEB----- \
connection-mark=!WEB_BIG new-connection-mark=WEB_C passthrough=yes port=\
80,443,554,8000-9000 protocol=tcp
add action=mark-connection chain=prerouting comment=-----WEB-BIG----- \
connection-bytes=2496000-0 connection-mark=WEB_C connection-rate=\
2112k-10240k new-connection-mark=WEB_BIG passthrough=yes src-address-list=\
"BLOQUEO CYBER"
add action=mark-packet chain=prerouting connection-mark=WEB_BIG \
new-packet-mark=WEB-BIG passthrough=no
add action=mark-packet chain=prerouting connection-mark=WEB_C new-packet-mark=\
WEB passthrough=no
add action=mark-connection chain=prerouting comment=-----REST----- \
new-connection-mark=REST_C passthrough=yes
add action=mark-packet chain=prerouting connection-mark=REST_C new-packet-mark=\
REST passthrough=no
 
eldoncito2019
newbie
Topic Author
Posts: 35
Joined: Fri Jun 14, 2019 1:07 pm

Re: QoS

Sat Jun 15, 2019 9:19 pm

Who guides me in my concern?
 
sindy
Forum Guru
Forum Guru
Posts: 3810
Joined: Mon Dec 04, 2017 9:19 pm

Re: QoS

Sat Jun 15, 2019 9:29 pm

Who guides me in my concern?
Do you expect us to magically know your layer7 rules? Instead of the full configuration minus sensitive information, you've posted just the mangle rules.
Instead of writing novels, post /export hide-sensitive. Use find&replace in your favourite text editor to systematically replace all occurrences of each public IP address potentially identifying you by a distinctive pattern such as my.public.ip.1.
 
eldoncito2019
newbie
Topic Author
Posts: 35
Joined: Fri Jun 14, 2019 1:07 pm

Re: QoS

Sat Jun 15, 2019 10:08 pm

layer 7 protocol:


/ip firewall layer7-protocol
add name=YOUTUBE regexp="^..+\\.(youtube.com|googlevideo.com|akamaihd.net).*\$"
add name=FACEBOOK regexp="^..+\\.(facebook.com|facebook.net|fbcdn.com|fbsbx.com|\
fbcdn.net|fb.com|tfbnw.net).*\$"
 
eldoncito2019
newbie
Topic Author
Posts: 35
Joined: Fri Jun 14, 2019 1:07 pm

Re: QoS

Sat Jun 15, 2019 10:30 pm

Who guides me in my concern?
Do you expect us to magically know your layer7 rules? Instead of the full configuration minus sensitive information, you've posted just the mangle rules.
what else do you need syndi
 
sindy
Forum Guru
Forum Guru
Posts: 3810
Joined: Mon Dec 04, 2017 9:19 pm

Re: QoS

Sat Jun 15, 2019 10:56 pm

what else do you need syndi
At the moment just time. Your L7 rules rely on a couple of domain names to be present in the initial packets of a connection, but something may have changed in how Google names the sites from which the videos are downloaded, and also if your browser supports QUIC, the domain name may not be there in plaintext at all. Such changes may happen any time, that's why I prefer the classification based on traffic characteristics rather than on particular site names.
Instead of writing novels, post /export hide-sensitive. Use find&replace in your favourite text editor to systematically replace all occurrences of each public IP address potentially identifying you by a distinctive pattern such as my.public.ip.1.
 
eldoncito2019
newbie
Topic Author
Posts: 35
Joined: Fri Jun 14, 2019 1:07 pm

Re: QoS

Sat Jun 15, 2019 11:48 pm

ok, then how would the mangle rules for good QoS be, according to your criteria?
 
pegasus123
Frequent Visitor
Frequent Visitor
Posts: 58
Joined: Tue Jul 24, 2018 7:02 am

Re: QoS

Sun Jun 16, 2019 7:12 am

You mentioned your rule already works so why not just skip youtube connections in your WEB marking

connection-mark=!YOUTUBE
 
eldoncito2019
newbie
Topic Author
Posts: 35
Joined: Fri Jun 14, 2019 1:07 pm

Re: QoS

Mon Jun 17, 2019 9:19 pm

You mentioned your rule already works so why not just skip youtube connections in your WEB marking

connection-mark=!YOUTUBE

    and how would that brand friend?
     
    eldoncito2019
    newbie
    Topic Author
    Posts: 35
    Joined: Fri Jun 14, 2019 1:07 pm

    Re: QoS

    Wed Jun 19, 2019 4:10 pm

    someone who has a QoS, if you can attach your mangle?
     
    sindy
    Forum Guru
    Forum Guru
    Posts: 3810
    Joined: Mon Dec 04, 2017 9:19 pm

    Re: QoS

    Wed Jun 19, 2019 4:22 pm

    Instead of writing novels, post /export hide-sensitive. Use find&replace in your favourite text editor to systematically replace all occurrences of each public IP address potentially identifying you by a distinctive pattern such as my.public.ip.1.

    Who is online

    Users browsing this forum: No registered users and 87 guests