Graphic Web Design, Computer Network, Balinese Culture

Loading...
54 comments
Complete Queue Tree Per Clients Without Queue Simple Mikrotik
Complete Queue Tree Rules Without Queue Simple on Mikrotik is the evaluation of previous method about Bandwitdh management on mikrotik all is using queue tree rules. In this case I have completed with P2P and torrent sites queue tree rules that may used by the clients. In addition I have found a method to separate the upload packets completely from the kind of the other connection packets, that most used.  It will make the queue tree rules doesn’t require queue simple at all, because it has already covered all the connection packets.

This is the latest note which is a method of optimization that I applied as the result of the bandwidth management quality of system (QoS) evaluation on Mikrotik for more ideally. It still applied on the static IP PC clients as shown like the picture above, the hierarchy of queue tree rules per client. First I separate the connection packets between the bytes downloaded (downstreams) and bytes uploaded (upstreams). It should be emphasized here, for example when we are browsing, downloading etc are downstreams to be the most dominant bytes connection packets, and will take a small bytes of upstreams it relates to tx and rx bytes when we use the internet connection generally. Bytes upstream only dominant when you upload any kind of files. Actually bandwidth management is more focused on managing of connection packets of downstreams.

One more thing to be my note here, that is much easier if you want to drop the connection packets on the firewall filter rather than managing on the queue tree rules perfectly. This method contains with fix upload connection packets per client and the addition of p2p & Torrent sites Queue tree rules. Ok let's get started with the new emphasis of the two things.

1. Upload and Download Connection Packets per Client

I would give the following mangle rules to capture the connection packets upload (upstreams) and the connection packets for download (downstreams). The hierarchy of the queue tree rules will must be set with the parent global-in and global-out. The following scripts could be explicitly separating connection packets upload and download per client using different chain on mangle.

/ip firewall mangle
add action=mark-connection chain=prerouting disabled=no in-interface=ether1 new-connection-mark=all-inconn passthrough=yes comment="CONNECTION-IN"
add action=mark-packet chain=prerouting connection-mark=all-inconn disabled=no new-packet-mark=all-inpkt passthrough=yes comment="UPLOAD"
add action=mark-connection chain=forward disabled=no out-interface=wlan1 new-connection-mark=all-outconn passthrough=yes comment="CONNECTION-OUT"
add action=mark-packet chain=forward connection-mark=all-outconn disabled=no new-packet-mark=all-outpkt passthrough=yes comment="DOWNLOAD"

/ip firewall mangle
add action=mark-packet chain=forward dst-address=192.168.1.11 packet-mark=all-outpkt new-packet-mark=billing-pktd passthrough=yes comment="BILLING DOWNSTREAM"
add action=mark-packet chain=forward dst-address=192.168.1.17 packet-mark=all-outpkt new-packet-mark=client1-pktd passthrough=yes comment="CLIENT1 DOWNSTREAM"
add action=mark-packet chain=forward dst-address=192.168.1.16 packet-mark=all-outpkt new-packet-mark=client2-pktd passthrough=yes comment="CLIENT2 DOWNSTREAM"
add action=mark-packet chain=forward dst-address=192.168.1.15 packet-mark=all-outpkt new-packet-mark=client3-pktd passthrough=yes comment="CLIENT3 DOWNSTREAM"
add action=mark-packet chain=forward dst-address=192.168.1.14 packet-mark=all-outpkt new-packet-mark=client4-pktd passthrough=yes comment="CLIENT4 DOWNSTREAM"
add action=mark-packet chain=forward dst-address=192.168.1.20 packet-mark=all-outpkt new-packet-mark=client5-pktd passthrough=yes comment="CLIENT5 DOWNSTREAM"
add action=mark-packet chain=forward dst-address=192.168.1.21 packet-mark=all-outpkt new-packet-mark=client6-pktd passthrough=yes comment="CLIENT6 DOWNSTREAM"
add action=mark-packet chain=forward dst-address=192.168.1.8 packet-mark=all-outpkt new-packet-mark=master-pktd passthrough=yes comment="MASTER DOWNSTREAM"

/ip firewall mangle
add action=mark-packet chain=prerouting src-address=192.168.1.11 packet-mark=all-inpkt new-packet-mark=billing-pktp passthrough=no comment="BILLING UPSTREAM"
add action=mark-packet chain=prerouting src-address=192.168.1.17 packet-mark=all-inpkt new-packet-mark=client1-pktp passthrough=no comment="CLIENT1 UPSTREAM"
add action=mark-packet chain=prerouting src-address=192.168.1.16 packet-mark=all-inpkt new-packet-mark=client2-pktp passthrough=no comment="CLIENT2 UPSTREAM"
add action=mark-packet chain=prerouting src-address=192.168.1.15 packet-mark=all-inpkt new-packet-mark=client3-pktp passthrough=no comment="CLIENT3 UPSTREAM"
add action=mark-packet chain=prerouting src-address=192.168.1.14 packet-mark=all-inpkt new-packet-mark=client4-pktp passthrough=no comment="CLIENT4 UPSTREAM"
add action=mark-packet chain=prerouting src-address=192.168.1.20 packet-mark=all-inpkt new-packet-mark=client5-pktp passthrough=no comment="CLIENT5 UPSTREAM"
add action=mark-packet chain=prerouting src-address=192.168.1.21 packet-mark=all-inpkt new-packet-mark=client6-pktp passthrough=no comment="CLIENT6 UPSTREAM"
add action=mark-packet chain=prerouting src-address=192.168.1.8 packet-mark=all-inpkt new-packet-mark=master-pkt passthrough=no comment="MASTER UPSTREAM"

Notation for the script above, to capture the bytes download (dowstreams) using chain=forward and bytes upload (upstreams) using chain=prerouting. You can see the packet flow should be understood with the following scheme!


The separation of the connection packets based on the above scripts I have not found the leakage of the connection packets of the mangle rules again. All connection packets already covered at all. And then you just need to separate the bytes connection packets downstreams that most commonly used and give prioritize and limit speed from that.

2. Complete Mangle Rules with P2P and Torrent Sites Marking

This is containing the connection packets which is most clients use and spend a lot of bandwidth. Personally I don't like the clients to use this kind connection packet. But to prevent the bandwidth just used by this connection packets, therefore I will prioritize it to the last priority. first, create the mangle rules as the scripts below!

/ip firewall layer7-protocol
add name=bittorrent regexp="^(\13bittorrent protocol|azver1\$|get /scrape\\\\?info_hash=)|d1:ad2:id20:|8’7P\\)[RP]"
add name=torrentsites regexp="^.*(get|GET).+(torrent|thepiratebay|isohunt|entertane|demonoid|btjunkie|mininova|flixflux|torrentz|vertor|h33t|btscene|bitunity|bittoxic|thunderbytes|entertane|zoozle|vcdq|bitnova|bitsoup|meganova|fulldls|btbot|flixflux|seedpeer|fenopy|gpirate|commonbits).*\$" 

/ip firewall mangle
add action=mark-packet chain=forward layer7-protocol=bittorrent new-packet-mark=billing-tpkt packet-mark=billing-pktd passthrough=no comment="BILLING BIT TORRENT"
add action=mark-packet chain=forward layer7-protocol=torrentsites new-packet-mark=billing-tpkt packet-mark=billing-pktd passthrough=no comment="BILLING TORRENT WEBSITES"
add action=mark-packet chain=forward p2p=all-p2p new-packet-mark=billing-tpkt packet-mark=billing-pktd passthrough=no comment="BILLING ALLP2P"
add action=mark-packet chain=forward dst-port=58561,58045,14948,58008,58816,59097 new-packet-mark=billing-tpkt packet-mark=billing-pktd passthrough=no protocol=tcp comment="BILLING TORRENT PORT"

add action=mark-packet chain=forward layer7-protocol=bittorrent new-packet-mark=client1-tpkt packet-mark=client1-pktd passthrough=no comment="CLIENT1 BIT TORRENT"
add action=mark-packet chain=forward layer7-protocol=torrentsites new-packet-mark=client1-tpkt packet-mark=client1-pktd passthrough=no comment="CLIENT1 TORRENT WEBSITES"
add action=mark-packet chain=forward p2p=all-p2p new-packet-mark=client1-tpkt packet-mark=client1-pktd passthrough=no comment="CLIENT1 ALLP2P"
add action=mark-packet chain=forward dst-port=58561,58045,14948,58008,58816,59097 new-packet-mark=client1-tpkt packet-mark=client1-pktd passthrough=no protocol=tcp comment="CLIENT1 TORRENT PORT"

add action=mark-packet chain=forward layer7-protocol=bittorrent new-packet-mark=client2-tpkt packet-mark=client2-pktd passthrough=no comment="CLIENT2 BIT TORRENT"
add action=mark-packet chain=forward layer7-protocol=torrentsites new-packet-mark=client2-tpkt packet-mark=client2-pktd passthrough=no comment="CLIENT2 TORRENT WEBSITES"
add action=mark-packet chain=forward p2p=all-p2p new-packet-mark=client2-tpkt packet-mark=client2-pktd passthrough=no comment="CLIENT2 ALLP2P"
add action=mark-packet chain=forward dst-port=58561,58045,14948,58008,58816,59097 new-packet-mark=client2-tpkt packet-mark=client2-pktd passthrough=no protocol=tcp comment="CLIENT2 TORRENT PORT"

add action=mark-packet chain=forward layer7-protocol=bittorrent new-packet-mark=client3-tpkt packet-mark=client3-pktd passthrough=no comment="CLIENT3 BIT TORRENT"
add action=mark-packet chain=forward layer7-protocol=torrentsites new-packet-mark=client3-tpkt packet-mark=client3-pktd passthrough=no comment="CLIENT3 TORRENT WEBSITES"
add action=mark-packet chain=forward p2p=all-p2p new-packet-mark=client3-tpkt packet-mark=client3-pktd passthrough=no comment="CLIENT3 ALLP2P"
add action=mark-packet chain=forward dst-port=58561,58045,14948,58008,58816,59097 new-packet-mark=client3-tpkt packet-mark=client3-pktd passthrough=no protocol=tcp comment="CLIENT3 TORRENT PORT"

add action=mark-packet chain=forward layer7-protocol=bittorrent new-packet-mark=client4-tpkt packet-mark=client4-pktd passthrough=no comment="CLIENT4 BIT TORRENT"
add action=mark-packet chain=forward layer7-protocol=torrentsites new-packet-mark=client4-tpkt packet-mark=client4-pktd passthrough=no comment="CLIENT4 TORRENT WEBSITES"
add action=mark-packet chain=forward p2p=all-p2p new-packet-mark=client4-tpkt packet-mark=client4-pktd passthrough=no comment="CLIENT4 ALLP2P"
add action=mark-packet chain=forward dst-port=58561,58045,14948,58008,58816,59097 new-packet-mark=client4-tpkt packet-mark=client4-pktd passthrough=no protocol=tcp comment="CLIENT4 TORRENT PORT"

add action=mark-packet chain=forward layer7-protocol=bittorrent new-packet-mark=client5-tpkt packet-mark=client5-pktd passthrough=no comment="CLIENT5 BIT TORRENT"
add action=mark-packet chain=forward layer7-protocol=torrentsites new-packet-mark=client5-tpkt packet-mark=client5-pktd passthrough=no comment="CLIENT5 TORRENT WEBSITES"
add action=mark-packet chain=forward p2p=all-p2p new-packet-mark=client5-tpkt packet-mark=client5-pktd passthrough=no comment="CLIENT5 ALLP2P"
add action=mark-packet chain=forward dst-port=58561,58045,14948,58008,58816,59097 new-packet-mark=client5-tpkt packet-mark=client5-pktd passthrough=no protocol=tcp comment="CLIENT5 TORRENT PORT"

add action=mark-packet chain=forward layer7-protocol=bittorrent new-packet-mark=client6-tpkt packet-mark=client6-pktd passthrough=no comment="CLIENT6 BIT TORRENT"
add action=mark-packet chain=forward layer7-protocol=torrentsites new-packet-mark=client6-tpkt packet-mark=client6-pktd passthrough=no comment="CLIENT6 TORRENT WEBSITES"
add action=mark-packet chain=forward p2p=all-p2p new-packet-mark=client6-tpkt packet-mark=client6-pktd passthrough=no comment="CLIENT6 ALLP2P"
add action=mark-packet chain=forward dst-port=58561,58045,14948,58008,58816,59097 new-packet-mark=client6-tpkt packet-mark=client6-pktd passthrough=no protocol=tcp comment="CLIENT6 TORRENT PORT"

add action=mark-packet chain=forward layer7-protocol=bittorrent new-packet-mark=master-tpkt packet-mark=master-pktd passthrough=no comment="MASTER BIT TORRENT"
add action=mark-packet chain=forward layer7-protocol=torrentsites new-packet-mark=master-tpkt packet-mark=master-pktd passthrough=no comment="MASTER TORRENT WEBSITES"
add action=mark-packet chain=forward p2p=all-p2p new-packet-mark=master-tpkt packet-mark=master-pktd passthrough=no comment="MASTER ALLP2P"
add action=mark-packet chain=forward dst-port=58561,58045,14948,58008,58816,59097 new-packet-mark=master-tpkt packet-mark=master-pktd passthrough=no protocol=tcp comment="MASTER TORRENT PORT"

You can see the unification of connection packets p2p and torrent sites per client above. Perhaps if you want to differentiate into another connection packets such a skype connection packets. It will be the same way. You must define or create the regexp on layer 7 protocols, before we can capture the connection packets on mangle. so the concept is the same!

The rest is completing with another mangle rules that I have given earlier in the perfection parents queue tree! Well, I just paste here for more clearly and not make confuse you, the mangle rules and the complete queue tree rules that no need using simple queue again.

/ip firewall layer7-protocol
add comment="download" name=high regexp="^.*get.+\\.(exe|rar|iso|zip|7zip|0[0-9][1-9]|flv|mkv|avi|mp4|3gp|rmvb|mp3|img|dat|mov).*\$"
add comment="download" name=document regexp="^.*get.+\\.(pdf|doc|docx|xlsx|xls|rtf|ppt|ppt).*\$"
add comment="video" name=youtube regexp="^.*get.+\\.(c.youtube.com|cdn.dailymotion.com|metacafe.com|mccont.com).*\$"
add comment="video" name=streaming regexp="videoplayback|video"

/ip firewall mangle
add action=mark-packet chain=forward layer7-protocol=high new-packet-mark=billing-dpkt packet-mark=billing-pktd passthrough=no comment="BILLING DOWNLOAD"
add action=mark-packet chain=forward layer7-protocol=document new-packet-mark=billing-dpkt packet-mark=billing-pktd passthrough=no comment=""
add action=mark-packet chain=forward connection-bytes=1000000-0 src-port=80,443 passthrough=yes new-packet-mark=billing-dpkt packet-mark=billing-pktd protocol=tcp comment=""
add action=mark-packet chain=forward layer7-protocol=high new-packet-mark=client1-dpkt packet-mark=client1-pktd passthrough=no comment="CLIENT1 DOWNLOAD"
add action=mark-packet chain=forward layer7-protocol=document new-packet-mark=client1-dpkt packet-mark=client1-pktd passthrough=no comment=""
add action=mark-packet chain=forward connection-bytes=1000000-0 src-port=80,443 passthrough=yes new-packet-mark=client1-dpkt packet-mark=client1-pktd protocol=tcp comment=""
add action=mark-packet chain=forward layer7-protocol=high new-packet-mark=client2-dpkt packet-mark=client2-pktd passthrough=no comment="CLIENT2 DOWNLOAD"
add action=mark-packet chain=forward layer7-protocol=document new-packet-mark=client2-dpkt packet-mark=client2-pktd passthrough=no comment=""
add action=mark-packet chain=forward connection-bytes=1000000-0 src-port=80,443 passthrough=yes new-packet-mark=client2-dpkt packet-mark=client2-pktd protocol=tcp comment=""
add action=mark-packet chain=forward layer7-protocol=high new-packet-mark=client3-dpkt packet-mark=client3-pktd passthrough=no comment="CLIENT3 DOWNLOAD"
add action=mark-packet chain=forward layer7-protocol=document new-packet-mark=client3-dpkt packet-mark=client3-pktd passthrough=no comment=""
add action=mark-packet chain=forward connection-bytes=1000000-0 src-port=80,443 passthrough=yes new-packet-mark=client3-dpkt packet-mark=client3-pktd protocol=tcp comment=""
add action=mark-packet chain=forward layer7-protocol=high new-packet-mark=client4-dpkt packet-mark=client4-pktd passthrough=no comment="CLIENT4 DOWNLOAD"
add action=mark-packet chain=forward layer7-protocol=document new-packet-mark=client4-dpkt packet-mark=client4-pktd passthrough=no comment=""
add action=mark-packet chain=forward connection-bytes=1000000-0 src-port=80,443 passthrough=yes new-packet-mark=client4-dpkt packet-mark=client4-pktd protocol=tcp comment=""
add action=mark-packet chain=forward layer7-protocol=high new-packet-mark=client5-dpkt packet-mark=client5-pktd passthrough=no comment="CLIENT5 DOWNLOAD"
add action=mark-packet chain=forward layer7-protocol=document new-packet-mark=client5-dpkt packet-mark=client5-pktd passthrough=no comment=""
add action=mark-packet chain=forward connection-bytes=1000000-0 src-port=80,443 passthrough=yes new-packet-mark=client5-dpkt packet-mark=client5-pktd protocol=tcp comment=""
add action=mark-packet chain=forward layer7-protocol=high new-packet-mark=client6-dpkt packet-mark=client6-pktd passthrough=no comment="CLIENT6 DOWNLOAD"
add action=mark-packet chain=forward layer7-protocol=document new-packet-mark=client6-dpkt packet-mark=client6-pktd passthrough=no comment=""
add action=mark-packet chain=forward connection-bytes=1000000-0 src-port=80,443 passthrough=yes new-packet-mark=client6-dpkt packet-mark=client6-pktd protocol=tcp comment=""
add action=mark-packet chain=forward layer7-protocol=high new-packet-mark=master-dpkt packet-mark=master-pktd passthrough=no comment="MASTER DOWNLOAD"
add action=mark-packet chain=forward layer7-protocol=document new-packet-mark=master-dpkt packet-mark=master-pktd passthrough=no comment=""
add action=mark-packet chain=forward connection-bytes=1000000-0 src-port=80,443 passthrough=yes new-packet-mark=master-dpkt packet-mark=master-pktd protocol=tcp comment=""

/ip firewall mangle
add action=mark-packet chain=forward layer7-protocol=youtube new-packet-mark=billing-spkt packet-mark=billing-pktd passthrough=no comment="BILLING VIDEO"
add action=mark-packet chain=forward layer7-protocol=streaming new-packet-mark=billing-spkt packet-mark=billing-pktd passthrough=no comment=""
add action=mark-packet chain=forward layer7-protocol=youtube new-packet-mark=client1-spkt packet-mark=client1-pktd passthrough=no comment="CLIENT1 VIDEO"
add action=mark-packet chain=forward layer7-protocol=streaming new-packet-mark=client1-spkt packet-mark=client1-pktd passthrough=no comment=""
add action=mark-packet chain=forward layer7-protocol=youtube new-packet-mark=client2-spkt packet-mark=client2-pktd passthrough=no comment="CLIENT2 VIDEO"
add action=mark-packet chain=forward layer7-protocol=streaming new-packet-mark=client2-spkt packet-mark=client2-pktd passthrough=no comment=""
add action=mark-packet chain=forward layer7-protocol=youtube new-packet-mark=client3-spkt packet-mark=client3-pktd passthrough=no comment="CLIENT3 VIDEO"
add action=mark-packet chain=forward layer7-protocol=streaming new-packet-mark=client3-spkt packet-mark=client3-pktd passthrough=no comment=""
add action=mark-packet chain=forward layer7-protocol=youtube new-packet-mark=client4-spkt packet-mark=client4-pktd passthrough=no comment="CLIENT4 VIDEO"
add action=mark-packet chain=forward layer7-protocol=streaming new-packet-mark=client4-spkt packet-mark=client4-pktd passthrough=no comment=""
add action=mark-packet chain=forward layer7-protocol=youtube new-packet-mark=client5-spkt packet-mark=client5-pktd passthrough=no comment="CLIENT5 VIDEO"
add action=mark-packet chain=forward layer7-protocol=streaming new-packet-mark=client5-spkt packet-mark=client5-pktd passthrough=no comment=""
add action=mark-packet chain=forward layer7-protocol=youtube new-packet-mark=client6-spkt packet-mark=client6-pktd passthrough=no comment="CLIENT6 VIDEO"
add action=mark-packet chain=forward layer7-protocol=streaming new-packet-mark=client6-spkt packet-mark=client6-pktd passthrough=no comment=""
add action=mark-packet chain=forward layer7-protocol=youtube new-packet-mark=master-spkt packet-mark=master-pktd passthrough=no comment="MASTER VIDEO"
add action=mark-packet chain=forward layer7-protocol=streaming new-packet-mark=master-spkt packet-mark=master-pktd passthrough=no comment=""

/ip firewall mangle
add action=mark-packet chain=forward packet-mark=all-outpkt new-packet-mark=all-gpkt passthrough=yes protocol=tcp dst-port=5340-5352,6000-6152,10001-10011,14009-14030,18901-18909 comment="Online Game Portal"
add action=mark-packet chain=forward packet-mark=all-outpkt new-packet-mark=all-gpkt passthrough=yes protocol=tcp dst-port=39190,27780,29000,22100,10009,4300,15001,15002,7341,7451
add action=mark-packet chain=forward packet-mark=all-outpkt new-packet-mark=all-gpkt passthrough=yes protocol=tcp dst-port=40000,9300,9400,9700,7342,8005-8010,37466,36567,8822
add action=mark-packet chain=forward packet-mark=all-outpkt new-packet-mark=all-gpkt passthrough=yes protocol=tcp dst-port=47611,16666,20000,5105,29000,18901-18909,9015
add action=mark-packet chain=forward packet-mark=all-outpkt new-packet-mark=all-gpkt passthrough=yes protocol=udp dst-port=27005,27015
add action=mark-packet chain=forward packet-mark=all-outpkt new-packet-mark=all-gpkt passthrough=yes protocol=udp dst-port=27005-27020,13055,7800-7900,12060-12070
add action=mark-packet chain=forward packet-mark=all-outpkt new-packet-mark=all-gpkt passthrough=yes protocol=udp dst-port=8005-8010,9068,1293,1479,9401,9600,30000
add action=mark-packet chain=forward packet-mark=all-outpkt new-packet-mark=all-gpkt passthrough=yes protocol=udp dst-port=14009-14030,42051-42052,40000-40050,13000-13080

/ip firewall mangle
add action=mark-packet chain=forward src-address=192.168.1.11 packet-mark=all-gpkt new-packet-mark=billing-gpkt passthrough=no comment="BILLING GAMES"
add action=mark-packet chain=forward src-address=192.168.1.17 packet-mark=all-gpkt new-packet-mark=client1-gpkt passthrough=no comment="CLIENT1 GAMES"
add action=mark-packet chain=forward src-address=192.168.1.16 packet-mark=all-gpkt new-packet-mark=client2-gpkt passthrough=no comment="CLIENT2 GAMES"
add action=mark-packet chain=forward src-address=192.168.1.15 packet-mark=all-gpkt new-packet-mark=client3-gpkt passthrough=no comment="CLIENT3 GAMES"
add action=mark-packet chain=forward src-address=192.168.1.14 packet-mark=all-gpkt new-packet-mark=client4-gpkt passthrough=no comment="CLIENT4 GAMES"
add action=mark-packet chain=forward src-address=192.168.1.20 packet-mark=all-gpkt new-packet-mark=client5-gpkt passthrough=no comment="CLIENT5 GAMES"
add action=mark-packet chain=forward src-address=192.168.1.21 packet-mark=all-gpkt new-packet-mark=client6-gpkt passthrough=no comment="CLIENT6 GAMES"
add action=mark-packet chain=forward src-address=192.168.1.8 packet-mark=all-gpkt new-packet-mark=master-gpkt passthrough=no comment="MASTER GAMES"

/ip firewall mangle
add action=mark-packet chain=forward connection-bytes=0-1000000 src-port=80,443 passthrough=no new-packet-mark=billing-bpkt packet-mark=billing-pktd protocol=tcp comment="BILLING BROWSING"
add action=mark-packet chain=forward connection-bytes=0-1000000 src-port=80,443 passthrough=no new-packet-mark=client1-bpkt packet-mark=client1-pktd protocol=tcp comment="CLIENT1 BROWSING"
add action=mark-packet chain=forward connection-bytes=0-1000000 src-port=80,443 passthrough=no new-packet-mark=client2-bpkt packet-mark=client2-pktd protocol=tcp comment="CLIENT2 BROWSING"
add action=mark-packet chain=forward connection-bytes=0-1000000 src-port=80,443 passthrough=no new-packet-mark=client3-bpkt packet-mark=client3-pktd protocol=tcp comment="CLIENT3 BROWSING"
add action=mark-packet chain=forward connection-bytes=0-1000000 src-port=80,443 passthrough=no new-packet-mark=client4-bpkt packet-mark=client4-pktd protocol=tcp comment="CLIENT4 BROWSING"
add action=mark-packet chain=forward connection-bytes=0-1000000 src-port=80,443 passthrough=no new-packet-mark=client5-bpkt packet-mark=client5-pktd protocol=tcp comment="CLIENT5 BROWSING"
add action=mark-packet chain=forward connection-bytes=0-1000000 src-port=80,443 passthrough=no new-packet-mark=client6-bpkt packet-mark=client6-pktd protocol=tcp comment="CLIENT6 BROWSING"
add action=mark-packet chain=forward connection-bytes=0-1000000 src-port=80,443 passthrough=no new-packet-mark=master-bpkt packet-mark=master-pktd protocol=tcp comment="MASTER BROWSING"

Next is how I set up and optimize the connection packets to make the hierarchy of queue tree rules per client completely.

/queue tree
add name=Billing-a.Upstreams parent=global-in packet-mark=billing-pktp queue=default priority=3 max-limit=256k
add name=Client1-a.Upstreams parent=global-in packet-mark=client1-pktp queue=default priority=3 max-limit=256k
add name=Client2-a.Upstreams parent=global-in packet-mark=client2-pktp queue=default priority=3 max-limit=256k
add name=Client3-a.Upstreams parent=global-in packet-mark=client3-pktp queue=default priority=3 max-limit=256k
add name=Client4-a.Upstreams parent=global-in packet-mark=client4-pktp queue=default priority=3 max-limit=256k
add name=Client5-a.Upstreams parent=global-in packet-mark=client5-pktp queue=default priority=3 max-limit=256k
add name=Client6-a.Upstreams parent=global-in packet-mark=client6-pktp queue=default priority=3 max-limit=256k
add name=Master-a.Upstreams parent=global-in packet-mark=master-pktp queue=default priority=3 max-limit=256k

/queue tree
add name=Billing-b.Downstreams parent=global-out packet-mark=billing-pktd queue=default priority=8 max-limit=256k
add name=Client1-b.Downstreams parent=global-out packet-mark=client1-pktd queue=default priority=8 max-limit=256k
add name=Client2-b.Downstreams parent=global-out packet-mark=client2-pktd queue=default priority=8 max-limit=256k
add name=Client3-b.Downstreams parent=global-out packet-mark=client3-pktd queue=default priority=8 max-limit=256k
add name=Client4-b.Downstreams parent=global-out packet-mark=client4-pktd queue=default priority=8 max-limit=256k
add name=Client5-b.Downstreams parent=global-out packet-mark=client5-pktd queue=default priority=8 max-limit=256k
add name=Client6-b.Downstreams parent=global-out packet-mark=client6-pktd queue=default priority=8 max-limit=256k
add name=Master-b.Downstreams parent=global-out packet-mark=master-pktd queue=default priority=8 max-limit=256k

/queue tree
add name=1.Billing-Games parent=Billing-b.Downstreams packet-mark=billing-gpkt queue=default priority=1 max-limit=256k
add name=1.Client1-Games parent=Client1-b.Downstreams packet-mark=client1-gpkt queue=default priority=1 max-limit=256k
add name=1.Client2-Games parent=Client2-b.Downstreams packet-mark=client2-gpkt queue=default priority=1 max-limit=256k
add name=1.Client3-Games parent=Client3-b.Downstreams packet-mark=client3-gpkt queue=default priority=1 max-limit=256k
add name=1.Client4-Games parent=Client4-b.Downstreams packet-mark=client4-gpkt queue=default priority=1 max-limit=256k
add name=1.Client5-Games parent=Client5-b.Downstreams packet-mark=client5-gpkt queue=default priority=1 max-limit=256k
add name=1.Client6-Games parent=Client6-b.Downstreams packet-mark=client6-gpkt queue=default priority=1 max-limit=256k
add name=1.Master-Games parent=Master-b.Downstreams packet-mark=master-gpkt queue=default priority=1 max-limit=256k

/queue tree
add name=2.Billing-Browsing parent=Billing-b.Downstreams packet-mark=billing-bpkt queue=default priority=2 max-limit=256k
add name=2.Client1-Browsing parent=Client1-b.Downstreams packet-mark=client1-bpkt queue=default priority=2 max-limit=256k
add name=2.Client2-Browsing parent=Client2-b.Downstreams packet-mark=client2-bpkt queue=default priority=2 max-limit=256k
add name=2.Client3-Browsing parent=Client3-b.Downstreams packet-mark=client3-bpkt queue=default priority=2 max-limit=256k
add name=2.Client4-Browsing parent=Client4-b.Downstreams packet-mark=client4-bpkt queue=default priority=2 max-limit=256k
add name=2.Client5-Browsing parent=Client5-b.Downstreams packet-mark=client5-bpkt queue=default priority=2 max-limit=256k
add name=2.Client6-Browsing parent=Client6-b.Downstreams packet-mark=client6-bpkt queue=default priority=2 max-limit=256k
add name=2.Master-Browsing parent=Master-b.Downstreams packet-mark=master-bpkt queue=default priority=2 max-limit=256k

/queue tree
add name=3.Billing-Download parent=Billing-b.Downstreams packet-mark=no-mark queue=default priority=4 max-limit=220k
add name=3.Client1-Download parent=Client1-b.Downstreams packet-mark=no-mark queue=default priority=4 max-limit=220k
add name=3.Client2-Download parent=Client2-b.Downstreams packet-mark=no-mark queue=default priority=4 max-limit=220k
add name=3.Client3-Download parent=Client3-b.Downstreams packet-mark=no-mark queue=default priority=4 max-limit=220k
add name=3.Client4-Download parent=Client4-b.Downstreams packet-mark=no-mark queue=default priority=4 max-limit=220k
add name=3.Client5-Download parent=Client5-b.Downstreams packet-mark=no-mark queue=default priority=4 max-limit=220k
add name=3.Client6-Download parent=Client6-b.Downstreams packet-mark=no-mark queue=default priority=4 max-limit=220k
add name=3.Master-Download parent=Master-b.Downstreams packet-mark=no-mark queue=default priority=4 max-limit=220k

/queue tree
add name=3.1.Billing-Undefined parent=3.Billing-Download packet-mark=billing-pktd queue=default priority=5
add name=3.1.Client1-Undefined parent=3.Client1-Download packet-mark=client1-pktd queue=default priority=5
add name=3.1.Client2-Undefined parent=3.Client2-Download packet-mark=client2-pktd queue=default priority=5
add name=3.1.Client3-Undefined parent=3.Client3-Download packet-mark=client3-pktd queue=default priority=5
add name=3.1.Client4-Undefined parent=3.Client4-Download packet-mark=client4-pktd queue=default priority=5
add name=3.1.Client5-Undefined parent=3.Client5-Download packet-mark=client5-pktd queue=default priority=5
add name=3.1.Client6-Undefined parent=3.Client6-Download packet-mark=client6-pktd queue=default priority=5
add name=3.1.Master-Undefined parent=3.Master-Download packet-mark=master-pktd queue=default priority=5

/queue tree
add name=3.2.Billing-Extensions parent=3.Billing-Download packet-mark=billing-dpkt queue=default priority=6
add name=3.2.Client1-Extensions parent=3.Client1-Download packet-mark=client1-dpkt queue=default priority=6
add name=3.2.Client2-Extensions parent=3.Client2-Download packet-mark=client2-dpkt queue=default priority=6
add name=3.2.Client3-Extensions parent=3.Client3-Download packet-mark=client3-dpkt queue=default priority=6
add name=3.2.Client4-Extensions parent=3.Client4-Download packet-mark=client4-dpkt queue=default priority=6
add name=3.2.Client5-Extensions parent=3.Client5-Download packet-mark=client5-dpkt queue=default priority=6
add name=3.2.Client6-Extensions parent=3.Client6-Download packet-mark=client6-dpkt queue=default priority=6
add name=3.2.Master-Extensions parent=3.Master-Download packet-mark=master-dpkt queue=default priority=6

/queue tree
add name=3.3.Billing-Video parent=3.Billing-Download packet-mark=billing-spkt queue=default priority=7
add name=3.3.Client1-Video parent=3.Client1-Download packet-mark=client1-spkt queue=default priority=7
add name=3.3.Client2-Video parent=3.Client2-Download packet-mark=client2-spkt queue=default priority=7
add name=3.3.Client3-Video parent=3.Client3-Download packet-mark=client3-spkt queue=default priority=7
add name=3.3.Client4-Video parent=3.Client4-Download packet-mark=client4-spkt queue=default priority=7
add name=3.3.Client5-Video parent=3.Client5-Download packet-mark=client5-spkt queue=default priority=7
add name=3.3.Client6-Video parent=3.Client6-Download packet-mark=client6-spkt queue=default priority=7
add name=3.3.Master-Video parent=3.Master-Download packet-mark=master-spkt queue=default priority=7

/queue tree
add name=3.4.Billing-TorP2P parent=3.Billing-Download packet-mark=billing-tpkt queue=default priority=8
add name=3.4.Client1-TorP2P parent=3.Client1-Download packet-mark=client1-tpkt queue=default priority=8
add name=3.4.Client2-TorP2P parent=3.Client2-Download packet-mark=client2-tpkt queue=default priority=8
add name=3.4.Client3-TorP2P parent=3.Client3-Download packet-mark=client3-tpkt queue=default priority=8
add name=3.4.Client4-TorP2P parent=3.Client4-Download packet-mark=client4-tpkt queue=default priority=8
add name=3.4.Client5-TorP2P parent=3.Client5-Download packet-mark=client5-tpkt queue=default priority=8
add name=3.4.Client6-TorP2P parent=3.Client6-Download packet-mark=client6-tpkt queue=default priority=8
add name=3.4.Master-TorP2P parent=3.Master-Download packet-mark=master-tpkt queue=default priority=8


The result you can see on the picture above. In order to get a balanced internet connection on each client, we could not only provide a greater speed limit on connection bytes downstreams of the particular packets while you press connection packets upload (upstreams). If you do that the internet connection will be unbalanced. It is closely related to the tx and rx bytes when we use any connection packets at all. Well, I think is enough to make the complete queue tree rules that no need simple queue again.
Share This Article :
Related Articles

54 comments :

  1. Terima kasih banyak Mas, sudah sukses saya terapin di warnet saya dengan bandwith 512k/4m. Cuma, saya mau tanya ne mas,, karena ud ga pake simple queue lagi, masih bisa kah kita terapkan burst limit dan burst treshold pada queue tree seperti ini,
    *Maap klo bahasa agak berbelit, thanks

    ReplyDelete
    Replies
    1. Saya kira gak ada masalah mas, tambahkan saja jika dirasa perlu!

      Delete
    2. owh,,,
      satu lagi mas,, baru nyadar tadi,
      /ip firewall layer7-protocol
      add comment="download" name=high regexp="^.*get.+\\.(exe|rar|iso|zip|7zip|0[0-9][1-9]|flv|mkv|avi|mp4|3gp|rmvb|mp3|img|dat|mov).*\$"

      add comment="download" name=document regexp="^.*get.+\\.(pdf|doc|docx|xlsx|xls|rtf|ppt|ppt).*\$"

      add comment="video" name=youtube regexp="^.*get.+\\.(c.youtube.com|cdn.dailymotion.com|metacafe.com|mccont.com).*\$"

      add comment="video" name=streaming regexp="videoplayback|video"

      untuk layer7-protocol "bittorrent" dimana ya? rule magle P2P masih eror ne mas
      thaks

      Delete
    3. Oiya maaf ada yang ketinggalan, sudah saya lengkapi, terima kasih atas koreksinya mas!

      Delete
    4. Wah Download Jebol Gara2 Aktifin web Proxy,,,gmana ini,,,tp klo gak aktif web proxy nya setingan berjalan mulus,,
      bantu dong,,setingan mana yang mau ditambah biar jalan sam web proxy ny...

      Delete
  2. And what for version 6? Does the setting only changes to: global?
    global-in and global-out?

    ReplyDelete
    Replies
    1. The mangle must be use internal process of the router, using chain=input. But i can't prove it yet, i haven't version 6

      Delete
    2. Ketut, then in that case would have to add in mangle the input and output options. And Queues use "Global"? Thank you.

      Delete
  3. Hi,
    In the above and also in the perfection bandwidth management parent queue tree you showed in youtube i saw alot of client1 & billing and with this it comes to mind that you used the radius or user manager? can i use it without either radius or user manager? as i currently don't use either of them on my network as it is too small!
    i believe that this solution stops users from being too greedy with the available bandwidth right? please correct me if i am wrong. i await your response.
    Please if i can use it without radius and user manager and it will still be as effective please let me know how i will go about it!
    Thank you.

    ReplyDelete
  4. malam mas? jika di tambah eth3 untuk proxy server kira2 scrip yang cocok .gimana..mohon pencerahan?

    ReplyDelete
  5. Hi i am using pppoe connections with profile 1 and profile 2 ... profile 4. each profiles have different speed.
    so the question is how can i make your client 1 works with profile 1...etc

    please replay to me any thing

    ReplyDelete
  6. jika ini diterapkan di load balancing bisa ga ya? terus untuk out interface kita pake yang mana ?

    ReplyDelete
  7. version 6 change globan-in and global-out by global.

    Hey, thanks for share it.

    ReplyDelete
    Replies
    1. Well, change Global out and global in by LAN o WAN interfaces.

      Delete
  8. Excuse Me Dear Kindly Help Me Please ??

    ReplyDelete
  9. Dear Ketut Agus Suardika I Follow Your This Script Every Steps And Also Apply It On Our Mikrotik Machine That't Good But Many Quees Tree Its Not Work Proper Like Upstream Isn't Sent Or Receive Bytes 1st Tell Me That How Could I Correct It ..... ??

    ReplyDelete
  10. apa ada tutorialnya untuk pengguna hotspot aja mas bukan untuk warnet. kalau hotspot ya usernya kan ramai berbanding warnet. kalo ada tutorialnya yang complete gaya ini. mohon dibuatkan tutorialnya ya mas. maaf saya masih baru lagi dari malaysia

    ReplyDelete
  11. Mas Agus, Kalo settingan ini di tambah proxy eksternal ubuntu, gmana cara membuat manggle proxy HIT dan proxy MISS nya? Di tunggu mas pencerahan nya, Terima kasih Mas Agus sebelum nya.

    ReplyDelete
  12. mas agus, mohon bantuannya donk,. saya selalu gagal pada saat paste queue tree nya.. input does not gitu keluarnya.. mikrotik OS 5.20 dan 6. thx mas , mohon dibantu

    ReplyDelete
  13. cara melindungi qos dari serangan idm gimana gan.....

    ReplyDelete

  14. /ip firewall mangle
    add chain=prerouting in-interface=Local \
    dst-address=209.135.140.0/24 action=mark-packet \
    new-packet-mark=exempt-up
    add chain=postrouting out-interface=Local \
    src-address=209.135.140.0/24 action=mark-packet \
    new-packet-mark=exempt-down
    /queue type
    add name=exempt kind=sfq
    /queue tree
    add name=hotspot-exempt-up parent=global-in \
    packet-mark=exempt-up queue=exempt max-limit=1G
    add name=hotspot-exempt-down parent=global-out \
    packet-mark=exempt-down queue=exempt max-limit=1G

    This is a script to access a local server with 100Mb speed. This script works on os version 5.x. But On os version 6.x the script does not work as global in, global out option is replaced by global. Do you know how to solve this or have any other solution.

    ReplyDelete
  15. interface=ether1

    interface=wlan1

    ReplyDelete
    Replies
    1. ether1 itu ---> untuk public ?

      wlan itu LAN?


      yang public yang mana ya?

      Delete
  16. In limit the speed of an extension of the later mangle two minutes after work limit extension

    ReplyDelete
  17. You’ve written nice post, I am gonna bookmark this page, thanks for info. I actually appreciate your own position and I will be sure to come back here.
    Signature:
    i like play games happy wheels online and play happy wheels 2 games and friv , girlsgogames , games2girls

    ReplyDelete
  18. is there no superposition b/w upload packets and download packets?
    cuz you defined and marked upload and download connections at the first of all

    ReplyDelete
    Replies
    1. Oh, if we mark packet secondly, new mark will overwrite!! solved my question

      Delete
  19. this is work dual wan load balancing with this scripts?
    please i need help

    ReplyDelete
  20. Replies
    1. why the queues tree script cant read or save.

      Delete
  21. how to make or add global-in and global-out my parent: global only thank you

    ReplyDelete
  22. is this possible for the mikrotik version 6 up?

    ReplyDelete
  23. Pertama" saya mau mengucapkan terima kasih buat Bpk Ketut telah membuatkan script yang baik dan work seperti ini. Saya sudah tes di v4.11 dan berjalan dengan baik, cuman permasalahan buat di upload saya coba test ke www.speedtest.net ko dia masih lolos ya pak?(bocor)

    Selebihnya udah mantap, kelimit semua dan jalan. Buat temen" yang belum work, coba dipahami dulu script nya satu persatu dibaca copy ke notepad, pasti work.

    ReplyDelete
  24. hi .. i just saw this blog about microtik for me you're a genius bcoz here in my country i must pay a large amount to configure this router so called mikrotik .. bro . may i know what kind of mikrotik router u had ?

    ReplyDelete
  25. Life after hours of work stress and fatigue is the space I really love. I can play games, take photos or simply surfing facebook, chatting with friends. It made me feel so comfortable and pleasan
    facebook baixar , whatsapp baixar , square quick

    ReplyDelete
  26. The blog or and best that is extremely useful to keep I can share the ideas. Age Of War 2
    Big Farm | Slitherio | Tank Trouble
    Of the future as this is really what I was looking for, I am very comfortable and pleased to come here. Thank you very much.
    Happy Wheels | Goodgeme Empire | Slither.io

    ReplyDelete
  27. The article gives me a lot of interesting information. I still often share life experiences with friends. And I enjoyed the convenience and attractiveness of free messaging app
    whatsapp baixar , baixar whatsapp , whatsapp baixar , baixar whatsapp gratis

    ReplyDelete
  28. Facebook has become a part of my life, not only helped me to connect with you but also where I can share every moment in life. I really like the convenience that it brings
    facebook baixar , baixar facebook , facebook baixar , baixar facebook gratis

    ReplyDelete
  29. Mostly people have all the same things when they are writing academic task or any other writing, especially light music most people like during the writing.

    subway surf , baixar subway surf, subway surf download , download subway surf

    ReplyDelete
  30. Thanks I have read your article, it is very interesting and exciting
    download go launcher, go launcher apk, go launcher , go launcher androi,

    ReplyDelete
  31. Mostly people have all the same things when they are writing academic task or any other writing, especially light music most people like during the writing.
    dream league soccer download , dream league soccer apk , download dream league soccer , dream league soccer

    ReplyDelete
  32. You need to have time to take care of the active. It in fact was a amusement account it. Look advanced to far added agreeable from you.

    baixar banana kong , banana kong , download banana kong , banana kong download , banana kong

    ReplyDelete
  33. Life becomes more interesting and wonderful when you share your memorable moments with friends and family through unique photographs. You can create your own unique style impressed with image editing software. And after hours of work stress you can also

    tank trouble, tank trouble 2, tank trouble games, tank trouble

    ReplyDelete
  34. Life becomes more interesting and wonderful when you share your memorable moments with friends and family through unique photographs. You can create your own unique style impressed with image editing software. And after hours of work stress you can also
    dr driving, dr driving baixar ,download dr driving, dr driving

    ReplyDelete
  35. Great article, I was very impressed about it, wish you would have stayed next share
    strikeforce kitty 2 | red ball 4 | strike force kitty | red ball 3 | ninjago games

    ReplyDelete
  36. E-mail with many attractive features and convenience are the choice of most people around the world open. And I want to share to everyone a free webmail services extremely great.
    outlook entrar , entrar no outlook , entrar outlook

    ReplyDelete
  37. hi... where do i find the parent GLOBAL-IN and GLOBAL-OUT? it's only global

    ReplyDelete

Back to Top