Re: [心得] 軟路由的使用心得-RouterOS

看板Network作者hamdo (Hamdo)時間14年前 (2010/09/17 01:56)推噓0(0推 0噓 0→)

留言0則, 0人參與討論串2/2 (看更多)

逐行解釋，不知道要寫到什麼時候，我還是直接貼我的設定，有興趣的再去找document對照著看，一般HTB+PCQ只需靠in-interface來分別判斷封包是由內而外還是由外而內但不知道是不是我設定pppoe的方式導致mangle總抓不到全部由內而外（上傳）的封包，導致queue tree也變得很怪，會被突破限制，後來試出使用src-address來抓出上傳封包，終於都抓到了，且連靜態IP & DHCP都一併解決了。我的網路環境是20m光纖，RouterOS的版本是4.10，需注意的是3.x版queue type及queue tree有其他的bug無法使用以下的設定也許官方並沒考慮到pppoe這種類似虛擬網卡的裝置要如何被歸類，總之他無法由對內的網卡截取到 /ip firewall mangle chain=prerouting action=mark-packet new-packet-mark=first-priority-up passthrough=no dst-address=xxx.xxx.xxx.xxx chain=prerouting action=mark-packet new-packet-mark=first-priority-down passthrough=no src-address=xxx.xxx.xxx.xxx ;;; Qos_SYN-up chain=prerouting action=mark-packet new-packet-mark=first-priority-up passthrough=no tcp-flags=syn protocol=tcp src-address=192.168.0.0/16 packet-size=0-666 ;;; Qos_ACK-up chain=prerouting action=mark-packet new-packet-mark=first-priority-up passthrough=no tcp-flags=ack protocol=tcp src-address=192.168.0.0/16 packet-size=0-123 ;;; p2p-up chain=prerouting action=mark-packet new-packet-mark=p2p-up passthrough=no p2p=all-p2p src-address=192.168.0.0/16 ;;; small_packet-up chain=prerouting action=mark-packet new-packet-mark=small_packet-up passthrough=no p2p=!all-p2p src-address=192.168.0.0/16 packet-size=1-512 ;;; big_packet-up chain=prerouting action=mark-packet new-packet-mark=big_packet-up passthrough=no p2p=!all-p2p src-address=192.168.0.0/16 packet-size=512-1200 ;;; general-up chain=prerouting action=mark-packet new-packet-mark=general-up passthrough=no p2p=!all-p2p src-address=192.168.0.0/16 ;;; Qos_SYN-down chain=prerouting action=mark-packet new-packet-mark=first-priority-down passthrough=no tcp-flags=syn protocol=tcp in-interface=Hinet-Vdsl packet-size=0-666 ;;; Qos_ACK-down chain=prerouting action=mark-packet new-packet-mark=first-priority-down passthrough=no tcp-flags=ack protocol=tcp in-interface=Hinet-Vdsl packet-size=0-123 ;;; ICMP chain=prerouting action=mark-packet new-packet-mark=icmp_packet passthrough=no protocol=icmp ;;; p2p-down chain=prerouting action=mark-packet new-packet-mark=p2p-down passthrough=no p2p=all-p2p in-interface=Hinet-Vdsl ;;; small_packet-down chain=prerouting action=mark-packet new-packet-mark=small_packet-down passthrough=no p2p=!all-p2p in-interface=Hinet-Vdsl packet-size=1-512 ;;; big_packet-down chain=prerouting action=mark-packet new-packet-mark=big_packet-down passthrough=no p2p=!all-p2p in-interface=Hinet-Vdsl packet-size=512-1200 ;;; general-down chain=prerouting action=mark-packet new-packet-mark=general-down passthrough=no p2p=!all-p2p in-interface=Hinet-Vdsl 設定queue type，使用pcq作為佇列類型，pcq-rate對應到每個ip的最大速度 /queue type name="Gen_download" kind=pcq pcq-rate=13000000 pcq-limit=50 pcq-classifier=dst-address pcq-total-limit=1000 name="Gen_upload" kind=pcq pcq-rate=400000 pcq-limit=50 pcq-classifier=src-address pcq-total-limit=100 建立queue tree設定每個queue及sub-queue的優先權和該queue的最大頻寬 /queue tree name="Download" parent=global-in limit-at=0 priority=8 max-limit=19M burst-limit=0 burst-threshold=0 burst-time=0s name="Upload" parent=global-in limit-at=0 priority=8 max-limit=1650k burst-limit=0 burst-threshold=0 burst-time=0s name="p2p_download" parent=Download packet-mark=p2p-down limit-at=0 queue=Gen_download priority=8 max-limit=15M burst-limit=0 burst-threshold=0 burst-time=0s name="p2p_upload" parent=Upload packet-mark=p2p-up limit-at=0 queue=Gen_upload priority=8 max-limit=1M burst-limit=0 burst-threshold=0 burst-time=0s name="first_prioity-up" parent=Upload packet-mark=first-priority-up limit-at=32k queue=default priority=1 max-limit=1M burst-limit=0 burst-threshold=0 burst-time=0s name="general_download" parent=Download packet-mark=general-down limit-at=0 queue=Gen_download priority=7 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s name="small_upload" parent=Upload packet-mark=small_packet-up limit-at=0 queue=default priority=5 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s name="big_upload" parent=Upload packet-mark=big_packet-up limit-at=0 queue=default priority=6 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s name="small_download" parent=Download packet-mark=small_packet-down limit-at=0 queue=Gen_download priority=5 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s name="big_download" parent=Download packet-mark=big_packet-down limit-at=0 queue=Gen_download priority=6 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s name="first_prioity-down" parent=Download packet-mark=first-priority-down limit-at=32k queue=Gen_download priority=1 max-limit=1M burst-limit=0 burst-threshold=0 burst-time=0s name="general-up" parent=Upload packet-mark=general-up limit-at=0 queue=Gen_upload priority=7 max-limit=1M burst-limit=0 burst-threshold=0 burst-time=0s name="icmp_download" parent=global-out packet-mark=icmp_packet limit-at=32k queue=Gen_download priority=1 max-limit=2M burst-limit=0 burst-threshold=0 burst-time=0s name="icmp_upload" parent=global-in packet-mark=icmp_packet limit-at=32k queue=default priority=1 max-limit=512k burst-limit=0 burst-threshold=0 burst-time=0s -- ※ 發信站: 批踢踢實業坊(ptt.cc) ◆ From: 122.116.219.48