返回列表 發帖

RouterOS V6 QOS (終極版)

本帖最後由 167pk 於 2020-6-30 13:11 編輯

TCP connection handshake (ACK, SYN, FIN, RST) 全優化



My setup the ACK, SYN and ICMP packets are used to improve the game smoothness
  1. /ip firewall mangle
  2. add action=jump chain=prerouting comment="CONNECTION mark in" connection-mark=no-mark in-interface-list=WAN jump-target=CM-ALL
  3. add action=jump chain=prerouting comment="TCP FLAG mark in" in-interface-list=WAN jump-target=TF-IN protocol=tcp tcp-flags=!psh
  4. add action=jump chain=prerouting comment="PACKET mark in" connection-mark=!no-mark in-interface-list=WAN jump-target=PM-IN
  5. add action=jump chain=postrouting comment="CONNECTION mark out" connection-mark=no-mark jump-target=CM-ALL out-interface-list=WAN
  6. add action=jump chain=postrouting comment="TCP FLAG mark out" jump-target=TF-OUT out-interface-list=WAN protocol=tcp tcp-flags=!psh
  7. add action=jump chain=postrouting comment="PACKET mark out" connection-mark=!no-mark jump-target=PM-OUT out-interface-list=WAN
  8. add action=mark-connection chain=CM-ALL comment="DNS tcp" dst-port=53,853 new-connection-mark=CM-DNS passthrough=yes protocol=tcp
  9. add action=mark-connection chain=CM-ALL comment="DNS udp" dst-port=53,853 new-connection-mark=CM-DNS passthrough=yes protocol=udp
  10. add action=mark-connection chain=CM-ALL comment="VOIP dscp 26" dscp=26 new-connection-mark=CM-VOIP passthrough=yes
  11. add action=mark-connection chain=CM-ALL comment="VOIP dscp 46" dscp=46 new-connection-mark=CM-VOIP passthrough=yes
  12. add action=mark-connection chain=CM-ALL comment="VOIP udp" dst-port=3478-3479,5060-5061,8801-8802 new-connection-mark=CM-VOIP passthrough=yes protocol=udp
  13. add action=mark-connection chain=CM-ALL comment=ICMP new-connection-mark=CM-ICMP passthrough=yes protocol=icmp
  14. add action=mark-connection chain=CM-ALL comment="VPN tcp" dst-port=1723 new-connection-mark=CM-VPN passthrough=yes protocol=tcp
  15. add action=mark-connection chain=CM-ALL comment="VPN upd" dst-port=500,1194,1701,4500 new-connection-mark=CM-VPN passthrough=yes protocol=udp
  16. add action=mark-connection chain=CM-ALL comment="VPN gre" new-connection-mark=CM-VPN passthrough=yes protocol=gre
  17. add action=mark-connection chain=CM-ALL comment="VPN ipsec-esp" new-connection-mark=CM-VPN passthrough=yes protocol=ipsec-esp
  18. add action=mark-connection chain=CM-ALL comment="VPN ipsec-ah" new-connection-mark=CM-VPN passthrough=yes protocol=ipsec-ah
  19. add action=mark-connection chain=CM-ALL comment="EMAIL tcp" dst-port=25,110,143,465,587,993,995 new-connection-mark=CM-EMAIL passthrough=yes protocol=tcp
  20. add action=mark-connection chain=CM-ALL comment="HTTP tcp" dst-port=80,443,8080,8443 new-connection-mark=CM-HTTP passthrough=yes protocol=tcp
  21. add action=mark-connection chain=CM-ALL comment="QUIC udp" dst-port=80,443 new-connection-mark=CM-QUIC passthrough=yes protocol=udp
  22. add action=mark-connection chain=CM-ALL comment=OTHER connection-mark=no-mark new-connection-mark=CM-OTHER passthrough=yes
  23. add action=return chain=CM-ALL comment="CM-ALL return"
  24. add action=mark-connection chain=CM-BIG comment="HTTP BIG" connection-bytes=500000-0 connection-mark=CM-HTTP connection-rate=!0-8k new-connection-mark=CM-HTTP-B passthrough=yes protocol=tcp
  25. add action=mark-connection chain=CM-BIG comment="OTHER BIG" connection-mark=CM-OTHER new-connection-mark=CM-OTHER-B packet-size=!0-400 passthrough=yes
  26. add action=return chain=CM-BIG comment="CM-BIG return"
  27. add action=mark-packet chain=TF-IN comment="ACK in" new-packet-mark=TCPFLAG-I packet-size=0-64 passthrough=no protocol=tcp tcp-flags=ack,!fin,!syn,!rst,!urg,!ece,!cwr
  28. add action=mark-packet chain=TF-IN comment="SYN in" new-packet-mark=TCPFLAG-I packet-size=0-64 passthrough=no protocol=tcp tcp-flags=syn
  29. add action=return chain=TF-IN comment="TF-IN return"
  30. add action=jump chain=PM-IN comment="CONNECTION BIG mark in" jump-target=CM-BIG
  31. add action=mark-packet chain=PM-IN comment="DNS in" connection-mark=CM-DNS new-packet-mark=DNS-I passthrough=no
  32. add action=mark-packet chain=PM-IN comment="VOIP in" connection-mark=CM-VOIP new-packet-mark=VOIP-I passthrough=no
  33. add action=mark-packet chain=PM-IN comment="ICMP in" connection-mark=CM-ICMP new-packet-mark=ICMP-I passthrough=no
  34. add action=mark-packet chain=PM-IN comment="VPN in" connection-mark=CM-VPN new-packet-mark=VPN-I passthrough=no
  35. add action=mark-packet chain=PM-IN comment="EMAIL in" connection-mark=CM-EMAIL new-packet-mark=EMAIL-I passthrough=no
  36. add action=mark-packet chain=PM-IN comment="HTTP in" connection-mark=CM-HTTP new-packet-mark=HTTP-I passthrough=no
  37. add action=mark-packet chain=PM-IN comment="HTTP BIG in" connection-mark=CM-HTTP-B new-packet-mark=HTTP-B-I passthrough=no
  38. add action=mark-packet chain=PM-IN comment="QUIC in" connection-mark=CM-QUIC new-packet-mark=QUIC-I passthrough=no
  39. add action=mark-packet chain=PM-IN comment="OTHER in" connection-mark=CM-OTHER new-packet-mark=OTHER-I passthrough=no
  40. add action=mark-packet chain=PM-IN comment="OTHER BIG in" connection-mark=CM-OTHER-B new-packet-mark=OTHER-B-I passthrough=no
  41. add action=return chain=PM-IN comment="PM-IN return"
  42. add action=mark-packet chain=TF-OUT comment="ACK out" new-packet-mark=TCPFLAG-O packet-size=0-64 passthrough=no protocol=tcp tcp-flags=ack,!fin,!syn,!rst,!urg,!ece,!cwr
  43. add action=mark-packet chain=TF-OUT comment="SYN out" new-packet-mark=TCPFLAG-O packet-size=0-64 passthrough=no protocol=tcp tcp-flags=syn
  44. add action=return chain=TF-OUT comment="TF-OUT return"
  45. add action=jump chain=PM-OUT comment="CONNECTION BIG mark out" jump-target=CM-BIG
  46. add action=mark-packet chain=PM-OUT comment="DNS out" connection-mark=CM-DNS new-packet-mark=DNS-O passthrough=no
  47. add action=mark-packet chain=PM-OUT comment="VOIP out" connection-mark=CM-VOIP new-packet-mark=VOIP-O passthrough=no
  48. add action=mark-packet chain=PM-OUT comment="ICMP out" connection-mark=CM-ICMP new-packet-mark=ICMP-O passthrough=no
  49. add action=mark-packet chain=PM-OUT comment="VPN out" connection-mark=CM-VPN new-packet-mark=VPN-O passthrough=no
  50. add action=mark-packet chain=PM-OUT comment="EMAIL out" connection-mark=CM-EMAIL new-packet-mark=EMAIL-O passthrough=no
  51. add action=mark-packet chain=PM-OUT comment="HTTP out" connection-mark=CM-HTTP new-packet-mark=HTTP-O passthrough=no
  52. add action=mark-packet chain=PM-OUT comment="HTTP BIG out" connection-mark=CM-HTTP-B new-packet-mark=HTTP-B-O passthrough=no
  53. add action=mark-packet chain=PM-OUT comment="QUIC out" connection-mark=CM-QUIC new-packet-mark=QUIC-O passthrough=no
  54. add action=mark-packet chain=PM-OUT comment="OTHER out" connection-mark=CM-OTHER new-packet-mark=OTHER-O passthrough=no
  55. add action=mark-packet chain=PM-OUT comment="OTHER BIG out" connection-mark=CM-OTHER-B new-packet-mark=OTHER-B-O passthrough=no
  56. add action=return chain=PM-OUT comment="PM-OUT return"
複製代碼
附件: 您需要登錄才可以下載或查看附件。沒有帳號?註冊

本帖最後由 167pk 於 2020-6-30 12:50 編輯

請自行根據上網速度,分別修改下面的第5,6行之max-limit值

第5行max-limit = download speed (default : 1Gigabit Speed)
第6行max-limit = upload speed (default : 1Gigabit Speed)


Without setting the max-limit properly, the Queue Tree will not drop enough low-priority packets, so the bandwidth control would be lost. In order to have Control - we must set the max-limit to a lower value - 99.99% to 85% of the tested throughput of the bottleneck

P.S.: 圖中ME係用i-cable 所以... 200M(in), 10M(out)
  1. /queue type
  2. add kind=sfq name=sfq-default
  3. /queue tree
  4. add bucket-size=0.01 name=INTERNET parent=global queue=default
  5. add bucket-size=0.01 max-limit=1G name=IN parent=INTERNET queue=default
  6. add bucket-size=0.01 max-limit=1G name=OUT parent=INTERNET queue=default
  7. add name=DNS_IN packet-mark=DNS-I parent=IN priority=1 queue=default
  8. add name=NETWORK_IN packet-mark=ICMP-I,TCPFLAG-I parent=IN priority=3 queue=default
  9. add name=VOIP_IN packet-mark=VOIP-I parent=IN priority=2 queue=default
  10. add name=OTHER_IN packet-mark=OTHER-I,VPN-I parent=IN priority=4 queue=default
  11. add name=DNS_OUT packet-mark=DNS-O parent=OUT priority=1 queue=default
  12. add name=NETWORK_OUT packet-mark=ICMP-O,TCPFLAG-O parent=OUT priority=3 queue=default
  13. add name=VOIP_OUT packet-mark=VOIP-O parent=OUT priority=2 queue=default
  14. add name=OTHER_OUT packet-mark=OTHER-O,VPN-O parent=OUT priority=4 queue=default
  15. add name=HTTP_IN packet-mark=HTTP-I,EMAIL-I parent=IN priority=5 queue=sfq-default
  16. add name=HTTP_BIG_IN packet-mark=HTTP-B-I parent=IN priority=6 queue=sfq-default
  17. add name=QUIC_IN packet-mark=QUIC-I parent=IN priority=7 queue=sfq-default
  18. add name=OTHER_BIG_IN packet-mark=OTHER-B-I parent=IN queue=sfq-default
  19. add name=HTTP_OUT packet-mark=HTTP-O,EMAIL-O parent=OUT priority=5 queue=sfq-default
  20. add name=HTTP_BIG_OUT packet-mark=HTTP-B-O parent=OUT priority=6 queue=sfq-default
  21. add name=QUIC_OUT packet-mark=QUIC-O parent=OUT priority=7 queue=sfq-default
  22. add name=OTHER_BIG_OUT packet-mark=OTHER-B-O parent=OUT queue=sfq-default
複製代碼
附件: 您需要登錄才可以下載或查看附件。沒有帳號?註冊

TOP

本帖最後由 167pk 於 2020-6-18 11:25 編輯

緊記要關掉 fasttrack 功能

附件: 您需要登錄才可以下載或查看附件。沒有帳號?註冊

TOP

回復 2# 167pk


What happened?

TOP

本帖最後由 167pk 於 2020-6-18 11:36 編輯

回復 5# vpn-learner




不需手動過瀘內聯網之流量
如圖會自動不標記

附件: 您需要登錄才可以下載或查看附件。沒有帳號?註冊

TOP

返回列表