--
/ip firewall mangle
add action=mark-packet chain=prerouting comment="EF - VoIP / Zoom" dscp=46 \
new-packet-mark=EF
add action=mark-packet chain=prerouting comment=\
"AF41 - Streaming / VideoConf" dscp=34 new-packet-mark=AF41
add action=mark-packet chain=prerouting comment="AF31 - Gaming / Interactive" \
dscp=26 new-packet-mark=AF31
add action=mark-packet chain=prerouting comment="AF21 - Web / HTTPS / Line" \
dscp=18 new-packet-mark=AF21
add action=mark-packet chain=prerouting comment="AF11 - Background App" dscp=\
10 new-packet-mark=AF11
add action=mark-packet chain=prerouting comment="CS1 - Low-Priority" dscp=8 \
new-packet-mark=CS1
add action=mark-packet chain=prerouting comment="BE - Default" dscp=0 \
new-packet-mark=BE
add action=change-dscp chain=postrouting comment="Rewrite EF" new-dscp=46 \
packet-mark=EF
add action=change-dscp chain=postrouting comment="Rewrite AF41" new-dscp=34 \
packet-mark=AF41
add action=change-dscp chain=postrouting comment="Rewrite AF31" new-dscp=26 \
packet-mark=AF31
add action=change-dscp chain=postrouting comment="Rewrite AF21" new-dscp=18 \
packet-mark=AF21
add action=change-dscp chain=postrouting comment="Rewrite AF11" new-dscp=10 \
packet-mark=AF11
add action=change-dscp chain=postrouting comment="Rewrite CS1" new-dscp=8 \
packet-mark=CS1
add action=change-dscp chain=postrouting comment="Rewrite BE" new-dscp=0 \
packet-mark=BE
--
以100M/40M為例:這用在多人多裝置會更好.若你在意寬頻,那就不要用這機制.
--
/queue type
add name=pcq-upload-high kind=pcq pcq-rate=6M pcq-classifier=src-address
add name=pcq-upload-mid kind=pcq pcq-rate=3M pcq-classifier=src-address
add name=pcq-upload-low kind=pcq pcq-rate=2M pcq-classifier=src-address
add name=pcq-download-high kind=pcq pcq-rate=15M pcq-classifier=dst-address
add name=pcq-download-mid kind=pcq pcq-rate=10M pcq-classifier=dst-address
add name=pcq-download-low kind=pcq pcq-rate=5M pcq-classifier=dst-address
/queue tree
add name="EF Upload" parent=pppoe-out1 packet-mark=EF queue=pcq-upload-high \
limit-at=4M max-limit=6M priority=1
add name="AF41 Upload" parent=pppoe-out1 packet-mark=AF41 queue=\
pcq-upload-high limit-at=6M max-limit=8M priority=2
add name="AF31 Upload" parent=pppoe-out1 packet-mark=AF31 queue=\
pcq-upload-mid limit-at=4M max-limit=6M priority=3
add name="AF21 Upload" parent=pppoe-out1 packet-mark=AF21 queue=\
pcq-upload-mid limit-at=5M max-limit=8M priority=4
add name="AF11 Upload" parent=pppoe-out1 packet-mark=AF11 queue=\
pcq-upload-low limit-at=3M max-limit=5M priority=5
add name="BE Upload" parent=pppoe-out1 packet-mark=BE queue=\
pcq-upload-low limit-at=2M max-limit=5M priority=6
add name="CS1 Upload" parent=pppoe-out1 packet-mark=CS1 queue=\
pcq-upload-low limit-at=1M max-limit=3M priority=8
/queue tree
add name="EF Download" parent=global packet-mark=EF queue=\
pcq-download-high limit-at=8M max-limit=12M priority=1
add name="AF41 Download" parent=global packet-mark=AF41 queue=\
pcq-download-high limit-at=20M max-limit=30M priority=2
add name="AF31 Download" parent=global packet-mark=AF31 queue=\
pcq-download-mid limit-at=15M max-limit=25M priority=3
add name="AF21 Download" parent=global packet-mark=AF21 queue=\
pcq-download-mid limit-at=15M max-limit=25M priority=4
add name="AF11 Download" parent=global packet-mark=AF11 queue=\
pcq-download-low limit-at=6M max-limit=10M priority=5
add name="BE Download" parent=global packet-mark=BE queue=\
pcq-download-low limit-at=6M max-limit=10M priority=6
add name="CS1 Download" parent=global packet-mark=CS1 queue=\
pcq-download-low limit-at=2M max-limit=6M priority=8
--
好消息是Queue type可用來配置cake-diffserv8不需透過QueueTree.(CCR2004沒問題).
/queue type
add name=cake-tx kind=cake cake-diffserv=diffserv8 cake-ack-filter=filter \
cake-nat=yes cake-overhead=18
/queue type
add name=cake-rx kind=cake cake-diffserv=diffserv8 cake-nat=yes \
cake-overhead=18
可用在
/queue interface
add interface=pppoe-out1(ether-xx) queue=cake-tx
add interface=bridge1(ether-xx) queue=cake-rx
或Simple Queues
/queue simple
add name=QoS-cake target=pppoe-out1 max-limit=100M/40M queue=cake-rx/cake-tx
--
有CAKE,所以只要Mangle有做好出入標記,cake會進入分類就不需要用到queuetree.
不知舊機型的有無支援CAKE,雖軟體有支援,但硬體有沒有到位就不知道,或許標記,
有設定的話說不定可以.起碼這樣就不只是做半套.而是全套.還有很多設定很好玩的.
--
今天終於把QoS這部分搞定了.今天本來是很煩躁,太多東西了,提前去洗澡,在冷水的.
洗禮下,腦袋變得更清晰,果然在洗完澡後,就把問題解決了.雖浪費了很多時間.值得!
人品是做人最好的底牌.
--
/ip firewall mangle
add action=mark-packet chain=prerouting comment="EF - VoIP / Zoom" dscp=46 \
new-packet-mark=EF
add action=mark-packet chain=prerouting comment=\
"AF41 - Streaming / VideoConf" dscp=34 new-packet-mark=AF41
add action=mark-packet chain=prerouting comment="AF31 - Gaming / Interactive" \
dscp=26 new-packet-mark=AF31
add action=mark-packet chain=prerouting comment="AF21 - Web / HTTPS / Line" \
dscp=18 new-packet-mark=AF21
add action=mark-packet chain=prerouting comment="AF11 - Background App" dscp=\
10 new-packet-mark=AF11
add action=mark-packet chain=prerouting comment="CS1 - Low-Priority" dscp=8 \
new-packet-mark=CS1
add action=mark-packet chain=prerouting comment="BE - Default" dscp=0 \
new-packet-mark=BE
add action=change-dscp chain=postrouting comment="Rewrite EF" new-dscp=46 \
packet-mark=EF
add action=change-dscp chain=postrouting comment="Rewrite AF41" new-dscp=34 \
packet-mark=AF41
add action=change-dscp chain=postrouting comment="Rewrite AF31" new-dscp=26 \
packet-mark=AF31
add action=change-dscp chain=postrouting comment="Rewrite AF21" new-dscp=18 \
packet-mark=AF21
add action=change-dscp chain=postrouting comment="Rewrite AF11" new-dscp=10 \
packet-mark=AF11
add action=change-dscp chain=postrouting comment="Rewrite CS1" new-dscp=8 \
packet-mark=CS1
add action=change-dscp chain=postrouting comment="Rewrite BE" new-dscp=0 \
packet-mark=BE
/queue type
add cake-diffserv=diffserv8 cake-nat=yes cake-overhead=18 kind=cake name=\
cake-rx
add cake-ack-filter=filter cake-diffserv=diffserv8 cake-nat=yes \
cake-overhead=18 kind=cake name=cake-tx
/queue tree
add max-limit=100M name=cake-rx packet-mark=EF,AF41,AF31,AF21,AF11,CS1,BE \
parent=global queue=cake-rx
add max-limit=40M name=cake-tx packet-mark=EF,AF41,AF31,AF21,AF11,CS1,BE \
parent=pppoe-out1 queue=cake-tx
--
只要標記進去出來正確,大致上就不會有問題,因為我也知道這樣對駭客來說是非常不利.
我實際在用網路時,非常順穩,比起之前還更順暢,至少這樣能降低封包會被側錄的風險.
進去出去的封包上了標記,該封包就一定要有頭有尾,大幅度地減少沒頭沒尾的進出封包.
之前有好幾次在mangle弄了PCQ,很典型,弄一弄突然路由器就莫名地重新啟動,
當時我看了很不可思議到整個嘴角上揚,早就懷疑這裡一定要早晚弄一個進出的封包標記,
才能解決這個疑似被駭客鑽漏的部分,之前有說官方版本的PCQ規則很有問題,我不用,
它有的問題是mangle標記封包太過簡單,正常來講要經路由前/後的標記一定要有.
若沒有,那就不要用它,但不用它,也還是會有被入侵的風險,就因此產生了今天的規則.
我本來預期弄個精簡的diffserv4,但我這樣還不如直接弄diffserv8,
我參考了國外的論壇,也去官方wiki弄清楚,原本以為像這幾天簡單弄弄,但我錯了.
並非簡單這樣弄,因為問題還是存在著,乾脆就先多多自己去慢慢釐清慢慢試下去,賓果!
人品是做人最好的底牌.
--
/ip firewall mangle
add action=mark-packet chain=prerouting comment="DSCP 46 - EF (Voice/Zoom)" \
dscp=46 new-packet-mark=EF
add action=mark-packet chain=prerouting comment="DSCP 34 - AF41 (Video)" \
dscp=34 new-packet-mark=AF41
add action=mark-packet chain=prerouting comment="DSCP 26 - AF31 (Games)" \
dscp=26 new-packet-mark=AF31
add action=mark-packet chain=prerouting comment=\
"DSCP 18 - AF21 (Web Interactive)" dscp=18 new-packet-mark=AF21
add action=mark-packet chain=prerouting comment="DSCP 10 - AF11 (Background)" \
dscp=10 new-packet-mark=AF11
add action=mark-packet chain=prerouting comment="DSCP 56 - CS7 (Routing)" \
dscp=56 new-packet-mark=CS7
add action=mark-packet chain=prerouting comment=\
"DSCP 48 - CS6 (Network Ctrl)" dscp=48 new-packet-mark=CS6
add action=mark-packet chain=prerouting comment=\
"DSCP 40 - CS5 (VoIP Signaling)" dscp=40 new-packet-mark=CS5
add action=mark-packet chain=prerouting comment="DSCP 32 - CS4 (Streaming)" \
dscp=32 new-packet-mark=CS4
add action=mark-packet chain=prerouting comment="DSCP 24 - CS3 (Database)" \
dscp=24 new-packet-mark=CS3
add action=mark-packet chain=prerouting comment="DSCP 16 - CS2" dscp=16 \
new-packet-mark=CS2
add action=mark-packet chain=prerouting comment="DSCP 8 - CS1 (Scavenger)" \
dscp=8 new-packet-mark=CS1
add action=mark-packet chain=prerouting comment="DSCP 0 - CS0 (Best Effort)" \
dscp=0 new-packet-mark=CS0
add chain=postrouting comment="Preserve existing DSCP" dscp=!0
add action=change-dscp chain=postrouting comment=\
"DSCP Rewrite - EF (Voice/Zoom)" new-dscp=46 packet-mark=EF
add action=change-dscp chain=postrouting comment=\
"DSCP Rewrite - AF41 (Video)" new-dscp=34 packet-mark=AF41
add action=change-dscp chain=postrouting comment=\
"DSCP Rewrite - AF31 (Games)" new-dscp=26 packet-mark=AF31
add action=change-dscp chain=postrouting comment=\
"DSCP Rewrite - AF21 (Web Interactive)" new-dscp=18 packet-mark=AF21
add action=change-dscp chain=postrouting comment=\
"DSCP Rewrite - AF11 (Background)" new-dscp=10 packet-mark=AF11
add action=change-dscp chain=postrouting comment=\
"DSCP Rewrite - CS7 (Routing Protocol)" new-dscp=56 packet-mark=CS7
add action=change-dscp chain=postrouting comment=\
"DSCP Rewrite - CS6 (Network Control)" new-dscp=48 packet-mark=CS6
add action=change-dscp chain=postrouting comment=\
"DSCP Rewrite - CS5 (VoIP Signaling)" new-dscp=40 packet-mark=CS5
add action=change-dscp chain=postrouting comment=\
"DSCP Rewrite - CS4 (Streaming)" new-dscp=32 packet-mark=CS4
add action=change-dscp chain=postrouting comment=\
"DSCP Rewrite - CS3 (Database)" new-dscp=24 packet-mark=CS3
add action=change-dscp chain=postrouting comment=\
"DSCP Rewrite - CS2 (Web Apps)" new-dscp=16 packet-mark=CS2
add action=change-dscp chain=postrouting comment=\
"DSCP Rewrite - CS1 (Scavenger)" new-dscp=8 packet-mark=CS1
add action=change-dscp chain=postrouting comment=\
"DSCP Rewrite - CS0 (Best Effort)" new-dscp=0 packet-mark=CS0
/queue type
add cake-diffserv=diffserv8 cake-nat=yes cake-overhead=18 kind=cake name=\
cake-rx
add cake-ack-filter=filter cake-diffserv=diffserv8 cake-nat=yes \
cake-overhead=18 kind=cake name=cake-tx
/queue tree
add max-limit=100M name=cake-rx packet-mark=\
EF,AF41,AF31,AF21,AF11,CS1,BE,CS7,CS6,CS5,CS4,CS2,CS0 parent=global \
queue=cake-rx
add max-limit=40M name=cake-tx packet-mark=\
EF,AF41,AF31,AF21,AF11,CS1,BE,CS7,CS6,CS5,CS4,CS3,CS2,CS0 parent=\
pppoe-out1 queue=cake-tx
--
先說封包標不上CS1是正常的,除非有再用p2p.我理解的方向就這樣.其實還有ipv6版本的.
目前ipv6我暫時關閉停用,等有時間再去研究,沒辦法,光是搞這興趣實在是讓我完全沒睡意,
時間差不多,該睡了.
人品是做人最好的底牌.
內文搜尋
從 APP 打開
X