Sunteți pe pagina 1din 12

Bueno compañeros en esta guía veremos un tema sumamente interesante , Calidad de servicio es

una solución muy requerida por los WISP .En mi opinión diría que todo WISP debería de contar
con un QoS configurado según su necesidad , Por esa misma razón en esta guía veremos un QoS
Estándar para mejorar el Servicio a un 100%.

Diseño:

1 .Aplicando Balanceo NTH


a)Configurando el Direccionamiento de la WAN

WAN 1: En este escenario no se configura la wan 1 porque esta en bridge.


y automáticamente nos enviara una ip publica, para eso tenemos que configurar el PPPoE
cliente .
Configuración de PPPoE cliente :
http://mikrotik.com.pe/foros/threads/configurar-pppoe-cliente.27/#post-130

WAN2: Es necesario colocar una ip fija porque el router que nos da acceso a Internet esta en
modo Router mas no en bridge .
add address=192.168.1.2/24 interface=ether2 network=192.168.1.0
b)Configurando el Direccionamiento de la Lan

Código (Text):
add address=192.168.5.1/24 interface=ether5 network=192.168.5.0

Nota: Quedaría de la siguiente manera

c)Aplicando Nat:
Sirve para traducir todas las peticiones desde una red lan a una red wan.
"permitiría a un host dentro de la red ser visible desde Internet"

Código (Text):
/ip firewall nat

add action=masquerade chain=srcnat out-interface=pppoe-out1


add action=masquerade chain=srcnat out-interface=ether2

d)Ingresando los DNS


Qué Función Cumple los DNS ?
Básicamente Sirve para traducir de IP a Nombre o de Nombre a IP.

Ejemplo : mikrotik.com.pe = 192.95.56.38


192.95.56.38 = mikrotik.com.p

2 .Balanceando
a) Enviando BCP por una linea
Código (Text):
/ip firewall mangle

add action=mark-routing chain=prerouting comment="WEB MAIL" dst


port=2095 new-routing-mark=to_ISP1 passthrough=no protocol=tcp
add action=mark-routing chain=prerouting comment=BCP dst-address=200.4.200.128/26 new-routing-
mark=to_ISP1 passthrough=no
add action=mark-routing chain=prerouting comment=BCP dst-address=200.37.27.128/26 new-routing-
mark=to_ISP1 passthrough=no

b) todo lo que entre por un WAN, debe salir por el mismo WAN

Código (Text):
/ip firewall mangle
add action=mark-connection chain=prerouting connection-mark=no-mark \
in-interface=pppoe-out1 new-connection-mark=ISP1_conn
add action=mark-connection chain=prerouting connection-mark=no-mark \
in-interface=ether2 new-connection-mark=ISP2_conn
add action=mark-routing chain=output connection-mark=ISP1_conn \
new-routing-mark=to_ISP1 passthrough=no
add action=mark-routing chain=output connection-mark=ISP2_conn \
new-routing-mark=to_ISP2 passthrough=no
c )Ingresando la red que se Balanceara
Código (Text):
/ip firewall address-list
add address=192.168.5.0/24 list=RED

d)Balanceando las Peticiones

Código (Text):
/ip firewall mangle
add action=mark-connection chain=prerouting comment=NTH connection-mark=\
no-mark dst-address-type=!local new-connection-mark=ISP1_conn nth=2,1 \
src-address-list=RED
add action=mark-routing chain=prerouting connection-mark=ISP1_conn \
new-routing-mark=to_ISP1 passthrough=no src-address-list=RED
add action=mark-connection chain=prerouting connection-mark=no-mark \
dst-address-type=!local new-connection-mark=ISP2_conn nth=1,1 \
src-address-list=RED
add action=mark-routing chain=prerouting connection-mark=ISP2_conn \
new-routing-mark=to_ISP2 passthrough=no src-address-list=RED
e)Ingresando puerta de Enlace
Recuerden que nuestra puerta de enlace de las 2 wanes son la siguientes:

WAN1: Nos asignara automaticamente(Tendremos que apuntar a nuestro PPPoE )


WAN2: 192.168.2.1
después de haber identificado nuestra puerta de enlace , pasaremos a configurar.

Código (Text):
/ip route
add check-gateway=ping distance=1 gateway=pppoe-out1
add check-gateway=ping distance=2 gateway=192.168.2.1

f)Enviando las marcas por una Ruta


las marcas que creamos anteriormente se enviaran por sus respectivas puertas de enlaces.

Código (Text):
/ip route
add check-gateway=ping distance=1 gateway=pppoe-out1 \
routing-mark=to_ISP1
add check-gateway=ping distance=1 gateway=192.168.1.1 \
routing-mark=to_ISP2

g) Reflexión
3.Calidad de Servicio
Priorizar trafico en una red es muy importante , con este QoS decimos que pase lo que
pase tenga prioridad la navegación , cosa que si hay algún infiltrado descargando música
lo podrá hacer pero el mikrotik sabe que no es prioridad .
a)Ingresando las ip de los Servidores que serán Limitados
analizando un poco el esquema pude obtener algunas ips de unos servidores de youtube mp3
para limitarle la velocidad.

Código (Text):
/ip firewall address-list

add address=46.105.0.0/16 list=FullDownload


add address=37.187.0.0/16 list=FullDownload
add address=167.114.0.0/16 list=FullDownload

b) Marcando los Paquetes


Con la siguiente imagen les indico de una manera rápida como realizamos el marcado de
paquetes en mangle .
Código (Text):
add action=mark-packet chain=forward comment="QoS1 -Prio1" connection-
mark=ISP1_conn dst-address-list=RED in-interface=pppoe-out1 new-packet-
mark=L1_PRIO1_down \
passthrough=no protocol=udp src-port=53
add action=mark-packet chain=forward connection-mark=ISP1_conn dst-port=53 new-
packet-mark=L1_PRIO1_up out-interface=pppoe-out1 passthrough=no protocol=udp \
src-address-list=RED
add action=mark-packet chain=forward comment="VOIP -INKAVOIP-Prio2" connection-
mark=ISP1_conn dst-address-list=RED in-interface=pppoe-out1 new-packet-
mark=L1_PRIO2_down \
passthrough=no src-address=192.95.62.41
add action=mark-packet chain=forward connection-mark=ISP1_conn dst-
address=192.95.62.41 new-packet-mark=L1_PRIO2_up out-interface=pppoe-out1
passthrough=no \
src-address-list=RED
add action=mark-packet chain=forward comment="YOUTUBE MP3-Prio8" connection-
mark=ISP1_conn dst-address-list=FullDownload new-packet-mark=L1_PRIO8_up out-
interface=\
pppoe-out1 passthrough=no src-address-list=RED
add action=mark-packet chain=forward connection-mark=ISP1_conn dst-address-list=RED
in-interface=pppoe-out1 new-packet-mark=L1_PRIO8_down passthrough=no \
src-address-list=FullDownload
add action=mark-packet chain=forward comment="NAVEGACION -Prio3" connection-
mark=ISP1_conn dst-address-list=RED in-interface=pppoe-out1 new-packet-
mark=L1_PRIO3_down \
passthrough=no protocol=tcp src-port=80,443,8080,8081
add action=mark-packet chain=forward connection-mark=ISP1_conn dst-address-list=RED
in-interface=pppoe-out1 new-packet-mark=L1_PRIO3_down passthrough=no
protocol=udp \
src-port=80,443,8080,8081
add action=mark-packet chain=forward connection-mark=ISP1_conn dst-
port=80,443,8080,8081 new-packet-mark=L1_PRIO3_up out-interface=pppoe-out1
passthrough=no protocol=tcp \
src-address-list=RED
add action=mark-packet chain=forward connection-mark=ISP1_conn dst-
port=80,443,8080,8081 new-packet-mark=L1_PRIO3_up out-interface=pppoe-out1
passthrough=no protocol=udp \
src-address-list=RED
add action=mark-packet chain=forward comment=OTROS-Prio8 connection-
mark=ISP1_conn dst-address-list=RED in-interface=pppoe-out1 new-packet-
mark=L1_PRIO8_down \
packet-mark=no-mark passthrough=no
add action=mark-packet chain=forward connection-mark=ISP1_conn new-packet-
mark=L1_PRIO8_up out-interface=pppoe-out1 packet-mark=no-mark passthrough=no src-
address-list=\
RED
add action=mark-packet chain=forward comment="QoS2 -Prio1" connection-
mark=ISP2_conn dst-address-list=RED in-interface=ether2 new-packet-
mark=L2_PRIO1_down passthrough=\
no protocol=udp src-port=53
add action=mark-packet chain=forward connection-mark=ISP2_conn dst-port=53 new-
packet-mark=L2_PRIO1_up out-interface=ether2 passthrough=no protocol=udp src-
address-list=\
RED
add action=mark-packet chain=forward comment="VOIP -INKAVOIP-Prio2" connection-
mark=ISP2_conn dst-address-list=RED in-interface=ether2 new-packet-
mark=L2_PRIO2_down \
passthrough=no src-address=192.95.62.41
add action=mark-packet chain=forward connection-mark=ISP2_conn dst-
address=192.95.62.41 new-packet-mark=L2_PRIO2_up out-interface=ether2
passthrough=no src-address-list=\
RED
add action=mark-packet chain=forward comment="YOUTUBE MP3-Prio8" connection-
mark=ISP2_conn dst-address-list=RED in-interface=ether2 new-packet-
mark=L2_PRIO8_down \
passthrough=no src-address-list=FullDownload
add action=mark-packet chain=forward connection-mark=ISP2_conn dst-address-
list=FullDownload new-packet-mark=L2_PRIO8_up out-interface=ether2 passthrough=no
\
src-address-list=RED
add action=mark-packet chain=forward comment="NAVEGACION -Prio3" connection-
mark=ISP2_conn dst-address-list=RED in-interface=ether2 new-packet-
mark=L2_PRIO3_down \
passthrough=no protocol=tcp src-port=80,443,8080,8081
add action=mark-packet chain=forward connection-mark=ISP2_conn dst-address-list=RED
in-interface=ether2 new-packet-mark=L2_PRIO3_down passthrough=no protocol=udp \
src-port=80,443,8080,8081
add action=mark-packet chain=forward connection-mark=ISP2_conn dst-
port=80,443,8080,8081 new-packet-mark=L2_PRIO3_up out-interface=ether2
passthrough=no protocol=tcp \
src-address-list=RED
add action=mark-packet chain=forward connection-mark=ISP2_conn dst-
port=80,443,8080,8081 new-packet-mark=L2_PRIO3_up out-interface=ether2
passthrough=no protocol=udp \
src-address-list=RED
add action=mark-packet chain=forward comment=OTROS-Prio8 connection-
mark=ISP2_conn dst-address-list=RED in-interface=ether2 new-packet-
mark=L2_PRIO8_down packet-mark=\
no-mark passthrough=no
add action=mark-packet chain=forward connection-mark=ISP2_conn new-packet-
mark=L2_PRIO8_up out-interface=ether2 packet-mark=no-mark passthrough=no src-
address-list=RED
C) Creando la Estructura HTB

Código (Text):
/queue tree
add max-limit=4100k name=##Download1 parent=global priority=1 queue=default
add name=PRIO.1 packet-mark=L1_PRIO1_down parent=##Download1 priority=1
queue=pcq-down1
add name=PRIO.2 packet-mark=L1_PRIO2_down parent=##Download1 priority=2
queue=pcq-down1
add name=PRIO.3 packet-mark=L1_PRIO3_down parent=##Download1 priority=3
queue=pcq-down1
add name=PRIO.8 packet-mark=L1_PRIO8_down parent=##Download1 queue=pcq-down1
add max-limit=1750k name=Download2 parent=global priority=1 queue=default
add name=PRIO..1 packet-mark=L2_PRIO1_down parent=Download2 priority=1 queue=pcq-
down2
add name=PRIO..2 packet-mark=L2_PRIO2_down parent=Download2 priority=2 queue=pcq-
down2
add name=PRIO..3 packet-mark=L2_PRIO3_down parent=Download2 priority=3 queue=pcq-
down2
add name=PRIO..8 packet-mark=L2_PRIO8_down parent=Download2 queue=pcq-down2
add max-limit=800k name=##Upload1 parent=global priority=1 queue=default
add name=PRIO...1 packet-mark=L1_PRIO1_up parent=##Upload1 priority=1 queue=pcq-up1
add name=PRIO...2 packet-mark=L1_PRIO2_up parent=##Upload1 priority=2 queue=pcq-up1
add name=PRIO...3 packet-mark=L1_PRIO3_up parent=##Upload1 priority=3 queue=pcq-up1
add name=PRIO...8 packet-mark=L1_PRIO8_up parent=##Upload1 queue=pcq-up1
add max-limit=250k name=Upload2 parent=global priority=1 queue=default
add name=PRIO1 packet-mark=L2_PRIO1_up parent=Upload2 priority=1 queue=pcq-up2
add name=PRIO2 packet-mark=L2_PRIO2_up parent=Upload2 priority=2 queue=pcq-up2
add name=PRIO3 packet-mark=L2_PRIO3_up parent=Upload2 priority=3 queue=pcq-up2
add name=PRIO8 packet-mark=L2_PRIO8_up parent=Upload2 queue=pcq-up2