Saturday, February 20, 2016

How to make ping icmp high Priority on Mikrotik Routher

Mikrotik Queuing is heuristic , means every packet leaving mikrotik destined to your IP is capped, even ICMP too.
So when you do browsing or downloading any data , there will be less or no bandwidth available for PING/ ICMP packets and ping form client to mikrotik OR to internet will face frequent timeout and high latency in case of full usage of allowed bandwidth.
As showed in the image below …


NOTE:
It is recommended to block the ICMP/PING protocol on every network to avoid flooding and un wanted queries from the client end. (You can exempt your admin pc or other from this restriction via source address list)
Or if you still want to allow icmp , then simply mark icmp packets and and create a queue that allows more bandwidth to icmp marked packets.

1- EXAMPLE OF PING/ICMP QUEUE USING SIMPLE QUEUE [overall capping]

/ip firewall mangle
add chain=prerouting protocol=icmp action=mark-connection new-connection-mark=icmp-con passthrough=yes comment="" disabled=no
add chain=prerouting protocol=icmp connection-mark=icmp-con action=mark-packet new-packet-mark=icmp-pkt passthrough=no comment="" disabled=no

/queue simple
add max-limit=128k/128k name=ICMP_Priority packet-marks=icmp-pkt target=""

Result after implementing above code.


2- SECOND EXAMPLE OF PING/ICMP QUEUE USING PCQ TREE | (FOR PER USER DISTRIBUTION)

The following script will mark icmp packets and will allow 32k per user for icmp traffic via PCQ / QUEUE TREE
1
2
3
4
5
6
7
8
9
10
11
12
/ip firewall mangle
add action=mark-packet chain=prerouting comment="Mark ICMP I" new-packet-mark=ping_pkts_i protocol=icmp
add action=mark-packet chain=postrouting comment="Mark ICMP O" new-packet-mark=ping_pkts_o protocol=icmp
 
/queue type
add kind=pcq name="ping_pkts_i_32K" pcq-classifier=dst-address pcq-dst-address6-mask=64 pcq-rate=32k pcq-src-address6-mask=64
add kind=pcq name="ping_pkts_o_32K" pcq-classifier=src-address pcq-dst-address6-mask=64 pcq-rate=32k pcq-src-address6-mask=64
 
 
/queue tree
add name=ping_pkts_i packet-mark=ping_pkts_i parent=global-out queue="ping_pkts_i_32K"
add name=ping_pkts_o packet-mark=ping_pkts_o parent=global-out queue="ping_pkts_o_32K"

TIP: You can also use PRIORITY base queuing to give priority to ICMP packets from user own queue over other protocols.
By a la/s
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)