Implementing QoS ROS V6 in Building Hotspot Network

In order to create the system that is a little bit more complex, we must start from the simple things. Although this a
simple do not think that it does not mean anything. I am sure the understanding of a simple things will help us to
improve it into a more complex system that has never been seen before. Regardless of any shortcomings that exist
in this blog, there are a negative comments and dislike in the video that I get, the passion in the new exploration is
become the soul of agratitudesign want to brings a little solve for the knowledge through the case study using the
experience and experiment.
In this article I will show you about the implementation QoS ROS V6 in building a simple hotspot network, how we
can manage of the bandwidth management. As probably you know QoS ROS Version 6 is the improvements of all
the shortcomings during along the review of the previous versions. Also i want to show you the initial configuration
in building a network using your favorite router. As an example in this case I will build a simple hotspot network
using QoS V6. You can see in detail the entire configuration process through this following video!
1. Setup and Configuring Mikrotik to build a Simple Hotspot

In order to build a simple hotspot system you see the schematic picture above! Using the internet connection to the
hotspot network system. I am using a modem that that will shared through 1 unit computer server connected win
lan cable leading to the interface ether1 of the interface Mikrotik router RB 750. The internet will be distribute via
ether2 interface to the hotspot network that will be routed through the wireless TP-Link as the access point where
the client by using wifi terminal connected to the access point at first.
For that you have to do some configuration to your access point that is adjusted to the ip address of the router
network configuration. You can use another access point if you don't have wireless router terminal on mikrotik router.
If your router already have wireless terminal you can directly configure the router network that allow the client that
is connected to your network.

http://agratitudesign.blogspot.com/2015/03/implementing-qos-ros-v6-in-building.html

The above pictures are an example of the configuration of wireless TP-Link as an access point of your router if the
router don't have any wireless terminal for the access point. If you are using wireless TP-Link, please adjust the IP
configuration to your network Mikrotik interfaces that you are using. The access points must use router gateway. In
this case I do not use dhcp server of the access point, because the final I want to do much configuration using dhcp
server from Mikrotik router centrally!
Assuming that you've done in configuring of your access point , and has connected to the router that has the Internet
gateway, then we will do the mikrotik configuration using Winbox from the client that is connected to the access
point. You need to set up the IP address as you have planned for the final configuration as the schematic plan above.

We have not done anything on the mikrotik configuration, we can only access the Winbox from the client using mac
address as shown like the picture above. Once we enterd to Winbox, we do not use the default configuration of the
router. Click on the Remove Configuration, we will do some configuration manually according to the schematic
plan.

http://agratitudesign.blogspot.com/2015/03/implementing-qos-ros-v6-in-building.html

Give the name of your interface list, adjust it depends on where the interface router that you put with, in this case
I have use ether1 and ether2, if it is not so clear, let you see the video tutorial
ether1=wan | Ip Network =192.168.137.2/24 (public interface)
ether2=hotspot | Ip Network =192.168.1.1/24 (local interface)
Then for more quickly you enter this following scripts to the new terminal winbox!
/ip address
add address=192.168.137.2/24 interface=wan
add address=192.168.1.1/24 interface=hotspot
/ip dns
set allow-remote-requests=yes cache-max-ttl=1w cache-size=5000KiB max-udp-packetsize=512 servers=8.8.8.8,8.8.4.4
/ip route
add dst-address=0.0.0.0/0 gateway=192.168.137.1
/ip firewall nat
add action=masquerade chain=srcnat out-interface=wan src-address=192.168.1.0/24
disabled=no comment="Masquerade Public Traffic"

Make sure your network interfaces and the gateway has been reachable, see on the Route List of your router as the
left picture above, then you can setup your dhcp server for your clients. And now you can restart the router and
reconnect your wireless access point to get a new ip address as a client from the dhcp server router. After this you
can access the winbox using ip address 192.168.1.1 as the gateway of your router. Untill this step your internet
access has been occurred.

http://agratitudesign.blogspot.com/2015/03/implementing-qos-ros-v6-in-building.html

2. Setup Mangle and Queue tree rules as the QoS implementation in version 6
In this case we are not using hotspot to manage the bandwidth for each client logins, I will talk about this next
time. For now just enough in using general QoS to manage your clients bandwidth that connected to dhcp server
so you can see about the QoS works in version 6. Ok we start by defining the configuration in Layer 7 Protocols,
for more quickly, please insert the script below as usually you do in version 5!
/ip firewall layer7-protocol
add comment="download" name=high regexp="^.*get.+\\.(exe|rar|iso|zip|7zip|0[0-9][19]|flv|mkv|avi|mp4|3gp|rmvb|mp3|img|dat|mov).*\$"
add comment="download" name=document
regexp="^.*get.+\\.(pdf|doc|docx|xlsx|xls|rtf|ppt|ppt).*\$"
add comment="video" name=youtube
regexp="^.*get.+\\.(c.youtube.com|cdn.dailymotion.com|metacafe.com|mccont.com).*\$"
add comment="video" name=streaming regexp="videoplayback|video"
add comment="video" name=youtube_matcher regexp="(GET \\/videoplayback\\\?|GET
\\/crossdomain\\.xml)"
You can add any definition else to create the kind of connection packets that you need as the QoS of your router.
Now how can we mark the connection packets in version 6, look at the mangle scripts below!
/ip firewall mangle
add action=mark-connection chain=forward disabled=no in-interface=wan new-connectionmark=all-outconn passthrough=yes comment="DOWNSTEAM CONNECTION"
add action=mark-packet chain=forward connection-mark=all-outconn disabled=no newpacket-mark=all-outpkt passthrough=yes comment="DOWNSTEAM"
/ip firewall mangle
add action=mark-packet chain=forward layer7-protocol=high new-packet-mark=dpkt packetmark=all-outpkt passthrough=no comment="CLIENT DOWNLOAD FILES"
add action=mark-packet chain=forward layer7-protocol=document new-packet-mark=dpkt
packet-mark=all-outpkt passthrough=no comment=""
/ip firewall mangle
add action=mark-packet chain=forward layer7-protocol=youtube new-packet-mark=spkt
packet-mark=all-outpkt passthrough=no comment="CLIENT VIDEO STREAMING"
add action=mark-packet chain=forward layer7-protocol=streaming new-packet-mark=spkt
packet-mark=all-outpkt passthrough=no comment=""
add action=mark-packet chain=forward layer7-protocol=youtube_matcher new-packetmark=spkt packet-mark=all-outpkt passthrough=no comment=""
/ip firewall mangle
add action=mark-packet chain=forward connection-bytes=0-1000000 src-port=80,443
passthrough=no new-packet-mark=bpkt packet-mark=all-outpkt protocol=tcp
comment="CLIENT BROWSING"
We just need to create the mangle rules using chain=forward with in-interface=wan (public interface) then
we will separate into the kind of connection packet else, how long can you defining the connection packets, you
can expand this rules as your requirements!
And second you can create the mangle rules using chain=postrouting with out-interface=hotspot (local
interface) as you can see on the scripts below!
/ip firewall mangle
add action=mark-connection chain=postrouting disabled=no out-interface=hotspot newconnection-mark=all-outconn passthrough=yes comment="DOWNSTEAM CONNECTION"
add action=mark-packet chain=postrouting connection-mark=all-outconn disabled=no newpacket-mark=all-outpkt passthrough=yes comment="DOWNSTEAM"
http://agratitudesign.blogspot.com/2015/03/implementing-qos-ros-v6-in-building.html

/ip firewall mangle

add action=mark-packet chain=postrouting layer7-protocol=high new-packet-mark=dpkt
packet-mark=all-outpkt passthrough=no comment="CLIENT DOWNLOAD"
add action=mark-packet chain=postrouting layer7-protocol=document new-packetmark=dpkt packet-mark=all-outpkt passthrough=no comment=""
/ip firewall mangle
add action=mark-packet chain=postrouting layer7-protocol=youtube new-packet-mark=spkt
packet-mark=all-outpkt passthrough=no comment="CLIENT VIDEO"
add action=mark-packet chain=postrouting layer7-protocol=streaming new-packetmark=spkt packet-mark=all-outpkt passthrough=no comment=""
add action=mark-packet chain=postrouting layer7-protocol=youtube_matcher new-packetmark=spkt packet-mark=all-outpkt passthrough=no comment=""
/ip firewall mangle
add action=mark-packet chain=postrouting connection-bytes=0-1000000 src-port=80,443
passthrough=no new-packet-mark=bpkt packet-mark=all-outpkt protocol=tcp
comment="CLIENT BROWSING"
Choose the mangle rule from the above scripts as you like, but dont use both methods together, understand ? next
we will implemented the queue type of the pcq rules in order to manage the bandwidth equal for all clients without
knowing the ip address clients that was given by dhcp server. Then adjust this rates depends on how much bandwidth
do you have, right?
/queue type
add name=pcq_upsteam kind=pcq pcq-rate=512k pcq-classifier=src-address
add name=pcq_downsteam kind=pcq pcq-rate=512k pcq-classifier=dst-address
add name=pcq_browsing kind=pcq pcq-rate=512k pcq-classifier=dst-address
add name=pcq_download kind=pcq pcq-rate=512k pcq-classifier=dst-address
add name=pcq_video kind=pcq pcq-rate=512k pcq-classifier=dst-address
And this is going to be the most important and specific rules in queue tree in QoS Version 6, how you can capture
the kind connection packets that you have marked along as mangle rules. We dont need to give any marking for
upload connection packets. So this will makes the mangle rules more short against in version 5. Look at the queue
tree rules below!
/queue tree
add name=Upsteam parent=wan queue=pcq_upsteam packet-mark=all-outpkt priority=8 maxlimit=1000k
add name=Downsteam parent=global queue=pcq_downsteam packet-mark=all-outpkt priority=8
max-limit=1000k
add name=1.Browsing parent=Downsteam queue=pcq_browsing packet-mark=bpkt priority=1
limit-at=256k max-limit=512k
add name=2.Download parent=Downsteam queue=pcq_download packet-mark=dpkt priority=2
limit-at=256k max-limit=512k
add name=3.Video parent=Downsteam queue=pcq_video packet-mark=spkt priority=3 limitat=256k max-limit=512k
We use the same packet-mark for upload and download, which decisive is the parent that you have used in queue
tree rules. In this case upload using parent=wan as the public interface of the router and Download using
parent=global then you can continue for the kind of download packets else. So this is the different when we
implement the QoS in Router OS Version 6. And finally can expand this rules as your requirements to manage your
bandwidth system as you like, see you!

http://agratitudesign.blogspot.com/2015/03/implementing-qos-ros-v6-in-building.html