Sie sind auf Seite 1von 7

TRAFFIC MANAGEMENT FOR YOUTUBE

BLOCK OR LIMIT CONNECTIONS

WHAT IS YOUTUBE? AND ITS PROBLEMATIC:


“YouTube is a website where users can upload and share videos. Hosts a variety of
clips from movies , TV shows and music videos , as well as amateur content such as
video blogs.” Ref: Wikipedia.com

This page is one of the main sites on the internet to find videos of any subject, there
are countless unimaginably shared content and it grows every day by being free and
anyone can upload material.

This has made Youtube.com in a headache for network and IT administrators of


organizations, institutions or private or public companies. Users access to listen to
music while they work, free time to watch videos of jokes, to find some help from
an academic or research project. The problem is not that people accessing the site
but is that this consumes a lot of bandwidth and affecting other services that need
to have resources available to network or internet.

The current trend in video quality and availability of high-definition equipment


interferes with the amount of data required for video playback. While it is true that
the embeded Youtube player can adjust the display quality, no user changes it or
even know how to do in order to save data to other services because the default
setting is to reproduce with the highest resolution as availability of Internet
bandwidth.

The solution adopted by network administrators is to completely disable access to


Youtube.com, this because the page requires https connection which is encrypted
and can not be "catched". But thanks to the quality and functionality of Mikrotik
RouterOS we can control how much bandwidth to provide Youtube and so force it
to play the video with the right quality and not to consume more than they should.

Next we show how to block the page and also how to modulate their video traffic.

Steven Vega Ramírez – MTCTCE, MTCRE San José, Costa Rica


stevenvegar@gmail.com Setiembre, 2016 1
- INITIAL CONSIDERATIONS:

Initially, for the two procedures, we must to make our Mikrotik router identify the
traffic generated by Youtube and their videos.

We do this through Firewall function, Protocol Layer 7. To this we must introduce a


"regular expression" and so all traffic will search the pattern we assign to. Layer 7 of
the OSI model is the application layer, in this layer the programs that visualize,
interact or obtain information. For example, an Internet browser (Firefox, Chrome,
etc.) uses many protocols, such as http, https, dns, ftp, etc. This is where traffic can
be identified.

The first step will then create a new rule in IP - > Firewall -> Layer7 Protocol. Enter
the name of the rule Youtube and on the "Regex" field the following:
^.+(youtube).+$

With this we can control the traffic indicating "youtube". But we must also find
packages that are generated when playing a video, the files are hosted on the
subdomain "googlevideo.com". Similarly to the above procedure we do for clips. We
add a new rule on "Layer7 Protocol" called Googlevideo and in the following "Regex"
field:
^.+(googlevideo).+$

To learn more about regular expressions, visit:


http://perldoc.perl.org/perlre.html

Steven Vega Ramírez – MTCTCE, MTCRE San José, Costa Rica


stevenvegar@gmail.com Setiembre, 2016 2
Once we have identified the traffic we must "mark" it to have power over it.
When entering Youtube, either through the web browser or a mobile device using
the application as such, a DNS query is made to find its servers, as is normally done
with any site or service, and then makes a connection to their servers. We must to
take advange of this to make the connection established mark between our device
and the server Youtube. Here capture traffic by simply opening the page in a
browser, a DNS request and subsequent connection.

To mark this connection go IP -> Firewall -> Mangle tab. We make a new rule, in the
"General" tab, the Chain field is "PREROUTING" on the Advanced tab will be selected
in the Layer7-Protocol, "Youtube" and the Action we put "Mark-Connection" field
and then in Connection name "Youtube Conn", you click on the OK button.
We do this procedure again but with the rule Layer7 of "Googlevideo" and the
connection name must be like "Youtube Conn".
Now we will make another marking, also in the "Mangle" section, but this time will
be with traffic packets. In the "General" tab, the Chain field is "PREROUTING" and
right there we see the field called Connection Mark, we select the mark we did
before, "Youtube Conn", then in the "Action" tab, will be in Action, "Mark Packet"
and we'll put the name "Youtube".

Now we have all the packets marked Youtube, even those who go through the
https (443) port and thus we can handle it.

Steven Vega Ramírez – MTCTCE, MTCRE San José, Costa Rica


stevenvegar@gmail.com Setiembre, 2016 3
- YOUTUBE BLOCKING:

Simply create a new rule in IP -> Firewall -> Filter Rules.


Click on the + to make a new rule and in the "General" tab, the field Chain leave it in
"Forward", there in the Connection Mark field must select the mark of Youtube
connections we had called "Youtube Conn" and finally in the "Action" tab will be the
Action, "Drop".

So we reject all traffic that has the mark and never reached its destination.

Steven Vega Ramírez – MTCTCE, MTCRE San José, Costa Rica


stevenvegar@gmail.com Setiembre, 2016 4
- BANDWIDTH MANAGEMENT FOR YOUTUBE:

As we marked packets belonging to connections of Youtube and video servers on


Googlevideo we can limit the bandwidth they use and avoid excessive consumption
of resources.

To limit the use of the internet, Queues are used, then the steps to follow:

Let’s go to the section Queues -> Queue Tree and create a new rule. In the name put
"Youtube", then the Parent field leave in "global" then Packet Marks must select the
packets that we marked the connections called "Youtube" later in the Queue Type
field must choose "PCQ-Download-Default". Now settings to limit the bandwidth.
The Limit-At field is to "reserve" a bandwidth when all resources are being used, for
example, suppose you have an internet connection of 5 Megas and are being
consumed all those 5 Megas, but if this Limit-At box has indicated 2 Megas, it will
reduce the consumption of everything else to give that 2 Megas of connection; for
our configuration it is not necessary to indicate a limitation of this type because
Youtube is not a critical service. In the box Max-Limit is where we draw the line we
want, until we want Youtube speed reaches, this is where we will be happy to control
the display quality of the videos on Youtube. If we want a video quality display we
can use this table:
Quality Speed
1080p 3M
720p 1500k
480p 1M
360p 750k
240p 500k
144p 250k

For the other values left as they are by default. If you desire you can configure the
switch Burst to give a burst of extra speed, but for our purpose is not necessary.

As we know, Youtube viewer use the best possible video quality and speed will
consume without restriction, but this rule can already tell you how much
consumption may thus restricting the quality of videos.

If we want a video just to be seen and heard, we will use 250kbps and so will not
affect other services that need internet bandwidth.

Steven Vega Ramírez – MTCTCE, MTCRE San José, Costa Rica


stevenvegar@gmail.com Setiembre, 2016 5
This setting affects EVERYONE on the network, if to do per user would mark IP
packets with the source address of the client you will put the limitation. If you
already have limited bandwidth for users Youtube marked packets should be
excluded of packages marks so that they will be not taken in count and the rule of
Youtube works in the Queues or should do a different packages marking.

Steven Vega Ramírez – MTCTCE, MTCRE San José, Costa Rica


stevenvegar@gmail.com Setiembre, 2016 6
Finally, the script is ther so you can copy and paste it, but it’s not recommend for all,
because routers have different configurations and values can vary.

- Youtube complete blocking:


/ip firewall layer7-protocol
add name=Youtube regexp="^.+(youtube).+\$"
add name=Googlevideo regexp="^.+(googlevideo).+\$"

/ip firewall mangle


add action=mark-connection chain=prerouting layer7-protocol=Youtube new-connection-mark="Youtube Conn"
passthrough=yes
add action=mark-connection chain=prerouting layer7-protocol=Googlevideo new-connection-mark="Youtube Conn"
passthrough=yes
add action=mark-packet chain=prerouting connection-mark="Youtube Conn" new-packet-mark=Youtube
passthrough=yes

/ip firewall filter


add action=drop chain=forward connection-mark="Youtube Conn"

- Youtube management at 480p:


/ip firewall layer7-protocol
add name=Youtube regexp="^.+(youtube).+\$"
add name=Googlevideo regexp="^.+(googlevideo).+\$"

/ip firewall mangle


add action=mark-connection chain=prerouting layer7-protocol=Youtube new-connection-mark="Youtube Conn"
passthrough=yes
add action=mark-connection chain=prerouting layer7-protocol=Googlevideo new-connection-mark="Youtube Conn"
passthrough=yes
add action=mark-packet chain=prerouting connection-mark="Youtube Conn" new-packet-mark=Youtube
passthrough=yes

/queue tree
add max-limit=1M name=Youtube packet-mark=Youtube parent=global queue=pcq-download-default

Any additional questions can contact me via e-mail. I hope this guide helps
someone who need to do this procedure on a network, also to show that the
Mikrotik devices are the best.

Greetings from San José, Costa Rica.

Steven Vega Ramírez – MTCTCE, MTCRE San José, Costa Rica


stevenvegar@gmail.com Setiembre, 2016 7