Skip to content
Apr 12 / Greg

Mikrotik – How I Control My Videos With PCQ And Connection Limiting

I initially had no QoS on my servers, which I quickly found was a BAD idea! I had tons of users opening tons of connections, which means my server kept becoming unresponsive. Each time a new connection comes in apache spawns a new process and it would eat somehwere around 25MB of ram; so after users would connect with multi threadded downloaders, my site would tank every day or so. To prevent this, I put connection limiting in place. I then noticed that users with higher connection speeds were pulling the videos quick, which could max out my internet connection, so I put in some controls for that in the form of an PCQ(Per Connection Queue). An PCQ allowed me to offer my videos at a fixed rate to each user that connects, thus no one user can max out the connection.

We start by matching HTTP get requests. I created an L7 rule to match my video files:

1
2

/ip firewall layer7-protocol
add comment="" name="Download - MP4" regexp="^.*get.+\\.mp4.*\$"

Next I create a mangle rule to mark the connections heading to my server on port 80 matching my L7 rule.
Then a mangle rule marks packets based on packets that have the connection mark.

1
2
3
4
5
6

/ip firewall mangle
add action=mark-connection chain=prerouting comment="Mark Connection MP4 Downloads on Greg's site" \
    disabled=no dst-address=209.189.228.152 dst-port=80 layer7-protocol="Download - MP4" \
    new-connection-mark=MP4Connection passthrough=yes protocol=tcp src-address=0.0.0.0/0
add action=mark-packet chain=prerouting comment="" connection-mark=MP4Connection disabled=no \
    new-packet-mark=MP4Connection passthrough=no

This firewall rule limits the number of connections per user to 3 based on the connection mark.

1
2
3
4

/ip firewall filter
add action=tarpit chain=forward comment="Drop High Greg MP4" \
    connection-limit=3,32 connection-mark=MP4Connection disabled=no \
    in-interface=ether1 protocol=tcp

I then created a PCQ that gives 200K to each user pulling my video based on destination. I did destination because I’m limiting traffic going out to the user, so this will classify each individual IP.

1
2
3

/queue type
add kind=pcq name=GregMP4 pcq-classifier=dst-address pcq-limit=50 pcq-rate=\
    200000 pcq-total-limit=6000000

Last I added the queue tree to my existing “OUT” queue. I specify my new PCQ and gave them a max of 6Mb and a minimum of 3Mb.

1
2
3
4
5
6

/queue tree
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=10M name=OUT parent=ether1 priority=8
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=3M \
    max-limit=6M name=GregMP4 packet-mark=MP4Connection parent=OUT priority=7 \
    queue=GregMP4

So, if you guys have a specific resource you need to control a little more closely, give this a try. Let me know what you guys think 🙂

Filed under Hardware, Mikrotik, Networking

2 Comments

leave a comment
  1. Dybik / May 3 2010

    Great work! Thanks.

  2. Greg / May 3 2010

    NP 🙂

Leave a Comment

 

CAPTCHA

*