Pular para o conteúdo principal

Mikrotik - Reduce gaming and streaming lag with a Mikrotik RouterBOARD

Do you play online games? Of course you do. Have you experienced lag? Very likely. No matter how fast your internet connection is, if another program or person on your network competes for bandwidth, the packets will be processed at the same priority, resulting in increased latency (or worse, packet loss) for your game or other interactive applications. Whether you share an internet connection with roommates or operate a gaming house, LAN center, etc, this can quickly become a problem. Thankfully there's a cheap and relatively easy way to solve this in the form of a decent router - the Mikrotik RouterBOARD.
Many people are familiar with the trouble consumer grade routers can cause. It's not a surprise that the number one go to troubleshooting technique is a simple reboot - consumer routers are designed to be low price and thus operate on cheap hardware with limited memory which can easily cause problems. From NAT table overflows to DHCP server crashes, your off-the-shelf router probably isn't that great. While some routers claim to offer QoS options to help prioritize traffic, they have very limited functionality and can even reduce performance since the hardware in such routers is not meant for any kind of serious processing.
Thankfully there's a good step in between full grade business routers like Cisco (real Cisco, not the rebadged Linksys crap) and the off-the-shelf consumer routers. Mikrotik is a Latvian based company that produces both hardware (RouterBOARDs) and software (RouterOS) that provide a solid platform on which to build a router. The hardware alone is far and away better grade than almost anything you can find in consumer routers - try to find any big box retailer selling a router with 128 MB RAM! The software provides a GUI to a Linux-based routing setup - don't worry, you don't need to know any complicated Linux stuff - RouterOS handles it all for you, while still exposing all of the power and flexibility that Linux offers.
This guide is going to focus on setting up and configuring the RB951G-2HnD. This is one of the latest RouterBOARD models with a 600 MHz CPU, integrated high power 2.4GHz 802.11n wireless and five port gigabit ethernet. The RB951G-2HnD will handle up to around 200mbps internet connections without a problem.
Note: This guide is a work in progress.
Step 1: Buy It.
As RouterBOARDs are somewhat specialized hardware, you are unlikely to find many physical stores carrying them, so be prepared to order online. Depending on where you live, you have several options. In the US, the RB951G-2HnD is available at roc-noc.com, one of my favorite distributors (I've ordered many times from them with great results). It's also available on Amazon.
Outside of the US, I recommend consulting the Mikrotik distributor list to find a local seller.
Step 2: Unboxing and connecting
You'll receive a small box containing the router, a power adapter and possibly a sticker with your serial number on it. Don't expect any manuals or installation discs etc - remember these are not consumer routers! If you get a sticker, attach it to the bottom of your router for safe keeping. You shouldn't need to worry about the serial number unless you have to do a complete re-imaging of the RouterOS software.
Depending on your distributor, the default configurations for the device can vary. Typically the 1st ethernet port will be setup for WAN usage, and ports 2-5 LAN. Connect your internet (cable modem, fiber, DSL, etc) to port 1 and a PC or laptop to port 2 on the router using an ethernet cable, then plug in the power. The router should take around 15-30 seconds to boot. Now turn on your PC or laptop and it should hopefully acquire an IP address via DHCP from the router. The most common default range is 192.168.88.0/24, so expect an IP of 192.168.88.254 or similar. You should now be able to navigate to http://192.168.88.1/ to access "Webbox" - a cut down web interface version of "Winbox", a software program used to configure RouterOS. On the Webbox screen should be a link to download Winbox - click that and you should have a copy of winbox.exe which we will use for the rest of this guide.
Note: RouterOS runs on top of a full Linux OS. As such, you should avoid abruptly unpowering the router where possible as you run a small risk of causing file system corruption. In both Webbox and Winbox is a system / shutdown option which you can use to initiate a clean shutdown, at which point it is safe to remove power.
Step 3: Check for software updates
As the router has likely been sitting around in a warehouse for a few months, it's important to update the software to ensure you have the latest security and performance updates. To do this, log in to the router using the winbox.exe you downloaded - enter the IP address 192.168.88.1, username admin and a blank password.
Once logged in to winbox, on the left menu choose System / Packages and click "Check for updates". If an update is available, hit "Download and install" and your router will reboot and install the update.
Step 4: Configure wireless network
Now let's set up your wireless network. On the Wireless menu in winbox, double click on wlan1 to open up the properties for the wireless adapter. From here, go to the "Wireless" tab and hit the "Advanced Mode" button, then set the following options:
Wireless Protocol: 802.11
Frequency Mode: regulatory domain
Country: Your country
Channel Width: 20/40 MHz Ce
Frequency: Pick the least congested frequency - use the "Freq Usage" button as a quick test
SSID: Name of your wireless network
Hit OK, then go to the "Security Profiles" tab of the Wireless dialog. Double click "default" and set the following:
Mode: dynamic keys
Authentication Types: WPA2 PSK
Ciphers: aes ccm
WPA 2 Pre Shared Key: Your wireless password
This should leave you with a fully secured wireless network.
Step 5: Set up some basic features
Go to System / Clock and set your time zone (don't worry about the date / time)
Go to System / SNTP Client and enable it, set primary server time.nist.gov, secondary pool.ntp.org
Go to System / Password and enter a password to secure the router's admin interface
Go to IP / UPNP and hit Enabled. Click the Interfaces box, then click the + to add a new interface. Add ether1 (your internet) as an external interface. Hit OK, then + again and add bridge-local as your internal interface. This will enable UPNP allowing applications on your network to configure port forwarding automatically if needed.
At this point you are pretty much set if all you want is a solid, stable router. The next steps will set up QoS to ensure smooth gaming and streaming.
Step 6: Setting up QoS
This is where it starts to get a little complicated. Rather than explain everything involving the firewall, connection marking, packet tagging, queues, priorities, etc, I'm going to give you a bunch of commands that you should run. To run these commands, press "New Terminal" in winbox, then copy and paste the following:
/queue tree
add limit-at=9700k max-limit=9700k name=queue1 parent=ether1-gateway queue=default
add limit-at=9300k max-limit=9300k name=prio5-streaming packet-mark=streaming parent=queue1 priority=5 queue=default
add limit-at=100k max-limit=9500k name=prio8-untagged packet-mark=no-mark parent=queue1 queue=default
add limit-at=1G max-limit=1G name=prio3-gaming packet-mark=gaming parent=queue1 priority=3 queue=default
add limit-at=1G max-limit=1G name=prio2-misc-fast packet-mark=misc-fast parent=queue1 priority=2 queue=default
add limit-at=100k max-limit=9500k name=prio6-http packet-mark=http parent=queue1 priority=6 queue=default
/ip firewall mangle
add action=mark-packet chain=postrouting connection-mark=streaming new-packet-mark=streaming passthrough=no
add action=mark-packet chain=postrouting connection-mark=gaming new-packet-mark=gaming passthrough=no
add action=mark-packet chain=postrouting new-packet-mark=misc-fast packet-size=40 passthrough=no protocol=tcp tcp-flags=ack
add action=mark-packet chain=postrouting dst-port=53 new-packet-mark=misc-fast out-interface=ether1-gateway passthrough=no protocol=udp
add action=mark-packet chain=postrouting connection-mark=http new-packet-mark=http passthrough=no
add action=mark-connection chain=postrouting comment=Streaming connection-state=new dst-port=1935 new-connection-mark=streaming out-interface=ether1-gateway protocol=tcp
add action=mark-connection chain=postrouting comment=League dst-port=5000-5500 new-connection-mark=gaming out-interface=ether1-gateway protocol=udp
add action=mark-connection chain=postrouting comment=SC2 dst-port=1119 new-connection-mark=gaming out-interface=ether1-gateway protocol=udp
add action=mark-connection chain=postrouting comment=HotS dst-port=1120,3724 new-connection-mark=gaming out-interface=ether1-gateway protocol=udp
add action=mark-connection chain=postrouting comment="BW + HotS" dst-port=6112-6113 new-connection-mark=gaming out-interface=ether1-gateway protocol=udp
add action=mark-connection chain=postrouting comment="Valve Games" dst-port=27000-27060 new-connection-mark=gaming out-interface=ether1-gateway protocol=udp
add action=mark-connection chain=postrouting comment="Web Browsing" connection-state=new dst-port=80,443 new-connection-mark=http out-interface=ether1-gateway protocol=tcp
After doing this, click on Queues / Queue Tree and double click queue1. You'll see the value 9700k - this should be replaced by a little under your upload speed. The copy/paste code was designed for someone with 10mbps upload, so the maximum upload is limited to 9.7mbps (9700k). You want to limit it just under your max upload, otherwise there is a risk the upload will be queued on your modem, making all the QoS worthless. After setting your max upload on queue1, double click streaming and do the same, except slightly lower. If streaming affects your gaming, you can set the streaming queue to a little over your maximum stream bitrate so that the stream bandwidth is smoothed out, but try the regular method first.
Next up, double click http and no-mark and do the same there - replace 9500k with a number slightly less than the number you used for queue1. This will ensure http and uncategorized traffic won't hog the connection.
This will set up basic upload QoS, with supported games being StarCraft 2, Brood War, Valve Source based games (CS:GO, Dota 2, etc), Heroes of the Storm and League of Legends . Gaming and important small packets such as TCP acks and DNS get the highest priority, ensuring there's no lag even if the upstream is close to max. The next highest priority is outgoing stream data, so if you're streaming it won't get interrupted by other uploads such as video uploads or torrents.

fonte: https://r1ch.net/blog/routerboard

Postagens mais visitadas deste blog

Mikrotik - Block Bittorrent and P2P using latest Mikrotik Version 6.41

Mikrotik new version software stops blocking torrents and p2p with the error P2P matcher is obsolete please use layer7 matcher instead - MikroTik

Here are the new and revise configuration steps that will block torrents and p2p traffic from mikrotik router.

/ip firewall layer7-protocol add comment="Block Bit Torrent" name=layer7-bittorrent-exp regexp="^(\\x13bitt\ orrent protocol|azver\\x01\$|get /scrape\\\?info_hash=get /announce\\\?inf\ o_hash=|get /client/bitcomet/|GET /data\\\?fid=)|d1:ad2:id20:|\\x08'7P\\)[\ RP]" /ip firewall filter add action=add-src-to-address-list address-list=Torrent-Conn \ address-list-timeout=2m chain=forward layer7-protocol=\ layer7-bittorrent-exp src-address=192.168.2.0/24 src-address-list=\ !allow-bit add action=drop chain=forward dst-port=\ !0-1024,8291,5900,5800,3389,14147,5222,59905 protocol=tcp \ src-address-list=Torrent-Conn add action=drop chain=forward dst-port=\ !0-1024,8291,5900,5800…

Disabling Mikrotik Hotspot DNS Proxying for Authenticated Users

My wireless ISP (WISP) uses the Mikrotik hotspot feature with RADIUS on the back end to authenticate our users. This implements a captive portal that redirects all DNS requests so that the user is taken to a login page if they’re not logged in. Once they log in once, the system associates their radio with their account, and they don’t have to log in anymore under normal circumstances.
However, once logged in, users still have all their DNS requests proxied through the routers. A lot of users want to use their own DNS (like OpenDNS or Google Public DNS), and that’s fine with me, but a user ran the namebench utility and found that their DNS was being forcibly proxied.
It took some hunting, but I finally found this post on the Mikrotik forums which details how to get around this. Basically:
The hotspot adds dynamic DNS redirect rules. If you go to /ip firewall nat and just print, these rules don’t show up. If you do print dynmic they do. The relevant lines are:

2 D chain=hotspo…