Manual Básico de Configuração HTB

7/23/2019 Manual Bsico de Configurao HTB

1/9

HTB

Hierarchical Token Bucket

Theory

Structure

HTB (Hierarchical Token Bucket) is a classful queuing method that is useful for handling different kind of traffic. We have to

follow three basic steps to create HTB:

Match and mark trafficclassify traffic for further use. Consists of one or more matching parameters to select

packets for the specific class.

Create rules (policy) to mark trafficput specific traffic class into specific queue and to define the actions that are

taken for each class.

Attach policy for specific interface(-s)append policy for all interfaces (global-in, global-out or global-total), for

specific interface or for specific parent queue.

HTB allows to create a hierarchical queue structure and determine relations between queues, like "parent-child" or "child-

child".

As soon as queue has at least one child it becomes a innerqueue, all queues without children - leafqueues. Leafqueues makeactual traffic consumption, Innerqueues are responsible only for traffic distribution. All leafqueues are treated on equal basis.

In RouterOS it is necessary to specify parentoption to assign queue as a child to other queue

Dual Limitation

Each queue in HTB has two rate limits:

CIR(Committed Information Rate) (limit-atin RouterOS) worst case scenario, flow will get this amount of traffic

no matter what (assuming we can actually send so much data) MIR(Maximal Information Rate) (max-limitin RouterOS) best case scenario, rate that flow can get up to, if there

queue's parent has spare bandwidth

In other words, at first limit-at(CIR) of the all queues will be satisfied, only then child queues will try to borrow the necessary

data rate from their parents in order to reach their max-limit(MIR).

Note: CIRwill be assigned to the corresponding queue no matter what. (even if max-limit of the parent is exceeded)

That is why, to ensure optimal (as designed) usage of dual limitation feature, we suggest to stick to these rules:

Sum of committed rates of all children must be less or equal to amount of traffic that is available to parent.

CIR(parent)* CIR(child1) +...+ CIR(childN)

*in case if parent is main parent CIR(parent)=MIR(parent)

Maximal rate of any child must be less or equal to maximal rate of the parent

MIR (parent) MIR(child1) & MIR (parent) MIR(child2) & ... & MIR (parent) MIR(childN)

Queue colors in Winbox:

0% - 50% available traffic used - green

51% - 75% available traffic used - yellow

76% - 100% available traffic used - red

Priority


2/9

We already know that limit-at(CIR) to all queues will be given out no matter what.

Priority is responsible for distribution of remaining parent queues traffic to child queues so that they are able to reach max-

limit

Queue with higher priority will reach its max-limitbefore the queue with lower priority. 8 is the lowest priority, 1 is the

highest.

Make a note that priority only works:

for leafqueues - priority in innerqueue have no meaning.

if max-limitis specified (not 0)

Examples

In this section we will analyze HTB in action. To do that we will take one HTB structure and will try to cover all the possib le

situations and features, by changing the amount of incoming traffic that HTB have to recycle. and changing some options.

Structure

Our HTB structure will consist of 5 queues:

Queue01inner queue with two children - Queue02and Queue03

Queue02inner queue with two children - Queue04and Queue05

Queue03leaf queue

Queue04leaf queue

Queue05leaf queue

Queue03, Queue04and Queue05are clients who require 10Mbps all the time Outgoing interface is able to handle 10Mbps of

traffic.

Example 1 : Usual case

Queue01limit-at=0Mbps max-limit=10Mbps


Queue03limit-at=6Mbps max-limit=10Mbps priority=1


http://wiki.mikrotik.com/wiki/File:HTB_Example1.png


3/9

Result of Example 1

Queue03will receive 6Mbps



Clarification:HTB was build in a way, that, by satisfying all limit-ats, main queue no longer have throughput to

distribute

Example 2 : Usual case with max-limit






Result of Example 2




Clarification:After satisfying all limit-ats HTB will give throughput to queue with highest priority.

Example 3 : Inner queue limit-at





http://wiki.mikrotik.com/wiki/File:HTB_Example3.pnghttp://wiki.mikrotik.com/wiki/File:HTB_Example2.pnghttp://wiki.mikrotik.com/wiki/File:HTB_Example3.pnghttp://wiki.mikrotik.com/wiki/File:HTB_Example2.png


4/9

Result of Example 3




Clarification:After satisfying all limit-ats HTB will give throughput to queue with highest priority. But in this case

innerqueue Queue02had limit-atspecified, by doing so, it reserved 8Mbps of throughput for queues Queue04and

Queue05. From these two Queue04have highest priority, that is why it gets additional throughput.

Example 4 : Leaf queue limit-at






Result of Example 4

Queue03will receive ~3Mbps



Clarification:Only by satisfying all limit-ats HTB was forced to allocate 20Mbps - 6Mbps to Queue03, 2Mbps to

Queue04, 12Mbps to Queue05, but our output interface is able to handle 10Mbps. As output interface queue is

usually FIFO throughput allocation will keep ratio 6:2:12 or 3:1:6
http://wiki.mikrotik.com/wiki/File:HTB_Example4.png


5/9

HTB configuration example

Assume that we want to limit maximum download speed for subnet 10.1.1.0/24 to 2Mbps and distribute this amount of traffic

between the server and workstations using HTB (limit upload to 2Mbps). Since HTB works in one direction and is

implemented on outbound interface, HTB for download will be on ether2 and HTB for upload will be on ether1.
http://wiki.mikrotik.com/wiki/File:Image8009.gifhttp://wiki.mikrotik.com/wiki/File:Image8008.gifhttp://wiki.mikrotik.com/wiki/File:Image8009.gifhttp://wiki.mikrotik.com/wiki/File:Image8008.gif


6/9

The first, we need to classify traffic.

Mark traffic form/to server. The first rule we will mark the outgoing connection from server and with the second one, all

packets, which belong to this connection (download and upload packets for this connection):

/ip firewall mangle> add chain=prerouting src-address=10.1.1.1/32 action=mark-

connection \new-connection-mark=server_con

/ip firewall mangle> add chain=forward connection-mark=server_con action=mark-packet\new-packet-mark=server

Do the same for workstation too. Match all workstation connections, mark it with the same mark (new-connection-

mark=workstation_con) and after that mark all packets which belong to these workstation.

/ip firewall mangle> add chain=prerouting src-address=10.1.1.2action=mark-connection new-connection-mark=workstation_con/ip firewall mangle> add chain=prerouting src-address=10.1.1.3action=mark-connection new-connection-mark=workstation_con/ip firewall mangle> add chain=prerouting src-address=10.1.1.4action=mark-connection new-connection-mark=workstation_con

/ip firewall mangle> add chain='''forward''' connection-mark=workstation_conaction=mark-packet \new-packet-mark=workstations

At the end create /queue treefor upload and download based on figure 8.8 and figure 8.9.

Queue tree for upload limitation is implemented on ether1interface.

;;; Queue_A1 creation/queue tree> add name=Queue_A1 parent='''ether1''' max-limit=2048k

;;; Queue_B1 creation/queue tree> add name=Queue_B1 parent=Queue_A1 max-limit=2048k limit-at=1024k

;;; Queue_C1 creation/queue tree> add name=Queue_C1 parent=Queue_A1 max-limit=2048k limit-at=1024kpriority=7 \packet-mark=server

;;; Queue_D1, Queue_E1 and Queue_F1 creation/queue tree> add name=Queue_D1 parent=Queue_B1 max-limit=2048k limit-at=340k

priority=8 \packet-mark=workstations/queue tree> add name=Queue_E1 parent=Queue_B1 max-limit=2048k limit-at=340k

priority=8 \packet-mark=workstations/queue tree> add name=Queue_F1 parent=Queue_B1 max-limit=2048k limit-at=340k

priority=8 \packet-mark=workstations

Priority value by default is 8 so it is not specified here.

Queue tree for download limitation is implemented on ether2interface.


7/9



;;; Queue_C creation/queue tree> add name=Queue_C2 parent=Queue_A2 max-limit=2048k limit-at=512k

priority=7 \

packet-mark=server

;;; Queue_D2, Queue_E2 and Queue_F2 creation/queue tree> add name=Queue_D2 parent=Queue_B2 max-limit=2048k limit-at=512k

priority=8 \packet-mark=workstations/queue tree> add name=Queue_E2 parent=Queue_B2 max-limit=2048k limit-at=512k

priority=8 \packet-mark=workstations/queue tree> add name=Queue_F2 parent=Queue_B2 max-limit=2048k limit-at=512k

priority=8 \packet-mark=workstations


8/9

O primeiro, preciso classificar o trfego.Marcar forma trfego / para o servidor. A primeira regra que ir marcar a conexo desada a partir do servidor e com a segunda, todos os pacotes que pertencem a estaconexo (download e upload de pacotes para esta conexo):

/ip firewall mangle> add chain=prerouting src-address=10.1.1.1/32 action=mark-connection \new-connection-mark=server_con

/ip firewall mangle> add chain=forward connection-mark=server_con action=mark-packet\new-packet-mark=server

Faa o mesmo para a estao de trabalho tambm. Combinar todas as conexes deestaes de trabalho, marc-lo com a mesma marca (new-connection-mark =workstation_con) e depois que marca todos os pacotes que pertencem a estes estao detrabalho.

/ip firewall mangle> add chain=prerouting src-address=10.1.1.2action=mark-connection new-connection-mark=workstation_con/ip firewall mangle> add chain=prerouting src-address=10.1.1.3action=mark-connection new-connection-mark=workstation_con

/ip firewall mangle> add chain=prerouting src-address=10.1.1.4action=mark-connection new-connection-mark=workstation_con

/ip firewall mangle> add chain='''forward''' connection-mark=workstation_conaction=mark-packet \new-packet-mark=workstations

No final criar rvore / fila para upload e download com base na figura 8.8 e figura8.9.rvore fila para carregar limitao implementado em ether1 interface.


;;; Queue_B1 creation/queue tree> add name=Queue_B1 parent=Queue_A1 max-limit=2048k limit-at=1024k;;; Queue_C1 criao/ rvore fila> add name = Queue_C1 parent = Queue_A1 max-limit = limite-at =prioridade 2048k 1024k = 7 \packet-mark = server

;;; Queue_C1 creation/queue tree> add name=Queue_C1 parent=Queue_A1 max-limit=2048k limit-at=1024kpriority=7 \packet-mark=server

;;; Queue_D1, Queue_E1 and Queue_F1 creation/queue tree> add name=Queue_D1 parent=Queue_B1 max-limit=2048k limit-at=340kpriority=8 \packet-mark=workstations/queue tree> add name=Queue_E1 parent=Queue_B1 max-limit=2048k limit-at=340kpriority=8 \packet-mark=workstations/queue tree> add name=Queue_F1 parent=Queue_B1 max-limit=2048k limit-at=340kpriority=8 \packet-mark=Workstations

Priority value by default is 8 so it is not specified here.

rvore fila para limitao de download implementado em ether2 interface.



9/9


;;; Queue_C creation/queue tree> add name=Queue_C2 parent=Queue_A2 max-limit=2048k limit-at=512kpriority=7 \packet-mark=server

;;; Queue_D2, Queue_E2 and Queue_F2 creation

/queue tree> add name=Queue_D2 parent=Queue_B2 max-limit=2048k limit-at=512kpriority=8 \packet-mark=workstations/queue tree> add name=Queue_E2 parent=Queue_B2 max-limit=2048k limit-at=512kpriority=8 \packet-mark=workstations/queue tree> add name=Queue_F2 parent=Queue_B2 max-limit=2048k limit-at=512kpriority=8 \packet-mark=workstations

queue=default

Manual Básico de Configuração HTB

Documents

Transcript of Manual Básico de Configuração HTB