Categories

Archives

A sample text widget

Etiam pulvinar consectetur dolor sed malesuada. Ut convallis euismod dolor nec pretium. Nunc ut tristique massa.

Nam sodales mi vitae dolor ullamcorper et vulputate enim accumsan. Morbi orci magna, tincidunt vitae molestie nec, molestie at mi. Nulla nulla lorem, suscipit in posuere in, interdum non magna.

«  
  »

Mikrotik – Load Balancer and Failover (and traffic prioritization)

Searching far and wide on the web looking for a solution to my problem (have a mikrotik router that do load balance and failover), I came to the conclusion that a complete solution doesn’t exist.

So I started taking all the scripts and docs found and putting them together…. The result is a working system that actually I use on some location…. Obviously is not  perfect, it needs improvement and better documentation 😉

I share it, so anyone can use it and refine it, please send it back to me or in the mikrotik wiki!

The code is divided in two parts:

  • A script run every X minutes that check wan connections
  • Command that you need to write in terminal of your firewall to make it working

Let’s start from the script, please read it carefully!

Open winbox and go to System->Scripts, create a new one and name it “Failover”, copy this content inside it.

# ——————- header ——————-
# Script improved to check two different hosts and act with PCC Load Balancer
# (Original Script by Tomas Kirnak)
# If you edit this script, please share it with the community!
# Author: Denis Barbazza (denis . barbazza [at] gmail . com)
# VERSION=2.3
# https://www.farlock.org/mikrotik/mikrotik-load-balancer-and-failover-and-traffic-prioritization/
# ChangeLog
# 2.3 – 21/10/16 – Bugfix, when main ISP comes back we close alle the connection on ISP2, not clean but necessary because of some connections not tracked (udp, needs more testing)
# we leave this feature commented out, needs testing.
# we close also connections from outside to lan, sometimes internal initated connection takes this mark, needs testing
# 2.2 – 11/05/16 – If one connection hangs, drop connection on it (udp and tcp), when main connection
# fails or comes back we reset also connections without mark (these because of the default route weight)
# 2.1 – 17/03/16 – Improved ping check based on script made by Gregory Sloop (gregs @ sloop.net)
# 2.0 – 01/03/16 – now we manage also the rule used with PCC load balancer
# 1.5 – 01/12/15 – Check two different hosts, just to be sure
# 1.0.7 – Original Script by Tomas Kirnak (t.kirnak @ atris.sk)

# The script in case of a faulting link increase the default route
# and disable the marking rule based on PCC that it found on mangle/prerouting chain
#
# Use ips for ping target, the script may not work with fqdn
#
# if you want you can disable every marking rule, and not only PCC, simply editing the four line that search for rule to be disabled:
# :foreach i in=[/ip firewall mangle find chain=prerouting && new-connection-mark=$ConnMarkISP1 && (per-connection-classifier).”” != “”] do=\
# and remove the part of PCC value:
# :foreach i in=[/ip firewall mangle find chain=prerouting && new-connection-mark=$ConnMarkISP1 ] do=\
# REMEMBER: you must edit the rule in 4 places (enable/disable ISP1 and enable/diable ISP2)
#
# Search in script rule starting with “### OPTIONAL”, here you can enable or disable some features,
# based on your needs.
#
# For more information and details about
# this script please visit the wiki page at
# http://wiki.mikrotik.com/wiki/Failover_Scripting
# ——————- header ——————-

# ————- start editing here ————-
# Edit the variables below to suit your needs

# Please fill the WAN interface names
:local InterfaceISP1 ISP_1
:local InterfaceISP2 ISP_2

# Please fill the gateway IPs (or interface names in case of PPP)
:local GatewayISP1 10.39.1.14
:local GatewayISP2 172.31.29.1

# Routing mark of each interface
:local RoutingMarkISP1 ISP1_Route
:local RoutingMarkISP2 ISP2_Route

# Connection mark of each interface
:local ConnMarkISP1 to_ISP1
:local ConnMarkISP2 to_ISP2

# Connection mark of each interface, from outside to local network
:local ConnMarkISP1_LAN from_ISP1_to_LAN
:local ConnMarkISP2_LAN from_ISP2_to_LAN

# Please fill the ping check host – currently: resolver1.opendns.com
:local PingTarget1 208.67.222.222
# Second ping check host – currently google secondary DNS
:local PingTarget2 8.8.4.4

# This can be used to make sure that the RTT is above this threshold. Ping replies that take longer than
# this to return will be counted as no reply. Adapt it to your lines
:local PingInterval 500ms;
# How many pings to send for our test
:local PingCount 5;
# Size of the pick packets [Don’t make them too large.]
:local PingSize 28;
# How many pings minimum must we get back to consider the pipe “up” – fewer than this – consider it down.
# This is for the single check! So we send PingCount packet and we must receive at least PingReturnThreshold
# to consider the line up
:local PingReturnThreshold 2;

# Please fill how many times the check can fail before fail-over happens,
# In may case I run the script once every 10 minute, so one is enough
# Or you can run it once a minute so increase it
:local FailTreshold 3

# Define the distance increase of a route when it fails
:local DistanceIncrease 20

# Editing the script after this point may break it
# ————– stop editing here ————–

# Declare the global variables
:global PingFailCountISP1
:global PingFailCountISP2

# This inicializes the PingFailCount variables, in case this is the 1st time the script has ran
:if ([:typeof $PingFailCountISP1] = “nothing”) do={:set PingFailCountISP1 0}
:if ([:typeof $PingFailCountISP2] = “nothing”) do={:set PingFailCountISP2 0}

# These variables will be used to keep results of individual ping attempts
:local PingResult1
:local PingResult2

# Check ISP1
# :set PingResult1 [ping $PingTarget1 count=1 interface=$InterfaceISP1 routing-table=$RoutingMarkISP1]
:set PingResult1 [/ping $PingTarget1 interface=$InterfaceISP1 routing-table=$RoutingMarkISP1 interval=$PingInterval count=$PingCount size=$PingSize];
#:put $PingResult1
# :set PingResult2 [ping $PingTarget2 count=1 interface=$InterfaceISP1 routing-table=$RoutingMarkISP1]
:set PingResult2 [/ping $PingTarget2 interface=$InterfaceISP1 routing-table=$RoutingMarkISP1 interval=$PingInterval count=$PingCount size=$PingSize];
#:put $PingResult2
# If both fails we consider router down
:if (($PingResult1 < $PingReturnThreshold) && ($PingResult2 < $PingReturnThreshold)) do={
:if ($PingFailCountISP1 < ($FailTreshold+2)) do={
:set PingFailCountISP1 ($PingFailCountISP1 + 1)

:if ($PingFailCountISP1 = $FailTreshold) do={
:log warning “ISP1 has a problem en route to $PingTarget1 or $PingTarget2 – increasing distance of routes.”
:foreach i in=[/ip route find gateway=$GatewayISP1 && static && !routing-mark] do=\
# {:log info “Increase distance route $i”}
{/ip route set $i distance=([/ip route get $i distance] + $DistanceIncrease)}
# Disable PCC rules
:foreach i in=[/ip firewall mangle find chain=prerouting && new-connection-mark=$ConnMarkISP1 && (per-connection-classifier).”” != “”] do=\
{/ip firewall mangle disable $i }
### OPTIONAL – Disable all rule, not the only ones regarding PCC
# :foreach i in=[/ip firewall mangle find chain=prerouting && new-connection-mark=$ConnMarkISP1 ] do=\
# {/ip firewall mangle disable $i }

:log warning “Route distance increase finished.”
# close ISP1 connection
foreach i in=[/ip firewall connection find connection-mark=$ConnMarkISP1] do= {/ip firewall connection remove $i }
foreach i in=[/ip firewall connection find connection-mark=$ConnMarkISP1_LAN] do= {/ip firewall connection remove $i }
# close connection without mark
foreach i in=[/ip firewall connection find (connection-mark).”” = “” ] do= {/ip firewall connection remove $i }
:log warning “Closed connection $ConnMarkISP1 , $ConnMarkISP1_LAN and without mark”
}
}
}
# If almost one is ok we consider the line up
:if (($PingResult1 > $PingReturnThreshold) || ($PingResult2 > $PingReturnThreshold)) do={
:if ($PingFailCountISP1 > 0) do={
:set PingFailCountISP1 ($PingFailCountISP1 – 1)

:if ($PingFailCountISP1 = ($FailTreshold -1)) do={
:log warning “ISP1 can reach $PingTarget1 or $PingTarget2 again – bringing back original distance of routes.”
:foreach i in=[/ip route find gateway=$GatewayISP1 && static && !routing-mark] do=\
# {:log info “Decrease distance route $i”}
{/ip route set $i distance=([/ip route get $i distance] – $DistanceIncrease)}
# Reenable PCC rules
:foreach i in=[/ip firewall mangle find chain=prerouting && new-connection-mark=$ConnMarkISP1 && (per-connection-classifier).”” != “”] do=\
{/ip firewall mangle enable $i }
### OPTIONAL – Enable all rule, not the only ones regarding PCC
# :foreach i in=[/ip firewall mangle find chain=prerouting && new-connection-mark=$ConnMarkISP1 ] do=\
# {/ip firewall mangle enable $i }

:log warning “Route distance decrease finished.”
# close connection without mark
foreach i in=[/ip firewall connection find (connection-mark).”” = “” ] do= {/ip firewall connection remove $i }
### OPTIONAL – If you want you can close all the connection on the line 2 to force reconnection on line 1
# foreach i in=[/ip firewall connection find connection-mark=$ConnMarkISP2] do= {/ip firewall connection remove $i }
# foreach i in=[/ip firewall connection find connection-mark=$ConnMarkISP2_LAN] do= {/ip firewall connection remove $i }

:log warning “Closed connection without mark”
}
}
}

# Check ISP2
# :set PingResult1 [ping $PingTarget1 count=1 interface=$InterfaceISP2 routing-table=$RoutingMarkISP2]
:set PingResult1 [/ping $PingTarget1 interface=$InterfaceISP2 routing-table=$RoutingMarkISP2 interval=$PingInterval count=$PingCount size=$PingSize];
#:put $PingResult1
# :set PingResult2 [ping $PingTarget2 count=1 interface=$InterfaceISP2 routing-table=$RoutingMarkISP1]
:set PingResult2 [/ping $PingTarget2 interface=$InterfaceISP2 routing-table=$RoutingMarkISP2 interval=$PingInterval count=$PingCount size=$PingSize];
#:put $PingResult2

:if (($PingResult1 < $PingReturnThreshold) && ($PingResult2 < $PingReturnThreshold)) do={
:if ($PingFailCountISP2 < ($FailTreshold+2)) do={
:set PingFailCountISP2 ($PingFailCountISP2 + 1)

:if ($PingFailCountISP2 = $FailTreshold) do={
:log warning “ISP2 has a problem en route to $PingTarget1 and $PingTarget2 – increasing distance of routes.”
:foreach i in=[/ip route find gateway=$GatewayISP2 && static && !routing-mark] do=\
# {:log info “Increase distance route $i”}
{/ip route set $i distance=([/ip route get $i distance] + $DistanceIncrease)}
# Disable PCC rules
:foreach i in=[/ip firewall mangle find chain=prerouting && new-connection-mark=$ConnMarkISP2 && (per-connection-classifier).”” != “”] do=\
{/ip firewall mangle disable $i }
### OPTIONAL – Disable all rule, not the only ones regarding PCC
# :foreach i in=[/ip firewall mangle find chain=prerouting && new-connection-mark=$ConnMarkISP2 ] do=\
# {/ip firewall mangle disable $i }

:log warning “Route distance increase finished.”
# close ISP2 connection
foreach i in=[/ip firewall connection find connection-mark=$ConnMarkISP2] do= {/ip firewall connection remove $i }
foreach i in=[/ip firewall connection find connection-mark=$ConnMarkISP2_LAN] do= {/ip firewall connection remove $i }
:log warning “Closed connection $ConnMarkISP2 and $ConnMarkISP2_LAN”
### OPTIONAL – Close connection without mark to force reopen, should not be necessary
# foreach i in=[/ip firewall connection find (connection-mark).”” = “” ] do= {/ip firewall connection remove $i }
}
}
}
:if (($PingResult1 > $PingReturnThreshold) || ($PingResult2 > $PingReturnThreshold)) do={
:if ($PingFailCountISP2 > 0) do={
:set PingFailCountISP2 ($PingFailCountISP2 – 1)

:if ($PingFailCountISP2 = ($FailTreshold -1)) do={
:log warning “ISP2 can reach $PingTarget1 or $PingTarget2 again – bringing back original distance of routes.”
:foreach i in=[/ip route find gateway=$GatewayISP2 && static && !routing-mark] do=\
# {:log info “Decrease distance route $i”}
{/ip route set $i distance=([/ip route get $i distance] – $DistanceIncrease)}
# Reenable PCC rules
:foreach i in=[/ip firewall mangle find chain=prerouting && new-connection-mark=$ConnMarkISP2 && (per-connection-classifier).”” != “”] do=\
{/ip firewall mangle enable $i }
### OPTIONAL – Disable all rule, not the only ones regarding PCC
# :foreach i in=[/ip firewall mangle find chain=prerouting && new-connection-mark=$ConnMarkISP2 ] do=\
# {/ip firewall mangle enable $i }

:log warning “Route distance decrease finished.”
}
}
}

Now we will start with all the commands for our Load Balance – Failover, read it carefully! Edit IPs based on your setup! copy text to notepad, edit it and paste commands line by line on terminal.

# ——————- header ——————-
# Author: Denis Barbazza (denis . barbazza [at] gmail . com)
# VERSION=2.3
# https://www.farlock.org/mikrotik/mikrotik-load-balancer-and-failover-and-traffic-prioritization/
# Set of rules to setup a load balancer and failover with mikrotik routeros
#
# Inspired by:
# http://mum.mikrotik.com/presentations/US12/steve.pdf
# https://aacable.wordpress.com/2011/07/27/mikrotik-dual-wan-load-balancing-using-pcc-method-complete-script-by-zaib/
# http://wiki.mikrotik.com/wiki/Failover_Scripting
# http://wiki.mikrotik.com/wiki/Advanced_Routing_Failover_without_Scripting
# http://mum.mikrotik.com/presentations/US12/tomas.pdf
#
# Search in script rule starting with “### OPTIONAL”, here you can enable or disable some features,
# based on your needs.
#
# For more information and details about
# this script please visit the wiki page at
# http://wiki.mikrotik.com/wiki/Failover_Scripting
# ——————- header ——————-

# setup our interfaces and addresses, adapt it to your interfaces
/interface ethernet
set 2 name=LAN comment=eth3
set 0 name=ISP_1 comment=eth1
set 1 name=ISP_2 comment=eth2
/ip address
add address=192.168.88.1/24 interface=LAN
add address=1.1.1.32/24 interface=ISP_1
add address=2.2.2.32/24 interface=ISP_2
# Regole di nat per ciascuna interfaccia verso gli ISP
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ISP_1 comment=”NAT packet going through ISPs”
add action=masquerade chain=srcnat out-interface=ISP_2

# Regole di routing con pesi diversi verso ciascun ISP
/ip route
add gateway=1.1.1.1 distance=10 check-gateway=ping comment=”Route to ISPs”
add gateway=2.2.2.2 distance=20 check-gateway=ping

add gateway=1.1.1.1 routing-mark=ISP1_Route distance=10 comment=”Route for marked connection”
add gateway=2.2.2.2 routing-mark=ISP2_Route distance=10

# Not mark packet sent to direct connected network (physical and VPN)
/ip firewall address-list
add address=1.1.1.1/24 list=Connected comment=”List of direct connected network” # ISP_1
add address=2.2.2.2/24 list=Connected # ISP_2
add address=192.168.w.0/24 list=Connected # VPN
add address=192.168.88.0/24 list=Connected # LAN
add address=192.168.88.0/24 list=LAN

/ip firewall mangle
add chain=prerouting src-address-list=Connected dst-address-list=Connected action=accept comment=”Not mark packet directed to direct connected network”

### OPTIONAL
#############
# ATTENTION!
# Eventually remember to filter the traffic allowed from LAN to other networks!
#############

# Mark packet coming through ISP interfaces and put them in the correct routing tables
/ip firewall mangle
add chain=input connection-mark=no-mark in-interface=ISP_1 action=mark-connection new-connection-mark=from_ISP1 comment=”Mark packet coming through ISP interfaces”
add chain=input connection-mark=no-mark in-interface=ISP_2 action=mark-connection new-connection-mark=from_ISP2
add chain=output connection-mark=from_ISP1 action=mark-routing new-routing-mark=ISP1_Route comment=”Put the outbound reply connection in the correct routing table”
add chain=output connection-mark=from_ISP2 action=mark-routing new-routing-mark=ISP2_Route

# Now we should take care also of the connection from outside to LAN
/ip firewall mangle
add chain=forward connection-mark=no-mark in-interface=ISP_1 action=mark-connection new-connection-mark=from_ISP1_to_LAN comment=”Mark packet coming through ISP interfaces directed to LAN”
add chain=forward connection-mark=no-mark in-interface=ISP_2 action=mark-connection new-connection-mark=from_ISP2_to_LAN
add chain=prerouting connection-mark=from_ISP1_to_LAN src-address-list=LAN action=mark-routing new-routing-mark=ISP1_Route comment=”Put the reply connection from LAN in the correct routing table”
add chain=prerouting connection-mark=from_ISP2_to_LAN src-address-list=LAN action=mark-routing new-routing-mark=ISP2_Route
# Now you can add the script for Failover under menù System->Scripts, name it “Failover”
# and then we add a schedule that launch it every 2 minutes, we set the date and unix epoch, just in
# case the clock isn’t set
/system scheduler add name=”Check_connectivity” interval=2m on-event=Failover start-date=jan/1/1970 start-time=0:0:0

You can choose load balancing based on PCC (http://wiki.mikrotik.com/wiki/Manual:PCC) or Traffic Monitor (http://mum.mikrotik.com/presentations/US12/tomas.pdf).

If you prefer PCC:

#########################################################################################
# PCC

# With PCC you must take care of bandwidth and number of WAN available, example:
# – Two equal WAN: we need two PCC mangle rule, one with :2/1 mark for ISP1 and the other with :2/0 mark for ISP2
# – Three equal WAN: three rule, :3/0 mark for ISP1 – :3/1 mark for ISP2 – :3/2 mark for ISP3
# – Two disequal wan, first twice bandwidth of the seconf: three rule, :3/0 mark for ISP1 – :3/1 mark for ISP1 – :3/2 mark for ISP2
# As you can see we need to balance the traffic with PCC rule, more powerful WANs need more rules 😉

/ip firewall mangle
add chain=prerouting action=mark-connection connection-mark=no-mark connection-state=new dst-address-type=!local \
src-address-list=LAN new-connection-mark=to_ISP1 passthrough=yes per-connection-classifier=both-addresses:2/0 comment=”Doing PCC Balancing here”
add chain=prerouting action=mark-connection connection-mark=no-mark connection-state=new dst-address-type=!local \
src-address-list=LAN new-connection-mark=to_ISP2 passthrough=yes per-connection-classifier=both-addresses:2/1

# If we want to balance also traffice generated from the mikrotik itself, actually nothing can be do 😉 it’s in the TODO list…

# Now choose the right route based on connection mark
/ip firewall mangle
add chain=prerouting action=mark-routing connection-mark=to_ISP1 src-address-list=LAN new-routing-mark=ISP1_Route comment=”Mark balanced connection to the right routing table”
add chain=prerouting action=mark-routing connection-mark=to_ISP2 src-address-list=LAN new-routing-mark=ISP2_Route

### OPTIONAL
# If we use hotspot and we need balancing
# /ip firewall nat add action=accept chain=pre-hotspot disabled=no dst-address-type=!local hotspot=auth comment=”Rule for Hotspot and PCC”
# Questa regola va testata….
# Invece modificando le regole di PCC aggiungendo hotspot=auth tutto funziona correttamente:
#/ip firewall mangle
#add action=mark-connection chain=prerouting comment=”Doing PCC Balancing here” connection-mark=no-mark connection-state=new dst-address-type=\
# !local hotspot=auth new-connection-mark=to_ISP1 per-connection-classifier=dst-address:2/0 src-address-list=LAN
#add action=mark-connection chain=prerouting connection-mark=no-mark connection-state=new dst-address-type=!local hotspot=auth \
# new-connection-mark=to_ISP2 per-connection-classifier=dst-address:2/1 src-address-list=LAN

#########################################################################################

Or if you prefer Traffic Monitor:

#########################################################################################
# Automated based on bandwidth, switched by Traffic Monitor (thanks to Tomas Kirnak – t.kirnak @ atris.sk)
# Now start marking connection and routing
/ip firewall mangle
add chain=prerouting connection-mark=no-mark src-address-list=LAN dst-address-list=!Connected dst-address-type=!local \
action=mark-connection new-connection-mark=from_LAN_to_WAN comment=”Mark connection for Load Balancing”
add chain=prerouting connection-mark=from_LAN_to_WAN src-address-list=LAN action=mark-routing new-routing-mark=ISP1_Route comment=”Load-Balancing here”

# Now we MUST assure that a connection routed to ISP will always stay there
/ip firewall mangle
add chain=prerouting connection-mark=from_LAN_to_WAN routing-mark=ISP1_Route action=mark-connection new-connection-mark=Sticky_ISP1 comment=”Mark connections as sticky”
add chain=prerouting connection-mark=from_LAN_to_WAN routing-mark=ISP2_Route action=mark-connection new-connection-mark=Sticky_ISP2
add chain=prerouting connection-mark=Sticky_ISP1 src-address-list=LAN action=mark-routing new-routing-mark=ISP1_Route comment=”sticky connections will always go out through same ISP”
add chain=prerouting connection-mark=Sticky_ISP2 src-address-list=LAN action=mark-routing new-routing-mark=ISP2_Route

# Setup Traffic Monitor
/tool traffic-monitor
add interface=ISP_1 name=LB_ISP1_above trigger=above on-event=”:log debug \”Load-Balance Debug: ISP\
1 overloaded, switching to ISP2\”;\r\
\n/ip firewall mangle set [find comment=\”Load-Balancing here\”] new-routing-mark=ISP2_Route” \
threshold=5242880 traffic=received comment=”When ISP1 reaches 5mbit/s switch to ISP2″
add interface=ISP_1 name=LB_ISP1_below trigger=below on-event=”:log debug \”Load-Balance Debug: ISP\
1 back to normal\”;\r\
\n/ip firewall mangle set [find comment=\”Load-Balancing here\”] new-routing-mark=ISP1_Route” \
threshold=5242880 traffic=received comment=”And on less traffic go back again to ISP1″
##############################################################################################

Choose one of the two 😉

And, the end, if you want icing on cake we can prioritize traffic based on its type and contents:

###################################################################################
# Traffic Prioritization – thanks to Rick Frey – support @ rickfreyconsulting.com
# some modification to original script to work correctly with HTTPS traffic
# To act with layer 7 traffic check original script on http://rickfreyconsulting.com

/ip firewall mangle
add chain=output comment=”Section Break – Input prioritize rules” disabled=yes
add action=change-dscp chain=input comment=”DSCP – 7 – Winbox Port 8291 (Local Management)” dst-port=8291 new-dscp=7 protocol=tcp
############################################################################################################################
#### This section sets priorities for tunneling methods used by the hosts on your LAN. ####
############################################################################################################################

/ip firewall mangle
add chain=output comment=”Section Break – VPN” disabled=yes
add action=change-dscp chain=forward comment=”DSCP – 5 – PPTP Port 1723 (LAN Traffic)” new-dscp=5 port=1723 protocol=tcp
add action=change-dscp chain=forward comment=”DSCP – 5 – GRE Protocol (LAN Traffic)” new-dscp=5 protocol=gre
add action=change-dscp chain=forward comment=”DSCP – 5 – L2TP UDP Port 500 (LAN Traffic)” new-dscp=5 port=500 protocol=udp
add action=change-dscp chain=forward comment=”DSCP – 5 – L2TP UDP Port 1701 (LAN Traffic)” new-dscp=5 port=1701 protocol=udp
add action=change-dscp chain=forward comment=”DSCP – 5 – L2TP UDP Port 4500 (LAN Traffic)” new-dscp=5 port=4500 protocol=udp
add action=change-dscp chain=forward comment=”DSCP – 5 – OVPN TCP Port 1194 (LAN Traffic)” new-dscp=5 port=1194 protocol=tcp
############################################################################################################################
#### This section sets priorities for VOIP Traffic ####
############################################################################################################################

add chain=output comment=”Section Break – Voip” disabled=yes
add action=change-dscp chain=postrouting comment=”DSCP – 7 – VOIP” disabled=no new-dscp=7 passthrough=yes port=1167,1719,1720,8010 protocol=udp
add action=change-dscp chain=postrouting comment=”DSCP – 7 – VOIP” disabled=no new-dscp=7 passthrough=yes port=1719,1720,8008,8009 protocol=tcp
add action=change-dscp chain=postrouting comment=”DSCP – 7 – SIP” disabled=no new-dscp=7 passthrough=yes port=5060,5061 protocol=tcp
add action=change-dscp chain=postrouting comment=”DSCP – 7 – SIP” disabled=no new-dscp=7 passthrough=yes port=5060,5061 protocol=udp
add action=change-dscp chain=postrouting comment=”DSCP – 7 – SIP 5004″ disabled=no new-dscp=7 passthrough=yes port=5004 protocol=udp
add action=set-priority chain=postrouting comment=”Priority – 7 – Ventrilo VOIP” new-priority=7 port=3784 protocol=tcp
add action=set-priority chain=postrouting comment=”Priority – 7 – Ventrilo VOIP” new-priority=7 port=3784,3785 protocol=udp
add action=set-priority chain=postrouting comment=”Priority – 7 – Windows Live Messenger Voice” new-priority=7 port=6901 protocol=tcp
add action=set-priority chain=postrouting comment=”Priority – 7 – Windows Live Messenger Voice” new-priority=7 port=6901 protocol=udp
############################################################################################################################
#### This section sets priorities for normal LAN Traffic ####
############################################################################################################################

add chain=output comment=”Section Break – Normal traffic” disabled=yes
add action=set-priority chain=prerouting comment=”Priority – 6 – SSH” disabled=no new-priority=6 passthrough=yes port=22 protocol=tcp
add action=set-priority chain=prerouting comment=”Priority – 6 – Telnet” disabled=no new-priority=6 passthrough=yes port=23 protocol=tcp
add action=set-priority chain=prerouting comment=”Priority – 6 – ICMP” disabled=no new-priority=6 passthrough=yes protocol=icmp
add action=set-priority chain=prerouting comment=”Priority – 6 – TCP DNS Requests” disabled=no new-priority=6 passthrough=yes port=53 protocol=tcp
add action=set-priority chain=prerouting comment=”Priority – 6 – UDP DNS & mDNS Requests” disabled=no new-priority=6 passthrough=yes port=53,5353 protocol=udp

add action=set-priority chain=prerouting comment=”Priority – 3 – HTTP Requests” connection-bytes=0-2000000 disabled=no dst-port=80 new-priority=3 passthrough=yes protocol=tcp
add action=set-priority chain=prerouting comment=”Priority – 3 – HTTPS Requests” connection-bytes=0-2000000 disabled=no dst-port=443 new-priority=3 passthrough=yes protocol=tcp
add action=set-priority chain=prerouting comment=”Priority – 4 – ICQ” disabled=no new-priority=5 passthrough=yes port=5190 protocol=tcp
add action=set-priority chain=prerouting comment=”Priority – 4 – Yahoo IM” disabled=no new-priority=5 passthrough=yes port=5050 protocol=tcp

add action=set-priority chain=prerouting comment=”Priority – 4 – AOL, IRC” disabled=no new-priority=4 passthrough=yes port=531,5190,6660-6669,6679,6697 protocol=tcp
add action=set-priority chain=prerouting comment=”Priority – 4 – AOL, IRC” disabled=no new-priority=4 passthrough=yes port=531 protocol=udp
add action=set-priority chain=prerouting comment=”Priority – 4 – Time” disabled=no new-priority=4 passthrough=yes port=37 protocol=tcp
add action=set-priority chain=prerouting comment=”Priority – 4 – Time” disabled=no new-priority=4 passthrough=yes port=37,123 protocol=udp

add action=set-priority chain=prerouting comment=”Priority – 0 – SFTP” disabled=no dst-port=22 new-priority=0 packet-size=1400-1500 passthrough=yes protocol=tcp
add action=set-priority chain=prerouting comment=”Priority – 0 – FTP” disabled=no dst-port=20,21 new-priority=0 packet-size=1400-1500 passthrough=yes protocol=tcp
add action=set-priority chain=prerouting comment=”Priority – 0 – HTTP Downloads” connection-bytes=2000000-0 disabled=no new-priority=0 passthrough=yes port=80 protocol=tcp
add action=set-priority chain=prerouting comment=”Priority – 0 – HTTPS Downloads” connection-bytes=2000000-0 disabled=no new-priority=0 passthrough=yes port=443 protocol=tcp
add action=set-priority chain=prerouting comment=”Priority – 0 – Mail Services” disabled=no port=110,995,143,993,25,57,109,465,587 new-priority=0 passthrough=yes protocol=tcp
add action=set-priority chain=prerouting comment=”Priority – 0 – SNMP” disabled=no new-priority=0 passthrough=yes port=161,162 protocol=udp
add action=set-priority chain=prerouting comment=”Priority – 0 – SNMP” disabled=no new-priority=0 passthrough=yes port=162 protocol=tcp
add action=set-priority chain=prerouting comment=”Priority – 0 – IMAP, IMAPS” disabled=no new-priority=0 passthrough=yes port=220,993 protocol=tcp
add action=set-priority chain=prerouting comment=”Priority – 0 – IMAP” disabled=no new-priority=0 passthrough=yes port=220 protocol=udp
add action=set-priority chain=prerouting comment=”Priority – 0 – Doom FPS” disabled=no new-priority=0 passthrough=yes port=666 protocol=udp
add action=set-priority chain=prerouting comment=”Priority – 0 – America’s Army MMO” disabled=no new-priority=0 passthrough=yes port=1716 protocol=tcp
add action=set-priority chain=prerouting comment=”Priority – 0 – Civilization MMO” disabled=no new-priority=0 passthrough=yes port=2056 protocol=udp
add action=set-priority chain=prerouting comment=”Priority – 0 – Halo: Combat Evolved MMO” disabled=no new-priority=0 passthrough=yes port=2302 protocol=udp
add action=set-priority chain=prerouting comment=”Priority – 0 – Dark Ages” disabled=no port=2610 protocol=tcp
add action=set-priority chain=prerouting comment=”Priority – 0 – Xbox Live” disabled=no new-priority=0 passthrough=yes port=3074 protocol=tcp
add action=set-priority chain=prerouting comment=”Priority – 0 – Xbox Live” disabled=no new-priority=0 passthrough=yes port=3074 protocol=udp
add action=set-priority chain=prerouting comment=”Priority – 0 – Blizzard Games Online” disabled=no new-priority=0 passthrough=yes port=3723,6112 protocol=tcp
add action=set-priority chain=prerouting comment=”Priority – 0 – Blizzard Games Online” disabled=no new-priority=0 passthrough=yes port=3723 protocol=udp
add action=set-priority chain=prerouting comment=”Priority – 0 – WoW MMO” disabled=no new-priority=0 passthrough=yes port=3724 protocol=tcp
add action=set-priority chain=prerouting comment=”Priority – 0 – WoW MMO” disabled=no new-priority=0 passthrough=yes port=3724 protocol=udp
add action=set-priority chain=prerouting comment=”Priority – 0 – Club Penguin Disney Online” disabled=no new-priority=0 passthrough=yes port=3724,6112,6113,9875 protocol=tcp
add action=set-priority chain=prerouting comment=”Priority – 0 – Diablo II” disabled=no new-priority=0 passthrough=yes port=4000 protocol=tcp
add action=set-priority chain=prerouting comment=”Priority – 0 – Diablo II” disabled=no new-priority=0 passthrough=yes port=4000 protocol=udp
add action=set-priority chain=prerouting comment=”Priority – 0 – Microsoft Ants MMO” disabled=no new-priority=0 passthrough=yes port=4001 protocol=tcp
add action=set-priority chain=prerouting comment=”Priority – 0 – Google Desktop” disabled=no new-priority=0 passthrough=yes port=4664 protocol=tcp
add action=set-priority chain=prerouting comment=”Priority – 0 – BZFlag” disabled=no new-priority=0 passthrough=yes port=5154 protocol=tcp
add action=set-priority chain=prerouting comment=”Priority – 0 – BZFlag” disabled=no new-priority=0 passthrough=yes port=5154 protocol=udp
add action=set-priority chain=prerouting comment=”Priority – 0 – Freeciv MMO” disabled=no new-priority=0 passthrough=yes port=5556 protocol=tcp
add action=set-priority chain=prerouting comment=”Priority – 0 – Freeciv MMO” disabled=no new-priority=0 passthrough=yes port=5556 protocol=udp
add action=set-priority chain=prerouting comment=”Priority – 0 – Windows Live Messenger File Transfer” disabled=no new-priority=0 passthrough=yes port=6891-6900 protocol=udp
add action=set-priority chain=prerouting comment=”Priority – 0 – Enemy Territory: Quake Wars” disabled=no new-priority=0 passthrough=yes port=7133 protocol=tcp
add action=set-priority chain=prerouting comment=”Priority – 0 – Teamspeak” disabled=no new-priority=0 passthrough=yes port=8767-8768 protocol=udp
add action=set-priority chain=prerouting comment=”Priority – 0 – Teamspeak” disabled=no new-priority=0 passthrough=yes port=9987 protocol=tcp
add action=set-priority chain=prerouting comment=”Priority – 0 – Earthland Relams 2″ disabled=no new-priority=0 passthrough=yes port=8888-8889 protocol=tcp
add action=set-priority chain=prerouting comment=”Priority – 0 – Sony Playstation” disabled=no new-priority=0 passthrough=yes port=9293 protocol=tcp
add action=set-priority chain=prerouting comment=”Priority – 0 – Battlefield 1942 MMO” disabled=no new-priority=0 passthrough=yes port=14567 protocol=udp
add action=set-priority chain=prerouting comment=”Priority – 0 – Battlefield Vietnam” disabled=no new-priority=0 passthrough=yes port=15567 protocol=udp
add action=set-priority chain=prerouting comment=”Priority – 0 – Battlefield 2″ disabled=no new-priority=0 passthrough=yes port=16567 protocol=udp
add action=set-priority chain=prerouting comment=”Priority – 0 – Quake” disabled=no new-priority=0 passthrough=yes port=26000 protocol=tcp
add action=set-priority chain=prerouting comment=”Priority – 0 – Quake” disabled=no new-priority=0 passthrough=yes port=26000,27901,27960 protocol=udp
add action=set-priority chain=prerouting comment=”Priority – 0 – Call of Duty” disabled=no new-priority=0 passthrough=yes port=28960 protocol=udp
add chain=output comment=”Section Break” disabled=yes

#########################################
#### VOIP ####
#########################################

/ip firewall layer7-protocol
add name=sip regexp=\
“^(invite|register|cancel) sip[\t-\r -~]*sip/[0-2]\\.[0-9]”
add name=h323 regexp=\
“^\03..\?\08…\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?\05″
add name=skypeout regexp=”^(\01.\?.\?.\?.\?.\?.\?.\?.\?\01|\02.\?.\?.\?.\?.\?.\
\?.\?.\?\02|\03.\?.\?.\?.\?.\?.\?.\?.\?\03|\04.\?.\?.\?.\?.\?.\?.\?.\?\04|\
\05.\?.\?.\?.\?.\?.\?.\?.\?\05|\06.\?.\?.\?.\?.\?.\?.\?.\?\06|\07.\?.\?.\?\
.\?.\?.\?.\?.\?\07|\08.\?.\?.\?.\?.\?.\?.\?.\?\08|\t.\?.\?.\?.\?.\?.\?.\?.\
\?\t|\
\n.\?.\?.\?.\?.\?.\?.\?.\?\
\n|\0B.\?.\?.\?.\?.\?.\?.\?.\?\0B|\0C.\?.\?.\?.\?.\?.\?.\?.\?\0C|\r.\?.\?.\
\?.\?.\?.\?.\?.\?\r|\0E.\?.\?.\?.\?.\?.\?.\?.\?\0E|\0F.\?.\?.\?.\?.\?.\?.\
\?.\?\0F|\10.\?.\?.\?.\?.\?.\?.\?.\?\10|\11.\?.\?.\?.\?.\?.\?.\?.\?\11|\12\
.\?.\?.\?.\?.\?.\?.\?.\?\12|\13.\?.\?.\?.\?.\?.\?.\?.\?\13|\14.\?.\?.\?.\?\
.\?.\?.\?.\?\14|\15.\?.\?.\?.\?.\?.\?.\?.\?\15|\16.\?.\?.\?.\?.\?.\?.\?.\?\
\16|\17.\?.\?.\?.\?.\?.\?.\?.\?\17|\18.\?.\?.\?.\?.\?.\?.\?.\?\18|\19.\?.\
\?.\?.\?.\?.\?.\?.\?\19|\1A.\?.\?.\?.\?.\?.\?.\?.\?\1A|\1B.\?.\?.\?.\?.\?.\
\?.\?.\?\1B|\1C.\?.\?.\?.\?.\?.\?.\?.\?\1C|\1D.\?.\?.\?.\?.\?.\?.\?.\?\1D|\
\1E.\?.\?.\?.\?.\?.\?.\?.\?\1E|\1F.\?.\?.\?.\?.\?.\?.\?.\?\1F| .\?.\?.\?.\
\?.\?.\?.\?.\? |!.\?.\?.\?.\?.\?.\?.\?.\?!|\”.\?.\?.\?.\?.\?.\?.\?.\?\”|#.\
\?.\?.\?.\?.\?.\?.\?.\?#|\\\$.\?.\?.\?.\?.\?.\?.\?.\?\\\$|%.\?.\?.\?.\?.\?\
.\?.\?.\?%|&.\?.\?.\?.\?.\?.\?.\?.\?&|’.\?.\?.\?.\?.\?.\?.\?.\?’|\\(.\?.\?\
.\?.\?.\?.\?.\?.\?\\(|\\).\?.\?.\?.\?.\?.\?.\?.\?\\)|\\*.\?.\?.\?.\?.\?.\?\
.\?.\?\\*|\\+.\?.\?.\?.\?.\?.\?.\?.\?\\+|,.\?.\?.\?.\?.\?.\?.\?.\?,|-.\?.\
\?.\?.\?.\?.\?.\?.\?-|\\..\?.\?.\?.\?.\?.\?.\?.\?\\.|/.\?.\?.\?.\?.\?.\?.\
\?.\?/|0.\?.\?.\?.\?.\?.\?.\?.\?0|1.\?.\?.\?.\?.\?.\?.\?.\?1|2.\?.\?.\?.\?\
.\?.\?.\?.\?2|3.\?.\?.\?.\?.\?.\?.\?.\?3|4.\?.\?.\?.\?.\?.\?.\?.\?4|5.\?.\
\?.\?.\?.\?.\?.\?.\?5|6.\?.\?.\?.\?.\?.\?.\?.\?6|7.\?.\?.\?.\?.\?.\?.\?.\?\
7|8.\?.\?.\?.\?.\?.\?.\?.\?8|9.\?.\?.\?.\?.\?.\?.\?.\?9|:.\?.\?.\?.\?.\?.\
\?.\?.\?:|;.\?.\?.\?.\?.\?.\?.\?.\?;|<.\?.\?.\?.\?.\?.\?.\?.\?<|=.\?.\?.\?\
.\?.\?.\?.\?.\?=|>.\?.\?.\?.\?.\?.\?.\?.\?>|\\\?.\?.\?.\?.\?.\?.\?.\?.\?\\\
\?|@.\?.\?.\?.\?.\?.\?.\?.\?@|A.\?.\?.\?.\?.\?.\?.\?.\?A|B.\?.\?.\?.\?.\?.\
\?.\?.\?B|C.\?.\?.\?.\?.\?.\?.\?.\?C|D.\?.\?.\?.\?.\?.\?.\?.\?D|E.\?.\?.\?\
.\?.\?.\?.\?.\?E|F.\?.\?.\?.\?.\?.\?.\?.\?F|G.\?.\?.\?.\?.\?.\?.\?.\?G|H.\
\?.\?.\?.\?.\?.\?.\?.\?H|I.\?.\?.\?.\?.\?.\?.\?.\?I|J.\?.\?.\?.\?.\?.\?.\?\
.\?J|K.\?.\?.\?.\?.\?.\?.\?.\?K|L.\?.\?.\?.\?.\?.\?.\?.\?L|M.\?.\?.\?.\?.\
\?.\?.\?.\?M|N.\?.\?.\?.\?.\?.\?.\?.\?N|O.\?.\?.\?.\?.\?.\?.\?.\?O|P.\?.\?\
.\?.\?.\?.\?.\?.\?P|Q.\?.\?.\?.\?.\?.\?.\?.\?Q|R.\?.\?.\?.\?.\?.\?.\?.\?R|\
S.\?.\?.\?.\?.\?.\?.\?.\?S|T.\?.\?.\?.\?.\?.\?.\?.\?T|U.\?.\?.\?.\?.\?.\?.\
\?.\?U|V.\?.\?.\?.\?.\?.\?.\?.\?V|W.\?.\?.\?.\?.\?.\?.\?.\?W|X.\?.\?.\?.\?\
.\?.\?.\?.\?X|Y.\?.\?.\?.\?.\?.\?.\?.\?Y|Z.\?.\?.\?.\?.\?.\?.\?.\?Z|\\[.\?\
.\?.\?.\?.\?.\?.\?.\?\\[|\\].\?.\?.\?.\?.\?.\?.\?.\?\\]|\\].\?.\?.\?.\?.\?\
.\?.\?.\?\\]|\\^.\?.\?.\?.\?.\?.\?.\?.\?\\^|_.\?.\?.\?.\?.\?.\?.\?.\?_|`.\
\?.\?.\?.\?.\?.\?.\?.\?`|a.\?.\?.\?.\?.\?.\?.\?.\?a|b.\?.\?.\?.\?.\?.\?.\?\
.\?b|c.\?.\?.\?.\?.\?.\?.\?.\?c|d.\?.\?.\?.\?.\?.\?.\?.\?d|e.\?.\?.\?.\?.\
\?.\?.\?.\?e|f.\?.\?.\?.\?.\?.\?.\?.\?f|g.\?.\?.\?.\?.\?.\?.\?.\?g|h.\?.\?\
.\?.\?.\?.\?.\?.\?h|i.\?.\?.\?.\?.\?.\?.\?.\?i|j.\?.\?.\?.\?.\?.\?.\?.\?j|\
k.\?.\?.\?.\?.\?.\?.\?.\?k|l.\?.\?.\?.\?.\?.\?.\?.\?l|m.\?.\?.\?.\?.\?.\?.\
\?.\?m|n.\?.\?.\?.\?.\?.\?.\?.\?n|o.\?.\?.\?.\?.\?.\?.\?.\?o|p.\?.\?.\?.\?\
.\?.\?.\?.\?p|q.\?.\?.\?.\?.\?.\?.\?.\?q|r.\?.\?.\?.\?.\?.\?.\?.\?r|s.\?.\
\?.\?.\?.\?.\?.\?.\?s|t.\?.\?.\?.\?.\?.\?.\?.\?t|u.\?.\?.\?.\?.\?.\?.\?.\?\
u|v.\?.\?.\?.\?.\?.\?.\?.\?v|w.\?.\?.\?.\?.\?.\?.\?.\?w|x.\?.\?.\?.\?.\?.\
\?.\?.\?x|y.\?.\?.\?.\?.\?.\?.\?.\?y|z.\?.\?.\?.\?.\?.\?.\?.\?z|\\{.\?.\?.\
\?.\?.\?.\?.\?.\?\\{|\\|.\?.\?.\?.\?.\?.\?.\?.\?\\||\\}.\?.\?.\?.\?.\?.\?.\
\?.\?\\}|~.\?.\?.\?.\?.\?.\?.\?.\?~|\7F.\?.\?.\?.\?.\?.\?.\?.\?\7F|\80.\?.\
\?.\?.\?.\?.\?.\?.\?\80|\81.\?.\?.\?.\?.\?.\?.\?.\?\81|\82.\?.\?.\?.\?.\?.\
\?.\?.\?\82|\83.\?.\?.\?.\?.\?.\?.\?.\?\83|\84.\?.\?.\?.\?.\?.\?.\?.\?\84|\
\85.\?.\?.\?.\?.\?.\?.\?.\?\85|\86.\?.\?.\?.\?.\?.\?.\?.\?\86|\87.\?.\?.\?\
.\?.\?.\?.\?.\?\87|\88.\?.\?.\?.\?.\?.\?.\?.\?\88|\89.\?.\?.\?.\?.\?.\?.\?\
.\?\89|\8A.\?.\?.\?.\?.\?.\?.\?.\?\8A|\8B.\?.\?.\?.\?.\?.\?.\?.\?\8B|\8C.\
\?.\?.\?.\?.\?.\?.\?.\?\8C|\8D.\?.\?.\?.\?.\?.\?.\?.\?\8D|\8E.\?.\?.\?.\?.\
\?.\?.\?.\?\8E|\8F.\?.\?.\?.\?.\?.\?.\?.\?\8F|\90.\?.\?.\?.\?.\?.\?.\?.\?\
\90|\91.\?.\?.\?.\?.\?.\?.\?.\?\91|\92.\?.\?.\?.\?.\?.\?.\?.\?\92|\93.\?.\
\?.\?.\?.\?.\?.\?.\?\93|\94.\?.\?.\?.\?.\?.\?.\?.\?\94|\95.\?.\?.\?.\?.\?.\
\?.\?.\?\95|\96.\?.\?.\?.\?.\?.\?.\?.\?\96|\97.\?.\?.\?.\?.\?.\?.\?.\?\97|\
\98.\?.\?.\?.\?.\?.\?.\?.\?\98|\99.\?.\?.\?.\?.\?.\?.\?.\?\99|\9A.\?.\?.\?\
.\?.\?.\?.\?.\?\9A|\9B.\?.\?.\?.\?.\?.\?.\?.\?\9B|\9C.\?.\?.\?.\?.\?.\?.\?\
.\?\9C|\9D.\?.\?.\?.\?.\?.\?.\?.\?\9D|\9E.\?.\?.\?.\?.\?.\?.\?.\?\9E|\9F.\
\?.\?.\?.\?.\?.\?.\?.\?\9F|\A0.\?.\?.\?.\?.\?.\?.\?.\?\A0|\A1.\?.\?.\?.\?.\
\?.\?.\?.\?\A1|\A2.\?.\?.\?.\?.\?.\?.\?.\?\A2|\A3.\?.\?.\?.\?.\?.\?.\?.\?\
\A3|\A4.\?.\?.\?.\?.\?.\?.\?.\?\A4|\A5.\?.\?.\?.\?.\?.\?.\?.\?\A5|\A6.\?.\
\?.\?.\?.\?.\?.\?.\?\A6|\A7.\?.\?.\?.\?.\?.\?.\?.\?\A7|\A8.\?.\?.\?.\?.\?.\
\?.\?.\?\A8|\A9.\?.\?.\?.\?.\?.\?.\?.\?\A9|\AA.\?.\?.\?.\?.\?.\?.\?.\?\AA|\
\AB.\?.\?.\?.\?.\?.\?.\?.\?\AB|\AC.\?.\?.\?.\?.\?.\?.\?.\?\AC|\AD.\?.\?.\?\
.\?.\?.\?.\?.\?\AD|\AE.\?.\?.\?.\?.\?.\?.\?.\?\AE|\AF.\?.\?.\?.\?.\?.\?.\?\
.\?\AF|\B0.\?.\?.\?.\?.\?.\?.\?.\?\B0|\B1.\?.\?.\?.\?.\?.\?.\?.\?\B1|\B2.\
\?.\?.\?.\?.\?.\?.\?.\?\B2|\B3.\?.\?.\?.\?.\?.\?.\?.\?\B3|\B4.\?.\?.\?.\?.\
\?.\?.\?.\?\B4|\B5.\?.\?.\?.\?.\?.\?.\?.\?\B5|\B6.\?.\?.\?.\?.\?.\?.\?.\?\
\B6|\B7.\?.\?.\?.\?.\?.\?.\?.\?\B7|\B8.\?.\?.\?.\?.\?.\?.\?.\?\B8|\B9.\?.\
\?.\?.\?.\?.\?.\?.\?\B9|\BA.\?.\?.\?.\?.\?.\?.\?.\?\BA|\BB.\?.\?.\?.\?.\?.\
\?.\?.\?\BB|\BC.\?.\?.\?.\?.\?.\?.\?.\?\BC|\BD.\?.\?.\?.\?.\?.\?.\?.\?\BD|\
\BE.\?.\?.\?.\?.\?.\?.\?.\?\BE|\BF.\?.\?.\?.\?.\?.\?.\?.\?\BF|\C0.\?.\?.\?\
.\?.\?.\?.\?.\?\C0|\C1.\?.\?.\?.\?.\?.\?.\?.\?\C1|\C2.\?.\?.\?.\?.\?.\?.\?\
.\?\C2|\C3.\?.\?.\?.\?.\?.\?.\?.\?\C3|\C4.\?.\?.\?.\?.\?.\?.\?.\?\C4|\C5.\
\?.\?.\?.\?.\?.\?.\?.\?\C5|\C6.\?.\?.\?.\?.\?.\?.\?.\?\C6|\C7.\?.\?.\?.\?.\
\?.\?.\?.\?\C7|\C8.\?.\?.\?.\?.\?.\?.\?.\?\C8|\C9.\?.\?.\?.\?.\?.\?.\?.\?\
\C9|\CA.\?.\?.\?.\?.\?.\?.\?.\?\CA|\CB.\?.\?.\?.\?.\?.\?.\?.\?\CB|\CC.\?.\
\?.\?.\?.\?.\?.\?.\?\CC|\CD.\?.\?.\?.\?.\?.\?.\?.\?\CD|\CE.\?.\?.\?.\?.\?.\
\?.\?.\?\CE|\CF.\?.\?.\?.\?.\?.\?.\?.\?\CF|\D0.\?.\?.\?.\?.\?.\?.\?.\?\D0|\
\D1.\?.\?.\?.\?.\?.\?.\?.\?\D1|\D2.\?.\?.\?.\?.\?.\?.\?.\?\D2|\D3.\?.\?.\?\
.\?.\?.\?.\?.\?\D3|\D4.\?.\?.\?.\?.\?.\?.\?.\?\D4|\D5.\?.\?.\?.\?.\?.\?.\?\
.\?\D5|\D6.\?.\?.\?.\?.\?.\?.\?.\?\D6|\D7.\?.\?.\?.\?.\?.\?.\?.\?\D7|\D8.\
\?.\?.\?.\?.\?.\?.\?.\?\D8|\D9.\?.\?.\?.\?.\?.\?.\?.\?\D9|\DA.\?.\?.\?.\?.\
\?.\?.\?.\?\DA|\DB.\?.\?.\?.\?.\?.\?.\?.\?\DB|\DC.\?.\?.\?.\?.\?.\?.\?.\?\
\DC|\DD.\?.\?.\?.\?.\?.\?.\?.\?\DD|\DE.\?.\?.\?.\?.\?.\?.\?.\?\DE|\DF.\?.\
\?.\?.\?.\?.\?.\?.\?\DF|\E0.\?.\?.\?.\?.\?.\?.\?.\?\E0|\E1.\?.\?.\?.\?.\?.\
\?.\?.\?\E1|\E2.\?.\?.\?.\?.\?.\?.\?.\?\E2|\E3.\?.\?.\?.\?.\?.\?.\?.\?\E3|\
\E4.\?.\?.\?.\?.\?.\?.\?.\?\E4|\E5.\?.\?.\?.\?.\?.\?.\?.\?\E5|\E6.\?.\?.\?\
.\?.\?.\?.\?.\?\E6|\E7.\?.\?.\?.\?.\?.\?.\?.\?\E7|\E8.\?.\?.\?.\?.\?.\?.\?\
.\?\E8|\E9.\?.\?.\?.\?.\?.\?.\?.\?\E9|\EA.\?.\?.\?.\?.\?.\?.\?.\?\EA|\EB.\
\?.\?.\?.\?.\?.\?.\?.\?\EB|\EC.\?.\?.\?.\?.\?.\?.\?.\?\EC|\ED.\?.\?.\?.\?.\
\?.\?.\?.\?\ED|\EE.\?.\?.\?.\?.\?.\?.\?.\?\EE|\EF.\?.\?.\?.\?.\?.\?.\?.\?\
\EF|\F0.\?.\?.\?.\?.\?.\?.\?.\?\F0|\F1.\?.\?.\?.\?.\?.\?.\?.\?\F1|\F2.\?.\
\?.\?.\?.\?.\?.\?.\?\F2|\F3.\?.\?.\?.\?.\?.\?.\?.\?\F3|\F4.\?.\?.\?.\?.\?.\
\?.\?.\?\F4|\F5.\?.\?.\?.\?.\?.\?.\?.\?\F5|\F6.\?.\?.\?.\?.\?.\?.\?.\?\F6|\
\F7.\?.\?.\?.\?.\?.\?.\?.\?\F7|\F8.\?.\?.\?.\?.\?.\?.\?.\?\F8|\F9.\?.\?.\?\
.\?.\?.\?.\?.\?\F9|\FA.\?.\?.\?.\?.\?.\?.\?.\?\FA|\FB.\?.\?.\?.\?.\?.\?.\?\
.\?\FB|\FC.\?.\?.\?.\?.\?.\?.\?.\?\FC|\FD.\?.\?.\?.\?.\?.\?.\?.\?\FD|\FE.\
\?.\?.\?.\?.\?.\?.\?.\?\FE|\FF.\?.\?.\?.\?.\?.\?.\?.\?\FF)”
add name=skypetoskype regexp=”^..\02………….”
add name=teamspeak regexp=”^\F4\BE\03.*teamspeak”
add name=ventrilo regexp=”^..\?v\\\$\CF”
add name=stun regexp=”^[\01\02]…………….\?\$”

/ip firewall mangle
add action=set-priority chain=forward comment=”Priority – 5 – VOIP – h323″ layer7-protocol=h323 new-priority=5
add action=set-priority chain=forward comment=”Priority – 5 – VOIP – SIP” layer7-protocol=sip new-priority=5
add action=set-priority chain=forward comment=”Priority – 5 – VOIP – Skypeout” layer7-protocol=skypeout new-priority=5
add action=set-priority chain=forward comment=”Priority – 5 – VOIP – skypetoskype” layer7-protocol=skypetoskype new-priority=5
add action=set-priority chain=forward comment=”Priority – 5 – VOIP – STUN” layer7-protocol=stun new-priority=5
add action=set-priority chain=forward comment=”Priority – 5 – VOIP – Teamspeak” layer7-protocol=teamspeak new-priority=5
add action=set-priority chain=forward comment=”Priority – 5 – VOIP – Ventrilo” layer7-protocol=ventrilo new-priority=5

That’s all!

Try it and share your impression, bugs, everything!

For reference you can download script and commands in text file:

  1. Failover Script -> failover-2_3
  2. Commands for config -> load-balance-failover-routeros-2_3
October 21st, 2016 | Category: Mikrotik

Leave a Reply

You can use these HTML tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

  

  

  

CAPTCHA

*