limiting bandwidth of specific destination based on address list
TRANSCRIPT
www.glcnetworks.com
Limiting bandwidth of specific destination based
on address listGLC webinar, 11 august 2016
Achmad Mardiansyah
[email protected] Networks, Indonesia
www.glcnetworks.com
Agenda
● Introduction● Address-list● Bandwidth management● Demo ● Q & A
www.glcnetworks.com
What is GLC?
● Garda Lintas Cakrawala (www.glcnetworks.com)● An Indonesian company● Located in Bandung● Areas: Training, IT Consulting● Mikrotik Certified Training Partner● Mikrotik Certified Consultant● Mikrotik distributor
3
www.glcnetworks.com
Trainer Introduction
● Name: Achmad Mardiansyah● Base: bandung, Indonesia● Linux user since ’99● Certified Trainer (MTCNA/RE/WE/UME/INE/TCE)● Mikrotik Certified Consultant● Work: Telco engineer, Sysadmin, PHP programmer,
and Lecturer● Personal website: http://achmad.glcnetworks.com● More info:
http://au.linkedin.com/in/achmadmardiansyah
4
www.glcnetworks.com
Please introduce yourself
● Your name● Your company/university?● Your networking experience?● Your mikrotik experience?● Your expectation from this course?
5
www.glcnetworks.com
What is Mikrotik?
● Name of a company● A brand● A program (e.g. mikrotik academy)● Headquarter: Riga, Latvia
6
www.glcnetworks.com
What are mikrotik products?
● Router OS○ The OS. Specialized for networking○ Website: www.mikrotik.com/download
● RouterBoard○ The hardware○ RouterOS installed○ Website: www.routerboard.com
7
www.glcnetworks.com
What Router OS can do?
● Go to www.mikrotik.com○ Download: what_is_routeros.pdf○ Download: product catalog○ Download: newsletter
8
www.glcnetworks.com
What are Mikrotik training & certifications?
9
Certificate validity is 3 years
www.glcnetworks.com
What is address-list?
● Address-list is a feature to create a group of IP addresses● Usually is used in conjunction with firewall● Used as firewall matchers. Can be:
○ Source address or destination address or○ both
● Save your day -> no need to specify the complex address pattern on firewall rules
Without address-list
with address-list
www.glcnetworks.com
How to define an address-list?
● You just create an address-list name with the IP address on it● Can be single IP address● Can be a network
Single IP address
Network address
www.glcnetworks.com
Dynamic address-list
● A new COOOL feature on version 6.36 (released august 2016)● A new way to define an address list. No need to type IP addresses because
RouterOS will query the IP address automatically● Very helpful for website with multiple IP address (youtube, facebook)
Type the hostname
The result: RouterOS will resolve the IP address for you
www.glcnetworks.com
Bandwidth Management with address list
www.glcnetworks.com
Where the packets are queued?
www.glcnetworks.com
considerations
● You should mark packet before its being queue● And use the marked packet with QOS
www.glcnetworks.com
Example case
You are required to limit traffic from youtube ip address to 10.10.10.0/24 network.
● Create an address-list for youtube ip address:/ip firewall address-list add address=youtube.com list=youtube.com-ip-address
● Create firewall mangle rule:/ip firewall mangle add action=mark-packet chain=forward new-packet-mark=packet-from-youtube passthrough=no src-address-list=youtube.com-ip-address
● Create a queue/queue simple add max-limit=1M/5M name=limit-traffic-from-youtube packet-marks=packet-from-youtube target=10.10.10.0/24
www.glcnetworks.com
End of slides
● Thank you for your attention ● Please submit your feedback: http://bit.ly/glcfeedback● Like our facebook page: “GLC networks”● Stay tune with our schedule