Syed Jahanzaib Personal Blog to Share Knowledge !

December 7, 2011

Mikrotik Howto give PiNG / iCMP high Priority

Filed under: Mikrotik Related — Tags: , , , — Syed Jahanzaib / Pinochio~:) @ 3:20 PM

caution-you-ping-me-i-blow-your-head[1]
Mikrotik Queuing is heuristic , means every packet leaving mikrotik destined to your IP is capped, even ICMP too.

So when you do browsing or downloading any data , there will be less or no bandwidth available for PING/ ICMP packets and ping form client to mikrotik OR to internet will face frequent timeout and high latency in case of full usage of allowed bandwidth.
As showed in the image below …

highi_ping

 

NOTE:

It is recommended to block the ICMP/PING protocol on every network to avoid flooding and un wanted queries from the client end. (You can exempt your admin pc or other from this restriction via source address list)

Or if you still want to allow icmp , then simply mark icmp packets and and create a queue that allows more bandwidth to icmp marked packets.


 

1- EXAMPLE OF PING/ICMP QUEUE USING SIMPLE QUEUE [overall capping]

###########################################
# PING/ICMP Priority Script for Mikrotik
# Syed Jahanzaib / aacable @ hotmail . com
# https://aacable.wordpress.com
###########################################

# Connection PACKET marking for ICMP, valid for both 5.x and 6.x ROS versions
/ip firewall mangle
add chain=prerouting protocol=icmp action=mark-connection new-connection-mark=icmp-con passthrough=yes comment="" disabled=no
# PACKET marking for ICMP, valid for both 5.x and 6.x ROS versions
add chain=prerouting protocol=icmp connection-mark=icmp-con action=mark-packet new-packet-mark=icmp-pkt passthrough=no comment="" disabled=no

# QUEUE TREE For Mikrotik 5.x Version to allow 128k Bandwidth for ICMP/PING Packets
/queue tree
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=128k max-limit=128k name=Hi-Prio-to-icmp-aacable packet-mark=icmp-pkt parent=global-out priority=1 queue=default
# For 5.x All Done. Now check your PING results. t.c

###################################################################
# IF you are using Mikrotik 6.x then above queue wont work,instead use SIMPLE queue 
# SIMPLE QUEUE approach is valid For both 5.x and 6.x Versions.
# DO Make sure to move it on TOP [order wise 0]

/queue simple
add max-limit=128k/128k name=ICMP_Priority packet-marks=icmp-pkt target=""

Result after implementing above code.

ping ok


2- SECOND EXAMPLE OF PING/ICMP QUEUE USING PCQ TREE | (FOR PER USER DISTRIBUTION)

The following script will mark icmp packets and will allow 32k per user for icmp traffic via PCQ / QUEUE TREE

/ip firewall mangle
add action=mark-packet chain=prerouting comment="Mark ICMP I / zaib" new-packet-mark=ping_pkts_i protocol=icmp
add action=mark-packet chain=postrouting comment="Mark ICMP O / zaib" new-packet-mark=ping_pkts_o protocol=icmp

/queue type
add kind=pcq name="ping_pkts_i_32K" pcq-classifier=dst-address pcq-dst-address6-mask=64 pcq-rate=32k pcq-src-address6-mask=64
add kind=pcq name="ping_pkts_o_32K" pcq-classifier=src-address pcq-dst-address6-mask=64 pcq-rate=32k pcq-src-address6-mask=64


/queue tree
add name=ping_pkts_i packet-mark=ping_pkts_i parent=global-out queue="ping_pkts_i_32K / zaib"
add name=ping_pkts_o packet-mark=ping_pkts_o parent=global-out queue="ping_pkts_o_32K / zaib"

 

TIP: You can also use PRIORITY base queuing to give priority to ICMP packets from user own queue over other protocols.

 

Regard’s
Syed Jahanzaib

Advertisements

21 Comments »

  1. great bhai……
    bhai qos ka koi guide b post kary..

    Like

    Comment by usmans — December 9, 2011 @ 3:51 PM

  2. Thanx……

    Like

    Comment by adeel — December 10, 2011 @ 4:40 PM

  3. nice work bahi

    thank you

    Like

    Comment by waseem ahmed — January 26, 2012 @ 2:03 AM

  4. Syed bahi ager 3.20 to upgrade 4.1 ho sakta hai tu plz guide me

    thanks

    Like

    Comment by waseem ahmed — January 26, 2012 @ 2:08 AM

  5. Dear sir,

    I have tried this but no difference it is the same case which i have defined before (when i am browsing or playing youtube video etc.. when i ping mikrotik server which local its delay time increase up to 3000ms and the internet will be slow and also if i want to access mikrotik server it takes too much to login in mikrotik server).

    Please help me, if the above solution works fine than can you tell me sir that how i should apply this because i have applied before it doesn’t work.

    Like

    Comment by Mohammad Ikram — July 2, 2012 @ 2:25 PM

  6. dear sir
    thankxx for urs coprtn….

    sir mere pass yha problem ho rahee hai…. mai nai yha sprip bhi laga liya hai is kai bawajood mere wan ki ping high ho kar break hojata hai… so plz sovle it my problem…

    Like

    Comment by waseem shaikh — December 1, 2012 @ 8:57 PM

    • dear sir
      thankxx for urs coprtn….

      sir mere pass yha problem ho rahee hai…. mai nai yha scrip bhi laga liya hai is kai bawajood mere wan ki ping high ho kar break hojata hai jb mai downloading lagata hn tb…1mb par jatey hai ping break hojata hai phir sahi ho jatee hai..
      … so plz sovle it my problem…

      Like

      Comment by waseem shaikh — December 1, 2012 @ 9:18 PM

  7. regesterd or creak mikrotik os ka koi faida hta ha k nai???????????

    Like

    Comment by w — July 12, 2013 @ 11:28 AM

    • Always use Registered version, that way you get vendor support and free upgrades.
      Crack versions also works ok but its illegal to use them

      Like

      Comment by Syed Jahanzaib / Pinochio~:) — July 16, 2013 @ 8:22 AM

  8. Sir,
    i am used this for caping icmp.it is amazing except ppoe users.is there any confiquration for ppoe users.
    thanks
    saravanan siva

    Like

    Comment by saravanan — December 23, 2013 @ 7:54 PM

  9. Asalamu Alikum,
    I am using 2 wan’s for hotspot i configured your pcc script in my RB 1000 from router side i am able to ping both gateways but from client side our login page not appreaing if i type any address it was stuck. i would like to request you could you please give me the solution on it.

    local IP 192.168.0.1/24
    WAN1 192.168.1.1
    WAN 192.168.10.100

    Regards
    jeelani

    Like

    Comment by jeelani — September 21, 2014 @ 7:00 PM

  10. Hi, Any update on this script to work on V6 version. I am finding IP capped using simple queue has a ping break

    Like

    Comment by Sankar — August 19, 2015 @ 8:05 AM

  11. We have a CCR router with OSV 6.31, configured with hotspot. The users under the hotspot are able to get icmp request for gateway but it is very high. Earlier on 450G we had mangle rules by which we would redirect the ICMP packets to ping in 1 ms. But we are not able to do that on OS 6.14. Kindly suggest us how to overcome this issue. Please provide examples if possible.

    Liked by 1 person

    Comment by shafi — August 21, 2015 @ 3:18 PM

  12. […] Original Link […]

    Like

    Pingback by Mikrotik Howto give PiNG / iCMP high Priority | SUMONCHAI — January 26, 2016 @ 2:42 PM

  13. Dear Syed Jahanzaib dear maini mikrotik pc os Level 6 instal keya hain WAN Ke IP 192.168.10.1 hen or LAN ka Ip 192.168.88.1/24 hain maini server thek kam kar raha hain per jab main client pe PING CHECK KAR RAHA HO TO PING kahhby arhai hain or kabhy timed Out jab CLIENT koi b web open karta hain to Request Timed OUT ajata hain Pher 5 ye 6 bar reply ata hain Timed Out K wajha se Net Ckient Pe Slow Chal rahe hain so kindly help Kya Karo Please Koi Hall iska ap k pas

    BEST REGARD GM BALOCH

    Like

    Comment by Ghulam Murtaza Baloch — January 31, 2016 @ 7:36 PM

  14. Obrigado. Funcionou aqui perfeitamente. Mikrotik versão 6.x.

    Like

    Comment by Josué Guedes Ribeiro — December 24, 2016 @ 6:02 PM

  15. Gracias!!!

    Like

    Comment by pablo — March 29, 2017 @ 7:51 PM


RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: