2025年6月23日 星期一

routeros x86 建議

 

 

 

Queue Tree 實作建議



/ip firewall mangle
add chain=forward protocol=udp dst-port=853 action=mark-packet new-packet-mark=doq
add chain=forward protocol=tcp dst-port=853 action=mark-packet new-packet-mark=dot
add chain=forward protocol=udp dst-port=53 action=mark-packet new-packet-mark=udp53
add chain=forward protocol=tcp dst-port=443 action=mark-packet new-packet-mark=https

/queue tree
add name=Q1-DoQ parent=ether1 packet-mark=doq priority=1
add name=Q2-DoT parent=ether1 packet-mark=dot priority=2
add name=Q3-DNS53 parent=ether1 packet-mark=udp53 priority=3
add name=Q4-HTTPS parent=ether1 packet-mark=https priority=4
 
 
 
 
有心沒有得
 
設定小封包優先 是現在2025 不建議的做法,會造成封包不連續性,反而變慢,或是出問題
 
使用
quic dns 查詢,做為adguardhome or windows 的adguardhome 是最好的做法,在臺灣也是。
dns quic port 是udp 853
 
 
 
目前https 含dns 的封包無法被分離. 使用adguardhome 
 
 
 

 
可能有用 
/ip firewall mangle

# ICMP 回應(最高)
add chain=prerouting protocol=icmp action=set-priority new-priority=7 comment="ICMP 高優先"
add chain=prerouting protocol=icmp action=change-dscp new-dscp=48

# DNS / DoQ
add chain=prerouting protocol=udp dst-port=53,853 packet-size=0-200 action=set-priority new-priority=6 comment="DNS/DoQ 優先"
add chain=prerouting protocol=udp dst-port=53,853 packet-size=0-200 action=change-dscp new-dscp=46

# DoT
add chain=prerouting protocol=tcp dst-port=853,8853 packet-size=0-300 action=set-priority new-priority=6 comment="DoT 優先"
add chain=prerouting protocol=tcp dst-port=853,8853 packet-size=0-300 action=change-dscp new-dscp=46

# TCP SYN(連線建立加速)
add chain=prerouting protocol=tcp tcp-flags=syn action=set-priority new-priority=6 comment="TCP SYN 優先"
add chain=prerouting protocol=tcp tcp-flags=syn action=change-dscp new-dscp=46

# TCP ACK(傳輸穩定)
add chain=prerouting protocol=tcp tcp-flags=ack packet-size=40-100 action=set-priority new-priority=5 comment="TCP ACK 優先"
add chain=prerouting protocol=tcp tcp-flags=ack packet-size=40-100 action=change-dscp new-dscp=40


and
 

 /ip firewall mangle
add chain=prerouting protocol=udp dst-port=53,853 action=set-priority new-priority=6
add chain=prerouting protocol=udp dst-port=53,853 action=change-dscp new-dscp=from-priority-to-high-3-bits

add chain=prerouting protocol=tcp dst-port=853,8853 action=set-priority new-priority=6
add chain=prerouting protocol=tcp dst-port=853,8853 action=change-dscp new-dscp=from-priority-to-high-3-bits



只要要有 

 packet-size=0-300
小封包 都建議拿掉 
張貼者:
標籤: ,

沒有留言:

張貼留言

訂閱: 張貼留言 (Atom)