Home » bandwith » download » Mikrotik » How to restrict download bandwidth in Mikrotik

How to restrict download bandwidth in Mikrotik

Ditulis oleh: -

How to restrict download bandwidth in Mikrotik - How to Restrict Downloadable Traffic Files In MikroTik - This time I will try to share how to limit / limit the activity of file download in mikrotik. Many of us complain to the behavior of users who like to download big files or weird ones. Maybe this is necessary if in mikrotik network topology, for example in office network, network cafe, rt net network or ISP that sell internet connection Up To or not dedicated 1: 1. We will be bothered by one user who behaves a downloader and eliminate other users bandwidth allocation.

How to Setup Limit Download File With L7 Filtering


Here we use L7 Filtering technique to limit file download according to the extension of file you specified, can for bandwidth limit download exe file, rar, zip, iso and others. 

First, we create filtering regex content L7, specify the string we are looking for.

/ ip firewall layer7-protocol
add name = "Extension \" .exe \ "" regexp = "^. * get. + \\. exe. * \ $"
add name = "Extension \" .mp4 \ "" regexp = "^. * get. + \\. mp4. * \ $"
add name = "Extension \" .rar \ "" regexp = "^. * get. + \\. rar. * \ $"
add name = "Extension \" .zip \ "" regexp = "^. * get. + \\. zip. * \ $"

The example here I will use a string or file extension download only for files with extension exe, mp4, rar, and zip. You can add as needed. 

Secondly, we are signaling / connecting user connections based on L7 regex previously created for further processing in queue bandwidth management mikrotik

/ ip firewall mangle
add action = mark-connection chain = prerouting in-interface = ether2-master-local \
    layer7-protocol = "Extension \" .exe \ "" new-connection-mark = download_conn
add action = mark-connection chain = prerouting in-interface = ether2-master-local \
    layer7-protocol = "Extension \" .mp4 \ "" new-connection-mark = download_conn
add action = mark-connection chain = prerouting in-interface = ether2-master-local \
    layer7-protocol = "Extension \" .rar \ "" new-connection-mark = download_conn
add action = mark-connection chain = prerouting in-interface = ether2-master-local \
    layer7-protocol = "Extension \" .zip \ "" new-connection-mark = download_conn
add action = mark-connection chain = prerouting in-interface = ether2-master-local new-connection-mark = all_conn
add action = mark-packet chain = prerouting connection-mark = download_conn new-packet-mark = download_packet
add action = mark-packet chain = prerouting connection-mark = all_conn new-packet-mark = all_packet

In Winbox it will look like this:



How to Setup Separate Bandwidth Browsing and Download


In this step I also consider the way the setting separates the bandwidth speed for browsing and the speed for downloading files. 

Third, we make the bandwidth management the simple queue.

/ queue simple
add comment = \
    "adamonline.web.id - Separating bandwidth browsing & downloading files" \
    max-limit = 128k / 1M name = Browsing packet-marks = all_packet target = \
    192.168.88.0/24
add max-limit = 128k / 128k name = "Download File" packet-marks = download_packet \
    target = 192.168.88.0 / 24

In the simple queue setting above I example to separate the speed for browsing and to download files:

  • Browsing Activity: Download Speed ​​1Mbps & Upload Speed ​​128Kbps
  • Download File Activity: Download Speed ​​128Kbps & Upload Speed ​​128Kbps


Fourth, we test whether the setting separates the browsing speed and download goes well:



In the picture above, seen when I download the file berekstensi. Zip ter limit speed. As per the speed I set in the simple queue mikrotik. Also visible though the user use internet download manager (IDM) follow the limit speed limit. Or if you do not allow users to use IDM (internet download manager) application on your network, you can try the technique below:

How to Drop Download Connection IDM (Internet Download Manager) In Mikrotik

You can add rules in this kind of mikrotik firewall, still using layer-7 filtering that we previously created:

/ ip firewall filter
add action = drop chain = forward connection-limit = 4.32 in-interface = bridge-local \
    layer7-protocol = "Extension \" .zip \ "" protocol = tcp

The firewall makes if anyone downloads the file using IDM, will be dropped by mikrotik. Because IDM uses more than 1 connection, the firewall will drop IDM if it uses 4 more connections in 1 download file (see connection-limit = 4.32). The above script note "in-interface" adjust your local ether port. 

There may be some other techniques like using connection-bytes, but so far melimit file download speeds in mikrotik more effectively using L7 Filtering, but burden your router load (so heavy). There is also if you use a proxy server can use "Delay-Pool" in squid to limit the download speed of the file.

Related Articles:

0 komentar "How to restrict download bandwidth in Mikrotik", Read or Comment r


Post a Comment