There are occasions when one might wish to throttle, or otherwise monitor, traffic going to a specific website using a Routerboard. Perhaps you want to dissuade someone from accessing a website like the Daily Mail, you could do this by throttling the traffic down to dial-up speeds for example. Or perhaps you would just like to graph the amount of traffic going to a particular domain, all this is possible with a Routerboard. Doing it with IP is very simple and I won’t cover it here, but if you’d like to know how to do it to a specific domain where you don’t know the IP then keep reading.
For the purpose of this example I am going to throttle the traffic destined to the Daily Mail website down to 56k in an effort to stop people on my network reading it so much and rotting their brains. With some luck dial up speeds will be so infuriating they’ll read something much better. I’m also going to setup a graph so that I can see the traffic going to the Daily Mail website.
Throttling traffic destined to an IP address is very easy in the Routerboard and you can work this out with a quick glance of the Routerboard documentation. I don’t know the IP or IPs being used by the Daily Mail though, so I need to throttle based on domain name being accessed, enter Layer7 protocols.
Identify the traffic to throttle with Layer7
In order to throttle traffic to a domain we must first identify the traffic using a combination of Layer7 protocols and a firewall mangle rule.
First thing, create a Layer7 protocol which looks inside each packet and matches against a pattern, in this case we’re going to create one to look for the Daily Mail URL.
/ip firewall layer7-protocol add name="Daily Mail" regexp="^.+(dailymail.co.uk).*\$"
Now we have a rule that we can use to identify packets, so let’s go ahead and create a packet mark rule to look for packets that match that rule and mark them.
/ip firewall mangle add action=mark-packet chain=prerouting connection-mark=DailyMail new-packet-mark=DailyMail passthrough=no
What we’ve done there is mark packets that match with a connection mark. Next, let’s look for connections that contain packets with that connection mark, and mark the connection itself.
/ip firewall mangle add action=mark-connection chain=prerouting layer7-protocol="Daily Mail" new-connection-mark=DailyMail protocol=tcp
Now we’ve marked all the traffic going to and from the Daily Mail so we’re ready to start managing it and throttling it.
Throttling traffic with a queue
Now we’ve identified the traffic, we just have to create a queue to throttle it down.
/queue simple add max-limit=56k/56k name="Daily Mail" packet-marks=DailyMail target=Bridge1
This is a very simple queue, we have set a max-limit of 56k/56k upload and download for traffic that has the packet marks we set up earlier, and we’re targeting the local bridge interface which is the LAN I want to throttle when accessing the Daily Mail.
Everyone likes a good graph, creating a graph for a queue is very simple.
/tool graphing queue add simple-queue="Daily Mail"
Now you’ll be able to access the graph for that queue and see history via the router web interface.
Of course, if you didn’t want to actually throttle the traffic to a particular website and just wanted to graph it then you could set the bandwidth limits to unlimited in the queue and just use the queue for graphing without any actual limits set.
So there you have it, a simple Layer7 protocol to identify traffic via a firewall mangle rule which is then used in a queue to throttle the traffic down and graph it. You just need to customise the values for your needs, or use the ones I’ve used, it certainly can’t hurt to make it harder to read the Daily Mail.
Questions, comments, feedback just pop into the comments below or Tweet me.