RouterOS 家用 QoS(网页优先)配置实战

教程/实战
1

MikroTik 家用(300M 下行 / 50M 上行)

透明代理 + ACK/DNS/小包优先 —— 最终模板

目标:上传打满不拖慢交互,CPU 省、规则不打架、长期稳定

一、设计原则(先记住这 5 条)

  1. 只标一次:所有 mark-packet 都带 packet-mark=no-mark
  2. 命中即停:所有 mark-packetpassthrough=no
  3. 优先级只在 UPLOAD 树里竞争
  4. ACK 只抓“纯 ACK”
  5. UPLOAD = 真实上行的 90%

二、mangle 规则模板(顺序即优先级)

统一在 chain=forward,只做 LAN → WAN

:one: 路由/代理相关(已有,略)

:two: DNS(UDP)

add chain=forward action=mark-packet new-packet-mark=dns_pkt passthrough=no \
    protocol=udp dst-port=53 in-interface-list=LAN out-interface-list=WAN \
    packet-mark=no-mark comment="DNS high prio (LAN->WAN)"

DNS TCP 在透明代理下可禁用(你已确认)

:three: TCP ACK(纯 ACK-only)

add chain=forward action=mark-packet new-packet-mark=ack_pkt passthrough=no \
    protocol=tcp tcp-flags=ack,!syn,!fin,!rst,!psh \
    in-interface-list=LAN out-interface-list=WAN packet-mark=no-mark \
    comment="TCP ACK top prio (LAN->WAN)"

:four: 小包(兜底前的交互优化)

add chain=forward action=mark-packet new-packet-mark=small_pkt passthrough=no \
    packet-size=0-512 in-interface-list=LAN out-interface-list=WAN \
    packet-mark=no-mark comment="Small packet prio (LAN->WAN)"

:five: 大 UDP(明确降级)

add chain=forward action=mark-packet new-packet-mark=big_pkt passthrough=no \
    protocol=udp packet-size=1400-1500 in-interface-list=LAN out-interface-list=WAN \
    packet-mark=no-mark comment="BIG UDP large packets (LAN->WAN)"

:six: Web 连接 / 包

add chain=forward action=mark-connection new-connection-mark=web_conn passthrough=yes \
    protocol=tcp dst-port=80,443 in-interface-list=LAN out-interface-list=WAN \
    connection-mark=no-mark packet-mark=no-mark comment="WEB conn (LAN->WAN)"

add chain=forward action=mark-packet new-packet-mark=web_pkt passthrough=no \
    connection-mark=web_conn in-interface-list=LAN out-interface-list=WAN \
    packet-mark=no-mark comment="WEB pkt (LAN->WAN)"

:seven: 大流量 TCP(下载/大文件)

add chain=forward action=mark-connection new-connection-mark=big_conn passthrough=yes \
    protocol=tcp connection-bytes=5000000-0 \
    in-interface-list=LAN out-interface-list=WAN \
    connection-mark=no-mark comment="BIG conn (LAN->WAN)"

add chain=forward action=mark-packet new-packet-mark=big_pkt passthrough=no \
    connection-mark=big_conn in-interface-list=LAN out-interface-list=WAN \
    packet-mark=no-mark comment="BIG pkt (LAN->WAN)"

:eight: OTHER(最终兜底)

add chain=forward action=mark-packet new-packet-mark=other_pkt passthrough=no \
    connection-mark=!web_conn,!big_conn \
    in-interface-list=LAN out-interface-list=WAN packet-mark=no-mark \
    comment="OTHER pkt (LAN->WAN)"

三、Queue Tree 模板(只做 UPLOAD)

UPLOAD 父队列(关键

add name=UPLOAD parent=pppoe-out1 max-limit=45M queue=pcq-upload

45M = 50M × 0.9(你已验证最稳)

子队列优先级(固定梯度)

add name=ACK   parent=UPLOAD packet-mark=ack_pkt   priority=1 queue=pcq-upload
add name=DNS   parent=UPLOAD packet-mark=dns_pkt   priority=2 queue=pcq-upload
add name=SMALL parent=UPLOAD packet-mark=small_pkt priority=4 queue=pcq-upload
add name=WEB   parent=UPLOAD packet-mark=web_pkt   priority=5 queue=pcq-upload
add name=OTHER parent=UPLOAD packet-mark=other_pkt priority=6 queue=pcq-upload
add name=BIG   parent=UPLOAD packet-mark=big_pkt   priority=8 queue=pcq-upload

不需要限速子队列,只靠 priority 排队即可。

四、健康检查(以后只看这 4 条)

:one: CPU

/tool profile
  • firewall + queuing <15%:健康

:two: 队列是否堆积

/queue tree print stats where name="UPLOAD"
  • queued=0 / dropped=0:理想

:three: ACK 是否在跑

/queue tree print stats where name="ACK"
  • packets 在涨、queued=0:正常

:four: 真实体验验证

  • 上传打满 + 打开网页 / 视频 / SSH
  • RTT 不暴涨:成功

五、迁移/备份清单(强烈建议保存)

:pushpin: :one: 导出配置(文本)

/export file=final-qos

:pushpin: :two: 记录 3 个关键值

  • 上行最差值:50M
  • UPLOAD max-limit:45M
  • ACK 规则:ack,!syn,!fin,!rst,!psh

:pushpin: :three: 换设备时只需要改的 2 处

  • parent=pppoe-out1 → 新设备的 WAN 接口名
  • UPLOAD 的 max-limit → 新线路上行 × 0.9

六、什么时候才“需要再动它”

  • 上行 ≥ 100M
  • CPU 长期 >70%
  • 引入 大量 UDP / QUIC
  • 多 WAN / VPN 大流量

否则:不用再改