Limit Video Streaming Speeds with Mikrotik

Streaming video can take up a lot of the bandwidth your ISP provides you. In fact, if you have less than a 10Mbps internet connection, a couple of simultaneous video streams can potentially slow down any other type of internet usage significantly. However, with this guide and a mikrotik router, you can limit video-streaming bandwidth so that it doesn’t eat up all of your available bandwidth.

The act of limiting bandwidth for certain activities or applications goes by a lot of different names: traffic shaping, QOS, throttling and bandwidth shaping are amongst the most common. Whatever you want to call it, we’re going to limit how fast Youtube and/or Netflix traffic can go, which allows you to reserve some of your bandwidth for other activities.

How it works

This guide covers how to create a self-propagating list of IP addresses used by Netflix / Youtube for video streaming, and automatically limit the speeds used by those IPs for networks or individual IP addresses that you can specify. Here are the config settings for those who prefer them:

[admin@MikroTik] > queue simple print
name=”YOUTUBE” target=192.168.88.0/24 parent=none packet-marks=Youtube priority=8/8 queue=default/default
limit-at=0/0 max-limit=50M/10M burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s bucket-size=0.1/0.1
total-queue=default

name=”NETFLIX” target=192.168.88.0/24 parent=none packet-marks=Netflix priority=8/8 queue=default/default
limit-at=0/0 max-limit=50M/10M burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s bucket-size=0.1/0.1
total-queue=default

[admin@MikroTik] > ip firewall mangle print
;;; Mark Youtube
chain=forward action=mark-packet new-packet-mark=Youtube passthrough=no src-address-list=Youtube log=no
log-prefix=””

;;; Mark Netflix
chain=forward action=mark-packet new-packet-mark=Netflix passthrough=no src-address-list=Netflix log=no
log-prefix=””

;;; YOUTUBE – Youtube.com
chain=prerouting action=add-dst-to-address-list address-list=Youtube address-list-timeout=30m content=youtube.com
log=no log-prefix=””

;;; YOUTUBE – Googlevideo.com
chain=prerouting action=add-dst-to-address-list address-list=Youtube address-list-timeout=30m
content=googlevideo.com log=no log-prefix=””

;;; NETFLIX
chain=prerouting action=add-dst-to-address-list address-list=Netflix address-list-timeout=30m
content=nflxvideo.net log=no log-prefix=””

The pasted config is setup as follows:

  • It creates two separate IP address lists: Netflix & Youtube. Each list stores IP addresses for 30 minutes as they’re discovered / used.
  • Traffic from IPs on those lists are marked with ‘Youtube’ and ‘Netflix’, which these are used for the Simple Queue rules to limit speeds
  • Simple queues are set for 10Mbps download and 50Mbps upload speeds and affect the 192.168.88.0/24 network.

I’m assuming just about any Mikrotik router can perform theses tasks. I currently use this dual-band router and highly recommend you stick with dual-band versus buying a 2.4Ghz-only router. However, I know that you can run this on the cheap-o, ~$25 baby-blue 2.4Ghz router…. which may be fine for non-WiFi usage or WiFi usage within a single room.

Here’s a breakdown of the steps to create the rules so that you can limit Youtube and/or Netflix traffic on your network. This guide uses Winbox, but I assume that Webfig should be similar.

Creating Mangle Rules

We need to create a few mangle rules, and first off we’ll create those that build our IP address lists. We’ll start with the Youtube list.

To create a new mangle rule, go to IP > Firewall > Mangle, then press the ‘+’ sign:

Create Mikrotik Mangle Rule with Prerouting

In the new mangle rule window, under General > Chain, choose prerouting:

New mangle rule - prerouting chain selection

Click on the Advanced tab, and under content, type in ‘youtube.com’:

Adding content filed for advanced mangle rule

Click on the Action tab, then choose ‘add dst to address list’ as the action, type ‘Youtube’ as the address list. The default timeout setting of 10 minutes is fine to leave as is.

Created destination address list - Mikrotik router

Once that’s set, click ‘Apply’ or ‘Ok’. The above rule will identify all the IP addresses for the youtube.com domain and put them in a list called ‘Youtube’. You can see some of those IPs after browsing Youtube.com under IP > Firewall > Address Lists, and it’ll look something like this:

Mangle rule created Youtube address list in Mikrotik

Copying mangle rule with Mikrotik + Winbox
However, most or all of the actual video streaming takes place using googlevideo.com, and we’ll need to create a second rule for that. Mikrotik makes it simple to duplicate rules, so you can just double-click on the first mangle rule created, then click ‘Copy’ as is shown to the right.

Once you create the second rule (the copy), you only need to edit one spot: under Advanced > Content, change ‘youtube.com’ to ‘googlevideo.com’:

Modify copied mangle rule

Then press Apply once you’ve changed that. Before moving further forward, a personal preference (and probably a good practice) is to leave a comment on the rules. A comment is like a short, personal note. Here’s an example alongside what it looks like when mixed with other rules:

Mikrotik mangle rule - comments in list

Comments are not necessary, but may help minimize confusion in some cases.

Mangle rule for the Netflix address list

The steps for creating a Netflix address list mangle rule is the same as Youtube as shown above. So, I won’t post screenshots, rather I’ll walk through the steps.

  1. Create a new mangle rule – IP > Firewall > Mangle > + sign
  2. Under the General tab, choose Chain > prerouting
  3. Under the Advanced tab, type nflxvideo.net into the Content field
  4. Under the Action tab, choose Action > add dst to address list, type Netflix in address list field
  5. Press ‘Ok’

Marking Youtube & Netflix traffic

In order to easily use simple queue rules to limit video-streaming traffic speeds, you need to mark traffic that originates from our address lists. We do this with a couple of mangle rules. I’ll walk through the Youtube settings with screenshots and post written instructions for Netflix as before.

Create a new mangle rule: IP > Firewall > Mangle > + sign, and under the General tab, choose Chain > forward:

Creating Youtube packet mark mangle rule

Under the Advanced tab, choose ‘Youtube’ from the Src. Address List dropdown menu:

Selecting Youtube address list for packet marks

Under the Action tab, choose Action > mark packet, then write in Youtube in the New Packet Mark field:

Marking Youtube IP list traffic packets

Press Ok or Apply to save the settings.

To setup the Netflix rule:

  1. Create a new mangle rule – IP > Firewall > Mangle > + sign
  2. Under the General tab, choose Chain > forward
  3. Under the Advanced tab, choose ‘Netflix’ from the Src. Address List dropdown field
  4. Under the Action tab, choose Action > mark packet, type Netflix in the New Packet Mark field
  5. Press ‘Ok’

Creating Simple Queue Rules

The simple queue rules are where this all comes together: it’s the final set of configurations that determine how fast, or how slow, your Youtube or Netflix video streams can go.

Create a new simple queue rule by clicking Queues > Simple Queues > + sign.

Your settings will differ from mine possibly, but here’s the General tab in my Youtube simple queue rule:

Youtube simple queue rule for traffic shaping

Pertinent to this guide,

  • Name is an identifier for the rule. I chose YOUTUBE.
  • Target is the IP network or individual address that is affected by this rule.
  • Target download is the maximum download speed IPs in the Youtube address list can use in aggregate to the target IP(s). There is a dropdown menu there,
    or you can write in your own speed (5M, 750k, etc)

Under the Advanced tab, choose Youtube from the Packet Mark dropdown menu:

Choosing packet mark for Simple Queue rule

Press ‘Ok’, then create a new rule for Netflix.

  1. Create a new simple queue rule: Queues > Simple Queues > + sign
  2. Under the General tab, add a Name, Target and Download speed under Max Limit
  3. Under the Advanced tab, choose Netflix from the Packet Mark dropdown menu
  4. Press ‘Ok’

That’s all there is to it.

Additional Information

I discovered the URLs to Youtube & Netflix CDNs (content delivery networks – video streaming servers) by looking at connections while streaming video. Explaining how to do this isn’t fitting for this site and well outside the scope of this guide. If these services start using new URLs, they won’t automatically be captured. Further, if Youtube or Netflix use IP-address based CDNs for streaming, which I didn’t see in setting this up, these would not show up in the address list automatically.

You can create a mangle rule for netflix.com (copy the nflxvideo.net rule, replace with netflix.com), which will enforce the speed limits on the Netflix.com domain along with video streaming. I purposely did not do this whereas I did with Youtube.com due to observations in how they behave. Your experience may differ.

If there’s interest, I can probably add some more video streaming services to the list. It’s really straightforward once you understand how it works, you just need to determine the URLs used by streaming services for their video, and plug that in to build the address list(s) and queuing rules.

If you have any questions, feel free to post them and I’ll do what I can to answer them.

Related Articles:

Posted on Published

2 Replies to “Limit Video Streaming Speeds with Mikrotik”

  1. Hi There,
    Good article something I was looking for. Just wondering why you create an IP list and not just simply have one mangle rule to mark the packets and then queue the marked packets?
    Chris.

Leave a Reply

Your email address will not be published. Required fields are marked *