Setting the Bandwidth Priority in the Zoom Video Conferencing Application on Mikrotik Routers

There are various media used to hold meetings or video conferences, one of which is the most widely used Zoom Meeting. In this article, we will try to optimize the network by prioritizing the connection used by video conferencing so that it can be used properly without any interference. The bandwidth used will be prioritized so as not to be disturbed when other clients browse the internet.

Previously, we tried to find all the information about the Zoom application, both from the IP server, protocol, and port used. Information to the official Zoom website, the Zoom application uses TCP and UDP protocols with ports 80, 443, 3478, 3479, 5090, 5091, 8801-8810. These protocols and ports that we will use to capture traffic to the Zoom server. Apart from protocol and port, it can also be based on the Zoom server IP which we will add to the router.

Address Lists

For the first step, add the Zoom server IP List to Firewall> Address-Lists router. To make it easier, please check the IP server zoom list here: zoom-ip
Copy the zoom-ip script and enter it into the router by opening New Terminal then right-clicking Paste.

If it is successful, double-check on the IP> Firewall> Address Lists menu to see if IP Zoom has been added automatically. There will be a list of IP Zoom servers with the name ” zoom_ip “.

Please note, not all IPs used by Zoom servers are in this script. To add automatically, add a rule mangle based on the port used by the zoom application.

Add two rules for TCP and UDP with destination ports namely ports 3478, 3479, 5090, 5091, 8801-8810 (in addition to 80 and 443 ).

The following commands are used:

If using Winbox the configuration is as follows

For TCP;

For UDP;

The two rules above are used to add new IPs that are not yet registered in Address-Lists. The Address-Lists name is created the same as the import list, namely ” zoom_ip ” and will be updated automatically when there is a new connection Zoom.

Mangle

The next step, to capture the Zoom application connection traffic, add a new rule to the mangle with the mark-connection action. Protocol port is filled with the port used by zoom, namely TCP and UDP Protocol with Port 3478, 3479, 5090, 5091, 8801-8810. Give the captured connection a name, for example, ” link_zoom “.

The following commands are used.

/ ip firewall mangle add chain = prerouting protocol = tcp dst-port = 3478,3479,5090,5091,8801-8810 action = mark-connection new-connection-mark = connection_zoom passthrough = yes; add chain = prerouting protocol = udp dst-port = 3478,3479,5090,5091,8801-8810 action = mark-connection new-connection-mark = connection_zoom passthrough = yes;

1 2 3 4 5 6 7

/ ip firewall mangle   add chain = prerouting protocol = tcp dst-port = 3478,3479,5090,5091,8801-8810 action = mark-connection new-connection-mark = connection_zoom passthrough = yes;   add chain = prerouting protocol = udp dst-port = 3478,3479,5090,5091,8801-8810 action = mark-connection new-connection-mark = connection_zoom passthrough = yes;

If using Winbox the configuration is as follows:

For TCP;

For UDP;

Apart from ports 3478, 3479, 5090, 5091, 8801-8810, the Zoom application also uses TCP 80 and TCP 443 protocols. Add a new rule with dst-port = 80,443 and Dst. Address List = zoom_ip which was added earlier.

The following commands are used:

/ ip firewall mangle add chain= prerouting protocol= tcp dst-port= 80,443 dst-address-list= zoom_ip action= mark-connection new-connection-mark= connection_zoom passthrough= yes

1 2	/ ip firewall mangle add chain= prerouting protocol= tcp dst-port= 80,443 dst-address-list= zoom_ip action= mark-connection new-connection-mark= connection_zoom passthrough= yes

If using Winbox the configuration is as follows:

The rule above is used to capture zoom traffic using the TCP port 80,443 protocol. There is an additional dst-address-list = zoom-ip so that other browsing packages are not caught by this rule. Make sure the mark-connection name is the same as the previous rule (link_zoom).

After the connection is caught, there is one more rule that must be added, namely mark-packet. Add a new rule with Action Mark Packet and give it a new name, for example, packet_zoom. Make sure the connection mark is filled with mark-connection = connection_zoom that was created earlier. These packet-marks will be used for bandwidth management, either on the simple queue menu or in the queue tree.

The following commands are used:

/ip firewall mangle add chain= forward action= mark-packet connection-mark= new-packet-mark_zoom connection= packet_zoom passthrough= no

1 2	/ip firewall mangle add chain= forward action= mark-packet connection-mark= new-packet-mark_zoom connection= packet_zoom passthrough= no

The result will be several rules in the mangle as follows

Bandwidth Management

After the packet mark is added to the mangle, try using the zoom application and look at the counters in the mangle to check whether the rule is running correctly.

From the packet-mark “packet_zoom” we can use it for bandwidth limitation in the simple queue or queue tree. These packet-marks are used to distinguish which packet goes to the zoom server, where packet browsing is normal.

For example configuration in a simple queue is as follows:

Meanwhile, in the queue tree configuration example, you must add the connection-mark and packet-mark browsing first.

This configuration can be a solution if you want a priority connection to the zoom server without any interruption. If there are other clients browsing, their bandwidth has been separated. In general, during the video conference, the zoom application will use the UDP protocol. And the bandwidth used depends on the resolution used at the zoom meeting.

Indeed, the zoom information for the port used in the TCP and UDP protocol is slightly different. The ports used in TCP and UDP are created together for easy configuration.