1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

need help capping wireless bandwidth

Discussion in 'Sveasoft Firmware' started by peanotation, Oct 11, 2005.

  1. peanotation

    peanotation Network Guru Member

    I have a WRT54G, running Satori-4.0 v2.07.1.7sv

    i need to cap the wireless bandwidth seperately from the LAN bandwidth. now i know you can adjust bandwidth in the bandwidth management section, but it only limits ALL bandwidth.

    with WAN or LAN/wLAN selected the LAN computers are capped no matter what. i need to only cap the bandwidth on the wireless computers.

    if someone can offer some insight i would appreciate it. i've been working at this problem for months now and i'm still not making any progress.

    i just want to cap the wireless bandwidth and leave the LAN bandwidth alone.
     
  2. peanotation

    peanotation Network Guru Member

    if anybody can even recomend alternative firmware that can cap the wireless bandwidth seperately from the LAN bandwidth. i'm starting to wonder if it's impossible to do it on this router, without writing my own code of course.......
     
  3. jagboy

    jagboy Network Guru Member

    i really dounbt the router can do this with the firmwares out there. but i think i heard brainsyler talking about doing this........,you might want to get in touch with him via pm or email..
     
  4. peanotation

    peanotation Network Guru Member

    so someone made firmware that will let you cap both the LAN and wLAN bandwidth....

    ....but they didn't make it so you could cap one or the other?

    oh man :???:

    what about two routers? i'm so sick of this retarded situation i'll do whatever it takes. if i have the wireless going into one router, cap that one, and then have a second router with the LAN ports? will that work? or can routers not do that either
     
  5. jagboy

    jagboy Network Guru Member

    well right now i dont know if brainslyer is going to do this....
    but maybe you could do somthing like this..it might work

    cable modem/dsl modem
    |
    |
    (ethernet wire)
    |
    |
    WRT54G one(lan port 1)--------ethernet wire-----WRT54G 2))))wireless(((((wirelss clients

    disable the wireless on the first wrt and in the QOS page ont the 1st router try to set lan port 1 to about 256k,512k, 1M,10M,20M, 50M or 100m
    other than that i dont know another way of capping wirelesss speeds.
     
  6. thirdpig

    thirdpig Network Guru Member

    wispr attributes in radius

    If you enable chillispot for authenticated access on both the lan and wlan, you can enter bandwidth attributes for different groups of users specified in the usergroup table.

    Enter values like these in the radgroupreply table:


    • id GroupName Attribute op Value prio

      1 asberk_wifi WISPr-Bandwidth-Max-Down = 256000 0
      3 asberk_wifi WISPr-Bandwidth-Max-Up = 128000 0
      4 asberk_basic WISPr-Bandwidth-Max-Down = 1000000 0
      5 asberk_basic WISPr-Bandwidth-Max-Up = 128000 0
      7 asberk_premium WISPr-Bandwidth-Max-Down = 2000000 0
      8 asberk_premium WISPr-Bandwidth-Max-Up = 128000 0
     
  7. _Shorty

    _Shorty Network Guru Member

    mind explaining why you'd like to do this? Might be other solutions to the problem.
     
  8. peanotation

    peanotation Network Guru Member

    my room mate (wireless laptop) downloads useless warez shit aaaalllllll day and night. he just downloads and stores it, never uses it. ever since we moved in here 8 months ago he hasn't stopped downloading...

    i'm serious. and i can't put up with it anymore. i can't even check my email in under 5 minutes. the router is in my room and i'm hooked in via ethernet cable, and he's on wireless.

    i just need to cap this wireless bandwidth.

    would a second router work for sure? it's worth it to spend the extra $50 to have a solution to this problem.
     
  9. habskilla

    habskilla Network Guru Member

    fyi,

    talisman 1.1 is supposed to do what you're looking for. Read up on their new QOS settings.
     
  10. _Shorty

    _Shorty Network Guru Member

    peanotation, QoS is what you want to use. Set the limits for 85-90% of what your internet connection is capable of, and set all P2P stuff for 'bulk' priority. I'm using Alchemy here, and I don't get affected by P2P stuff at all. I still get wicked pings in counterstrike when a bittorrent is going crazy, it works great. You might be better off with DD-WRT or something, since I believe he has kept up with the latest L7 filter patterns, which are used for QoS. With Alchemy I had to manually add some newer patterns with the rc_startup and rc_firewall scripts.
     
  11. peanotation

    peanotation Network Guru Member

    ok, got some updates. i'm running Alchemy-V1.0. i've set BitTorrent to Bulk priority. i dont know what program he's using exactly to download, i wish you could adjust LAN and wLAN settings seperately. i thought it worked for a while but then i realized he just wasn't downloading as much shit at the moment. now he's downloading full fledged again and i can't even check my email, let alone get anything under 1000ms ping on counterstrike.
     
  12. _Shorty

    _Shorty Network Guru Member

    how about asking him what he's using to download, heh, or just looking for that matter ;) Here's what I've used in my rc_startup/rc_firewall scripts to add a Counter-Strike Source pattern, DoD Source, Half-Life1-based games, and a working pattern for gnutella/gnutella2 P2P clients. It adds the games as 'Premium' and the P2P stuff as 'Bulk'. I've also got FTP, bittorrent and edonkey set in the main pages as bulk, DNS set to premium. I've got it set to WAN obviously, and I've set the upload and download values to 85% of my line's maximum. This works awesome for me. Hopefully you'll be able to get it working similarly. It may involve writing/finding new patterns for the P2P client(s) he is using if it isn't Gnutella(Limewire/Bearshare)-based. Also note that you could also add his MAC address in the main page and make it 'bulk' too, so that everything he does is just bulk by default. ;) Might make it a little easier on the maintenance end for you anyways, hehe.

    rc_startup

    sysctl -w net.ipv4.ip_conntrack_tcp_timeouts="600 1800 120 60 120 120 10 60 30 120"
    echo -e cstrikesource\\n'^\\xff\\xff\\xff\\xff.*cstrikeCounter-Strike' >/tmp/cstrikesource.pat
    echo -e gnutella2\\n^gnutella.*application/x-gnutella >/tmp/gnutella2.pat
    echo -e hl1\\n'^\\xff\\xff\\xff\\xffget(info|challenge) >/tmp/hl1.pat
    echo -e dodsource\\n'^\\xff\\xff\\xff\\xff.*dodDay of Defeat' >/tmp/dodsource.pat

    -----------------------------------------
    rc_firewall

    iptables -t mangle -A POSTROUTING -m layer7 --l7dir /tmp --l7proto cstrikesource -j MARK --set-mark 10
    iptables -t mangle -A POSTROUTING -m layer7 --l7dir /tmp --l7proto gnutella2 -j MARK --set-mark 40
    iptables -t mangle -A POSTROUTING -m layer7 --l7dir /tmp --l7proto hl1 -j MARK --set-mark 10
    iptables -t mangle -A POSTROUTING -m layer7 --l7dir /tmp --l7proto dodsource -j MARK --set-mark 10
     
  13. peanotation

    peanotation Network Guru Member

    awesome, thanks for all your help. i got his mac address and set it to "bulk". its pretty smooth now! but i'm still a little laggy here and there. after some speed tests i can only get up to 700kbps when i can usually just break over 1mb (after i shut off the wireless completely).

    also, my internet is dropping in and out ever since i flashed to the alchemy firmware. i suspect it might be my horrible ISP, but i've had problems with other firmware doing this to my router.

    also, what IS the difference between WAN and wLAN/LAN? wouldn't a WIDE area network constitute the same thing as wLAN/LAN?
     
  14. _Shorty

    _Shorty Network Guru Member

    with it set to WAN, then it only filters the Wide Area Network. The internet. This means that your local LAN traffic will be unaffected, so you can still transfer files locally at 100Mbps, but your internet traffic can be dealt with at the speeds at which you're actually connected to it. If you set it to LAN/wLAN then the limits are applied to all traffic, it doesn't treat the internet connection any different than it does your local connection to the machine next to you. I suppose there might be situations where the LAN/wLAN setting might be of some use, but typically this will be set to WAN since it is internet traffic that you're trying to gain control over.

    Yeah, it will be slightly slower, since you're more or less telling the router that it should be trying to hit your goals for bandwidth usage rather than rely on the line itself to govern its own speed. We're telling it we want it to use 85-90% of our line, rather than 100%, so that it actually has a bit of room to breathe, room to work, so that the higher priority traffic actually gets a chance to be made higher priority and you don't run out of bandwidth before that's able to happen. I was using 85% of my line's capability when I had a 1.5Mbps/512Kbps package from my ISP, and that worked pretty well. I tried 90% for a little while, but 85% seemed to do a better job. Recently I upgraded to their 2.5Mbps/640Kbps package and I decided to try using 90% again, and it works better than it did at the previous speeds, so I didn't feel the need to use 85% in that situation.
     
  15. kidkl

    kidkl Network Guru Member

    Hello,

    My friend had the same issue I htink I came up with a better solution that would fit your /his needs. His roommate is also on the wireless connection and also has a ton of p2p stuff going on. Here is a custom qos that I came up with for him thats working great:

    Code:
    tc qdisc del dev eth1 root    2> /dev/null > /dev/null
    tc qdisc del dev br0 ingress 2> /dev/null > /dev/null
    
    tc qdisc add dev eth1 root handle 1: htb default 20
    tc class add dev eth1 parent 1: classid 1:10 htb rate 53mbit burst 6k prio 1
    tc class add dev eth1 parent 1:1 classid 1:20 htb rate 140kbit burst 6k prio 2
    tc filter add dev eth1 parent 1: protocol ip prio 13 u32 match ip src 192.168.0.0/23 match ip dst 0.0.0.0/0 flowid 1:20
    tc filter add dev eth1 parent 1: protocol ip prio 1 u32 match ip src 192.168.0.0/23 match ip dst 192.168.0.0/23 flowid 1:10
    tc qdisc add dev eth1 parent 1:10 handle 10: sfq perturb 10
    tc qdisc add dev eth1 parent 1:20 handle 20: sfq perturb 10
    
    
    tc qdisc add dev br0 handle ffff: ingress
    tc filter add dev br0 parent ffff: protocol ip prio 50 u32 match ip src 192.168.0.0/23 match ip dst 192.168.0.0/23 police rate 100mbit burst 10k drop flowid :1
    tc filter add dev br0 parent ffff: protocol ip prio 51 u32 match ip src 192.168.0.101/32 match ip dst 0.0.0.0/0 police rate 1mbit burst 10k drop flowid :2
    tc filter add dev br0 parent ffff: protocol ip prio 52 u32 match ip src 192.168.0.102/32 match ip dst 0.0.0.0/0 police rate 1mbit burst 10k drop flowid :3
    tc filter add dev br0 parent ffff: protocol ip prio 53 u32 match ip src 192.168.0.121/32 match ip dst 0.0.0.0/0 police rate 1mbit burst 10k drop flowid :4
    tc filter add dev br0 parent ffff: protocol ip prio 55 u32 match ip src 192.168.0.0/23 match ip dst 0.0.0.0/0 police rate 80kbit burst 10k drop flowid :5
    
    
    Let me go through it in a little bit more detail:

    Code:
    tc qdisc add dev eth1 root handle 1: htb default 20
    tc class add dev eth1 parent 1: classid 1:10 htb rate 53mbit burst 6k prio 1
    tc class add dev eth1 parent 1:1 classid 1:20 htb rate 140kbit burst 6k prio 2
    tc filter add dev eth1 parent 1: protocol ip prio 13 u32 match ip src 192.168.0.0/23 match ip dst 0.0.0.0/0 flowid 1:20
    tc filter add dev eth1 parent 1: protocol ip prio 1 u32 match ip src 192.168.0.0/23 match ip dst 192.168.0.0/23 flowid 1:10
    tc qdisc add dev eth1 parent 1:10 handle 10: sfq perturb 10
    tc qdisc add dev eth1 parent 1:20 handle 20: sfq perturb 10
    
    In the above code basically any ip that is within the 192.168.x.x (actually its limited to 192.168.0.x and 192.168.1.x) network going to the 192.168.x.x network will get full speed downloads on the wireless lan (ie a wlan to lan or wlan to wlan transfer). Anyone on the wireless trying to go out to the internet will get capped at 140kbit/s or 17.5kbytes/s

    Code:
    tc qdisc add dev br0 handle ffff: ingress
    tc filter add dev br0 parent ffff: protocol ip prio 50 u32 match ip src 192.168.0.0/23 match ip dst 192.168.0.0/23 police rate 100mbit burst 10k drop flowid :1
    tc filter add dev br0 parent ffff: protocol ip prio 51 u32 match ip src 192.168.0.101/32 match ip dst 0.0.0.0/0 police rate 1mbit burst 10k drop flowid :2
    tc filter add dev br0 parent ffff: protocol ip prio 52 u32 match ip src 192.168.0.102/32 match ip dst 0.0.0.0/0 police rate 1mbit burst 10k drop flowid :3
    tc filter add dev br0 parent ffff: protocol ip prio 53 u32 match ip src 192.168.0.121/32 match ip dst 0.0.0.0/0 police rate 1mbit burst 10k drop flowid :4
    tc filter add dev br0 parent ffff: protocol ip prio 55 u32 match ip src 192.168.0.0/23 match ip dst 0.0.0.0/0 police rate 80kbit burst 10k drop flowid :5
    
    The first line is again a wlan to lan or lan to lan or wlan to wlan transfer give full speed. The next lines limit the upload rate for 192.168.0.101, 102 and 121 to 1mbit up to the internet (cable connection is 6mbit down 1 mbit up). The last line is basically saying for anyone else trying to upload cap them at 80kbits/s or 10kbytes/s.

    My friends roommate knows enough about computers to be dangerous so he figured out that he could just change his ip to whatever in the 192.168.x.x subnet and then be unfiltered so thats why I came up with the above. The only bad part is basically anything you don't want to be capped you have to enter a qos setting just for them to not be filtered on the upload. If hes not that smart you can enter in the following instead so that it just caps bandwidth for that ip where in this example 101 is the one being limited to 140kbit/s down and 40kbit/s up but still has full lan/wlan transfer speeds:

    Code:
    tc qdisc del dev eth1 root    2> /dev/null > /dev/null
    tc qdisc del dev br0 ingress 2> /dev/null > /dev/null
    
    tc qdisc add dev eth1 root handle 1: htb default 20
    tc class add dev eth1 parent 1: classid 1:10 htb rate 53mbit burst 6k prio 1
    tc class add dev eth1 parent 1:1 classid 1:20 htb rate 140kbit burst 6k prio 2
    tc filter add dev eth1 parent 1: protocol ip prio 13 u32 match ip src 192.168.0.101/32 match ip dst 0.0.0.0/0 flowid 1:20
    tc filter add dev eth1 parent 1: protocol ip prio 1 u32 match ip src 192.168.0.0/23 match ip dst 192.168.0.0/23 flowid 1:10
    tc qdisc add dev eth1 parent 1:10 handle 10: sfq perturb 10
    tc qdisc add dev eth1 parent 1:20 handle 20: sfq perturb 10
    
    tc qdisc add dev br0 handle ffff: ingress
    tc filter add dev br0 parent ffff: protocol ip prio 50 u32 match ip src 192.168.0.0/23 match ip dst 192.168.0.0/23 police rate 100mbit burst 10k drop flowid :1
    tc filter add dev br0 parent ffff: protocol ip prio 51 u32 match ip src 192.168.0.101/32 match ip dst 0.0.0.0/0 police rate 40kbit burst 10k drop flowid :2
    
     
  16. _Shorty

    _Shorty Network Guru Member

    I fail to see how that solution is better. The standard L7-based QoS solution is much easier to implement and works regardless of any crap anyone tries to pull to get around it. Doesn't matter if you change IP addresses or change the ports that your P2P apps use, the traffic still gets flagged as and treated as bulk traffic.
     
  17. kidkl

    kidkl Network Guru Member

    Thats great but this way it doesnt matter what they are downloading or how they are getting it either way they are capped. My friend was having issues with the L7 filter trying to catch everything that he was getting. That and my friend would rather just limit his roommate down to a fairly small connection ( i think he finally stuck with 512/256 (which he's given him for free) that to deal with adding all sorts of filters.

    If they were both spliting the bill then I would agree that using layer7 filters and qos would be the way to go however their not. He just wants to be able to use the connection that hes paying for without having interfearance from his room mate. This way he can just let his roomate do whatever and still have 70%-100% of his connection avalaible to him at all times no matter what his roomate is doing.

    Besides he mentions that he just wants to cap his roomates bandwidth this is exaclty what this does.
     
  18. kidkl

    kidkl Network Guru Member

    On a side note I do not run talisman so I am not sure if the interfaces are the same names as the ones in ddwrt ie wireless is eth1 and the bridge for the wireless/lan is on br0.
     
  19. _Shorty

    _Shorty Network Guru Member

    you're misunderstanding how L7 and the QoS works then. Computer A can be maxing out the line with a bittorrent download. Computer B fires up Counter-Strike. Bittorrent's set to bulk, Counter-Strike's set to Premium. Bittorrent gets slowed down quite a bit, giving Computer B's Counter-Strike game more than enough bandwidth to maintain an excellent ping and uninterrupted game. Don't even try telling me that this won't work. I do it here all the time. My ping in the game with and without P2P downloads going crazy are within 5ms of each other. I don't even give a rat's ass about the P2P traffic, cuz it doesn't affect me one iota.

    Computer A once again maxing out the line with bittorrent/Gnutella/whathaveyou. Computer B wants to browse web pages, check email, download some new game patch/demo. Computer B is unaffected, web pages load fine. Email checks fine. Start downloading some new patch/demo, and what happens? Computer B now gets the majority of the line, and Computer A's P2P traffic gets choked almost out of existance until Computer B's traffic subsides. Computer B is completely unaffected by Computer A's activities, yet both are capable of using the entire line.

    What happens if Computer A and Computer B switch tasks? Right, they both see the effects that the other was seeing. The higher priority tasks get first crack at the line, and the lower priority tasks have no choice but to wait it out. Win/Win. Your P2P stuff doesn't interfere with the other more important tasks, yet it still goes on working at the same time. It's just yielding to the more important traffic whenever there *is* more important traffic.

    If you and/or your friend were unable to see this behaviour then something wasn't setup properly. Sorry to tell you, but that way most definitely is not better by any stretch of the imagination. And if I am paying for a line and someone else is freeloading on it, well, too freakin' bad, pull their damn plug. You want to use the line, start chipping in. Not willing to *tell* (not ask) your buddy that's using the line to chip in for the line or lose access, well, that's your own problem.
     
  20. kidkl

    kidkl Network Guru Member

    I understand exactly how L7 filter and QoS works. I also know that layer7 filters in general are very costly to use.

    Again, He asked jsut about caping the wireless bandwdith. With my friend he also just wanted to cap wireless. This is exaclty what it does, thats exactly what he wants. Besides I don't see a L7 filter for bf2 anyway (then again im not running talisman). Also, my friend did not want his roommate to effect his connection in anyway while he was at home, no matter what he was downloading or doing.

    With layer7 filters and QoS setup there is still the possibility of his roommate getting onto one of the higher priority queues and messing with his connection.

    This is still the only way that will work 100% no matter what the guy on the wirless connection is doing.
     
  21. _Shorty

    _Shorty Network Guru Member

    you can make an L7 pattern for pretty much anything, including BF2. I think there already is one potentially working pattern mentioned in the mailing list, actually. Simple to make one anyways, fire up ethereal, fire up game, takes no time at all.
     
  22. peanotation

    peanotation Network Guru Member

    ok, i'm running the alchemy firmware with QoS. everything's been running kosher except.....

    constant and random momentary losses of internet. hooking my comp directly into modem gets rid of the problem, so i know its the router. about once every 15-20 minutes i'll lose my internet connection for about 10-20 seconds. this is excrutiatingly annoying, since counterstrike disconnects instantly when it happens.

    any ideas?
     
  23. peanotation

    peanotation Network Guru Member

    i appreciate everyones input that they've given, but my problem is still not fixed. he's downloading like ape shit right now and i can't even load google.com in under 2 minutes. i've been playing around with the QoS settings all morning and for some reason the firmware just isn't smart enough. i will be buying another router, and capping the bandwidth on the wireless one. makes sense to spend $50 and have a permanent and perfect solution.
     
  24. aramus

    aramus Guest

    Hey!

    Is there any easy way to set up this script in a way that doesn't get erased and loads every time i reboot the router? I am using FreemanBasic 1.04 (i don't find any link to download v1.1 :( )

    Thanks in advance !
     
  25. _Shorty

    _Shorty Network Guru Member

    makes more sense to tell him to smarten up.
     

Share This Page