How many clients are possible?

Discussion in 'Tomato Firmware' started by beder, Aug 7, 2008.

  1. beder

    beder Addicted to LI Member

    Hi guys,
    I am planning to set up a WRT54GL v1.1 for our student apartments.

    How many clients can I connect to the router without getting problems when I use QOS?
    There will be about 50 clients; all of them will be connected through wires.

    Will there be any differences if I use L7, IPP2P or just the port numbers to classify?

    Thanks a lot!
  2. azeari

    azeari LI Guru Member

    50 clients may be a lil much for the WRT54GL, given that it only has 16mb of ram, esp if they all start running BT, which will totally kill it.

    Anyway, L7 and IPP2P is considerably more resource hungry compared to simple port numbers, but its ur call (=

    For 50 clients.. u might wanna consider either a more powerful router, or a mini-standalone-server
  3. beder

    beder Addicted to LI Member

    Thanks for your fast answer.

    Do you have any suggestions for a more powerful router or a mini-standalone-server?

    Maybe I could split the users to 3 WRT54GL. Would something about 20 users be ok?
  4. kameleon

    kameleon LI Guru Member

    You could try the WRT54GS which has 32MB memory. But I personally would try splitting them off into a few "sub-networks" to keep the load down.
  5. ziddey

    ziddey Network Guru Member

    I'd suggest a standalone box to do the job. Students.. torrents will bog a lot. even disregarding qos, just the sheer number of connections will overwhelm easily, especially when you consider your average user isn't going to necessarily know to limit the number of connections and they might try for something wild.

    plus, for example, counterstrike, when you pull the server list and it checks all of them, you'll instantly feel the pain. I have a g54s, and when set to 4096 connections, whenever I pull a new server list or even just refresh the existing list if I'm not filtering a lot, it'll bog down real hard. Dropping to 2048 helps a lot, but if you're dealing with 50 people, that's not too too many connections.

    I ran tomato in a house of 10 people and had lots of crashing. I was able to eventually tune down a lot of variables, but then people complained about random dropouts. I'd constantly see 3 of the guys trying to run around with thousands of connections. :angry:
  6. azeari

    azeari LI Guru Member

    well its really difficult to gauge, i.e. if the 50 users all play nice and don't have torrents going, 2-3 routers should do the job fine, then again if u have crazy torrents flying everywhere, even 10 routers won't be able to take the load.

    anyway, i'm no expert when coming to more powerful routers, but a small DIY'ed-rig with 2 or more NICs, and 512mb ram(more would be gd) would probably be nice for the task. (probably running a linux variant)

    Probably Something like this

    Internet pipe --- Mini-Server --- 4 port Switch --- 3x20 port switches --- all ur clients
    Internet pipe --- Mini-Server(4NICs) --- 3x20 port switches --- all ur clients

    for the switch segment, u might want to chain them (4 port switch to 3x20port switches) to keep costs down.

    As for redundancy, unless u really need the system to never fail, the above should suffice
  7. beder

    beder Addicted to LI Member

    I guess, since all of the users are students, there will be a lot of bittorrent usage....

    I like the idea of azeari very much!
    Actually i have the following solution:

    Internet Pipe ---- modem ---- IP-Cop ------ 3x20 port switch

    The IP-Cop does its job.... but not very well.... Everything is very slow.

    Actually I am thinking about 2 solutions:

    asdfasdfadsfasdfasdfasdfasdfadsfasdWRT54GL (Tomato) ---- 20 port switch
    1. Internet Pipe ----- modem ---- WRT54GL (Tomato) ---- 20 port switch
    asdfasdfadsfasdfasdfasdfasdfadsfasdWRT54GL (Tomato) ---- 20 port switch

    asdfasdfasdfasdfasdfasdfasdfadsfadsfadsfadsfadsfadsf---------20 port switch

    2. Internet Pipe ---- modem ----- Mini Server (3 NICs) -----20 port switch


    asdfasdfasdfasdfasdfasdfasdfadsfadsfadsfadsfadsfadsf---------20 port switch

    What would be the best solution?
    Does anybody have a recommendation for an operating system for the Mini Server?
    Or does anybode have a ideo for a much better solution?

    The Mini server in solution 2 will be something about 500 mhz, 512 mb ram..... It should only be responsible for qos and a firewall.....

    Thanks a lot,

    Sorry for the bad pictures.....
  8. Toxic

    Toxic Administrator Staff Member

    do you need Wireless? if so how many will be using a Wireless connection at any one time.
  9. beder

    beder Addicted to LI Member

    No, nobody will use a wireless connection. Maybe I will set up a wireless connection just for me, but the rest of the clients will be connected with a normal wire
  10. azeari

    azeari LI Guru Member

    well if they're students.. solution 1 might not fit the bill..

    as for solution 2, it should work fine as long as you don't implement complex qos rules based on L7 or IPP2P, cuz those are pretty cpu intensive.

    linux.. hmm for the minimal specs of e server, try something like slackware (=
  11. beder

    beder Addicted to LI Member

    If I would install solution 1,
    only use port-based QOS,
    and limit the maximal connections per user to something about 200 (so worst cast 4000 connections per tomato router),
    would that be possible (or at least a good idea).

    Sure, the 200 connection will slow down the p2p, but thats ok if all the other guys can use the internet in a normal speed
  12. azeari

    azeari LI Guru Member

    yup it'll work, install the speedmod somewhere here.. victec i think, and the tomato should be able to handle abt 8000 connections each tops, and i guess the cpu wouldn't be bogged down if you use only port-based QOS
  13. beder

    beder Addicted to LI Member

    Ok, thats sounds fine.

    I will try the recommendation of rhester77:
    "Set a default class of Lowest and don't try to classify P2P traffic - it is a fruitless exercise in frustration to think you can do so. This means you can throw all the default classification rules out the window."

    If it does not work, did anybody already try the distributions monowall, smothwall or pfsense? Will the qos work properly and will it work with 50 clients?

    Thanks again,
  14. jahonix

    jahonix Network Guru Member

    You could either use DD-WRT which is available for an i386 platform as well as for the WRT54GL or you could use a platform like pfSense/m0n0wall.
    Personally I use pfSense at home and in the office as well as on some client's sites. Works remarkably well. Check out the current 1.2.1-RC1 which IMHO features a completely rewritten traffic shaper which otherwise is to appear in 1.3 (currently alpha-alpha and long way to go).

    Read on their forum to get a picture.
  15. beder

    beder Addicted to LI Member

    Is the traffic shaper in pfsene 1.2.1-RC1 comparable with the quality of service features of tomato? I mean the general qos function, not the graph drawing of such "nice" features...
    I already tried the traffic shaper in ipcop and it was just slow....
  16. Toastman

    Toastman Super Moderator Staff Member Member

    The WRT54GL and Tomato is more than man enough for the job.

    Maybe my experience will help you decide.

    We currently have 83 users in an apartment complex, we use a single network, with one WRT54GL running Victek's modded firmware as main router and 8 WRT54GL's used as wireless Access points. These are connected to the router by cable and an 8 port switch.

    We have no control over what users will or will not use, so rely on QOS and natural cunning to stop them screwing up the network. Be warned, default (sample) QOS rules don't work. As rhester72 has said, don't even think about using L7 or other filters to control P2P, once you do this you are lost. Let all P2P traffic drop through your filters into the default class - make this "lowest". Unless you want to make it a bigger priority, of course:biggrin: If you decide to go down this road, PM me for help with QOS.

    I needed support for more than the default 50 users in static dns and access restrictions, so as to keep unwanted users out. Victek was kind enough to assist me here!

    I would not personally use DD-WRT - it was just too unstable, nor could we get the QOS to do anything useful for us.

    Good luck!
  17. beder

    beder Addicted to LI Member

    Many thanks Toastman, that was what I wanted to hear

    I will definitely go down this road.
    Actually I am planning to buy the hardware.

    Do you think it will work like this?
    asdfasdfadsfasdfasdfasdfasdfadsfasdWRT54GL (Tomato) ---- 20 port switch
    1. Internet Pipe ----- modem ---- WRT54GL (Tomato) ---- 20 port switch
    asdfasdfadsfasdfasdfasdfasdfadsfasdWRT54GL (Tomato) ---- 20 port switch

    Why do you use one tomato router per 10 clients? Do you use WLAN?

    I use dd-wrt at my parent’s house, with two self-built wlan antennas, but they do not use qos. It is running very stable, but I really like (and need) the qos features of tomato.

    I don’t need any kind of access protection, only guys in our apartment complex can connect to the network. So that’s fine! One point less I have to take care of.

    Thanks for your answer in advance!
  18. jahonix

    jahonix Network Guru Member

    I don't know since I never used Tomato.
    The currently available traffic shaper in pfSense (currently 1.2 / 1.2.1) isn't THAT bombastic as the one that will be publicly available from 1.3 on.

    The available Ram in WRT54 boxes limits the number of states. I was able to run out of that when testing it with an eMule client just for fun.
  19. Toastman

    Toastman Super Moderator Staff Member Member


    Yes, I use wireless, it would be too expensive and time-consuming to cable the buildings here. I used to have more AP's but since they all interfere with one another with the limited number of useable channels, I re-sited just eight of them so the coverage was more confined.

    I personally have two methods to connect - wireless and also a cable plugged into a nearby AP's ethernet port. There's no noticeable difference in speed between them unless several people on the same AP all start downloading together - which is to say my speed is limited by the internet connection and not the wireless. [I am currently downloading openSUSE DVD from the USA at 2.2 mbps].

    Your system would be just great wired. I am not sure why you need three WRT54GL's though. Use one as main router, connect your three 20 way switches to three of the WRT's ethernet ports.

    And as you say, you don't need the access controls then. Here, we need it because we make a charge for internet access per computer.

    Without QOS, just a single P2P enthusiast can take all of the available bandwidth. I know --- I am that user :)

    You will find that Tomato with Hardcore's speedmods, also used by Victek, makes a big difference in speed with a lot of connections. I attach a small screenshot of 66 users .... you'll see we use static DHCP to assign a room number as "HOSTNAME" to each PC so that we can see who is doing what - it's much easier to set up QOS like this.

    To jahonix - I never used pfsense :) But I have seen the numbers of connections in Tomato conntrack reach 9000 plus, however I normally prevent it ever going this high with QOS / scripts.

    EDIT: follow this link:

    Attached Files:

  20. beder

    beder Addicted to LI Member

    Thanks for the screenshot, looks very impressive!

    About the 3 WRT54GL's:
    I thought 1 WRT54GL is not enough, because of its relative small ram and the relative low processor speed.....
    So I was thinking about to split the users to 3 WRT54GLs.
    Do you think 1 would be enough for the job?

    Do you limit the number of connections for each user?
    Or do you just try to cath whe P2P traffic with a qos rule?
  21. Toastman

    Toastman Super Moderator Staff Member Member

    Since the main internet router would handle all of the processing anyway, there wouldn't be any point in splitting it into three afterwards, just go with one. It'll do the job. You can't run QOS on the other two, it has to run on the gateway router. You could run DHCP server, etc, on another router but it wouldn't save you much processing power, though it might be protection against dnsmasq going offline on the main router :biggrin:

    Yes, the router *seems* underpowered because we have all gotten used to using PC's with 3GB processors and 2-3GB of RAM. But let's go back to the days when a DX4-100 based PC running as a linux router would handle far more than we are talking about now. And that was with even less RAM. [I can remember what we did with DOS and 640K of memory, we even got excited about HIMEM bringing it up to <gasp> almost a megabyte]. They aren't actually so feeble as we think. I had wondered about putting more RAM in the GL, but was quite surprised to find it works OK as it is. It is an option though.

    I don't limit the number of connections per user, because the rules necessary to do that would conflict with normal QOS rules (look up Robson's script generator). I have not got a mix of rules to work successfully, unless just limiting EVERYTHING on a per-user basis. If you want to try that, then use Victek's IP/QOS which will do a good job, (it is an implementation similar to / perhaps based on Robson but contained in the GUI).

    But I prefer to let any single user have **full** bandwidth available to him if nobody else is using it - I let QOS take care of that.

    My advice would be - buy a single WRT54 and set it up with Victek's version of Tomato. This will allow you to try everything out. You are leaving your options open to use a server if necessary. However, I think you'll rather like Tomato's QOS better then most of the alternatives, because it just works.

    Re P2P - you are right to ask questions because it is always P2P which is a pain in the backside. Those of you who can change your operating environment by configuring each PC (i.e. home users) - will have no idea of what I am talking about. Having 83 uncontrollable and invisible monkeys playing with computers and software which they do not understand and cannot use properly, can do wonderful things to a network :)

    Before I discovered Tomato, we had DD-WRT with QOS that didn't work. The network here was bedlam. Just one particular P2P guy really screwed it for everyone, full bandwidth 24 hours a day - how he even did it I can't imagine as I have never been able to accomplish this myself. DD-WRT crashed every hour or so and often did not reboot itself. I couldn't even access my mail for a week.

    After Tomato - everyone can pretty much use whatever application they like, even up to 8 users can watch IPTV without anyone really being aware of it. I have just opened 6 on this PC while running my SUSE download, popping my mail, and reading this forum. I could never have done this before, everything just timed out.

    We have about 20 regular online gamers who are reasonably happy with the latency now even under full load, whereas before, they stood in hallways immobile until they were killed off. There was not a single user in this apartment complex of >230 rooms who was happy, particularly as they were paying for it. OK - it wasn't much money, but that's not the point. Everyone was frustrated. That's when I took it over and DD-WRT was tossed in the bin.

    SO - the answer is - no, I don't try to control P2P with QOS. I ignore it completely. I try to cover all the other applications first, using port - based rules (there will probably be some unhappy users because I haven't covered "SuperPower_Tunneling_Across_Batman's_Pipe Protocol" - but that's life).

    The whole point is NOT to try to do anything with P2P rules because you will fail. Just let it fall through all of your filters into the default category, and set that to lowest - or even lower - into A to E category - whatever you want. Level 7 filters and IPP2P are ineffective so I don't use them, Rhester7 and I are in full agreement here I think.

    The secret is to remember rule ordering - rules are applied from the top down. Address all valid applications near the top down - UDP and TCP both. I limit UDP traffic of P2P very simply by the use of scripts - and restricting all remaining UDP packets in a rule at the BOTTOM - after everything else (most of these will come from DHT and Kademlia). I put them in a lower bandwidth category than everything else - E - lower than "lowest" - and limit both outgoing and incoming bandwidth to stop DHT/KAD doing any damage while letting a percentage of it through. This is something that everyone will have their own ideas about. If you find something works well, you might consider posting it ...

    This is a list of useful scripts:

    #Limit UDP port opening to 4 per second
    iptables -A FORWARD -p UDP -s -m limit --limit 4/s -j ACCEPT

    #Limit UDP connections per user
    iptables -I FORWARD -m iprange --src-range -p ! tcp -m connlimit --connlimit-above 50 -j DROP

    #Limit max TCP connections per user
    iptables -I FORWARD -p tcp --syn -m iprange --src-range -m connlimit --connlimit-above 250 -j DROP

    #Limit outgoing SMTP simultaneous connections to 10 (takes care of mail bombs)
    iptables -I FORWARD -p tcp --dport 25 -m connlimit --connlimit-above 10 -j DROP

    #Limit total TCP connections to 4000
    iptables -I FORWARD -p tcp --dport 1:65535 -m connlimit --connlimit-above 4000 -j DROP

    You will find the pie charts invaluable to see what effect your rules have. Set up a rule and put it into a category, say A - a nice brown colour on the piechart - and then go look at the chart to see if your rule is working. Don't get overly fussy, some packets leaking into other bands is OK, as long as it doesn't make a huge difference to the overall picture. You'll also find a fair bit of traffic you can't identify - it'll end up in "lowest" - usually this is OK too. Depends if anyone complains - in which case you'll be able to get more information.

    Tomato's QOS is superb, you'll spend several thousand happy hours playing with it :biggrin:

    Hope this helps... it's a long post, but I wanted to encourage you (and others) by sharing my experiences.
  22. bigclaw

    bigclaw Network Guru Member

    I used to be a control freak and set up all weird QoS rules. Then it just dawned on me that the default Tomato QoS rules do 99% of what I want anyway. I think the only custom rule I have right now is that of an IPTV (by MAC address).

    A related topic is port forwarding. All my p2p applications support UPnP, so I just let them and the router figure out the forwarding part.

    I guess my usage pattern is pretty simple. Some of you may not be.
  23. spliff

    spliff LI Guru Member

    Toastman seems to know what he is talking about. I pretty much agree with everything he's said.

    I've used DD-WRT and the QOS was unstable when pushed to its limits. I've used PFSense and its QOS is overkill. IMO it is a bit over-engineered. Its a complete PITA to set up through the webui. The PFSense team knows that QOS is a current weak point and there are efforts to get them off ALTQ and onto something like monowall or Tomato.

    Tomato thus far has the best reliability and QOS I've come across. As mentioned, forget about L7 filtering, its too unreliable and uses too much CPU. Tomato is also much faster than DD-WRT. I tested WAN-LAN throughput on my ASUS WL-520GU. Tomato gave me 38 megabits where DD-WRT was only good for about 25. That was with the default 1.17ND firmware.

    The only thing I would like to add would be to use a ASUS WL-500G Premium v2 (32MB RAM), ASUS WL-520GU (16MB RAM), or a Buffalo WHR-G125 (16MB, not sold in US anymore). These routers have the BCM5354 which runs at 240mhz and should be noticeably faster than the WRT54GL. They also have better wireless sensitivity than older routers.

    In summary if it were me I would buy a WL-500G Premium v2 with the wireless disabled for the main router. This is because wireless uses CPU and the ASUS WL-500 Premium V2 has 32MB or RAM. Then buy a couple of WL-520GU's for access points. Its a pretty decent network on the cheap.

    Good luck

    BTW What kind of connection will you be getting?
  24. Toastman

    Toastman Super Moderator Staff Member Member

    Spliff's comment about the ASUS WL-500G Premium v2 (32MB RAM) makes sense. 32MB RAM as standard might give you some insurance. I haven't seen them for sale over here though. BTW, the WRT54GL can be set to run at 233 or 250 Mhz with a startup script and is normally stable, requiring no extra cooling.
  25. azeari

    azeari LI Guru Member

    hmm sry toastman but i'll have to disagree somewhat with 1 router being able to handle the load from that many users (=

    my experience in my own network at home(with a crazy brother who opens 7-10k connections on his torrents) has been less than easy-going on the router, and it occasionally kills off my dnsmasq due to memory issues(yup u probably know where that comes from).
    Note: Well i am on a 16mb ram WRT54GL, so yups (=
    Try multiplying that by 50 users and you'll get what i mean (worst case scenario)

    anyway, as for QOS.. i totally agree its IMPOSSIBLE to use L7 or IPP2P to control P2P in any possible way. I do the same here, i let them fall off into the default category, then prioritize the more latency-sensitive stuff on top of it.
  26. Toastman

    Toastman Super Moderator Staff Member Member

    Using QOS in multi-user environments

    Yes, of course - if you let people open that many connections then it will kill off even enterprise-class routers. The whole point is this - you have to prevent that many connections from being opened. How you do that, while still running QOS that will let people use available bandwidth when available, is a bit of an art. There is no perfect or "single" way to do it, and it is something that you can keep refining. But there is a point at which it all works well enough and it's time to leave it alone.

    You also need to juggle with conntrack settings, and try to close down unwanted connections as fast as you can without killing off applications. The whole thing takes a very long time to learn and get right, and if you don't try everything, and watch and learn what happens, then of course you won't get it to work to it's full potential. I am sure that's why rhester79 wanted to make his point about "throwing default QOS rules out of the window".

    I'd also like to make a point here - I've sent several people my QOS setup, and they have all immediately changed it, because they didn't agree with why a particular rule was set up the way it was, or why it was at a certain point in the ordering. Of course it then broke and then they have all complained it didn't work. Just a very small change made without deep consideration will often screw up everything. That's why I want to emphasize that it is something you must get to understand or you won't succeed.

    My guess is that your QOS and Conntrack settings are simply not good enough to prevent your crazy brother from running amok :biggrin:

    The biggest problem with P2P is DHT and Kademlia, which aren't really so important. You can cut Kademlia outgoing UDP down to almost nothing and the Kademlia system will still still function to get files, albeit perhaps more slowly. I use Kademlia a lot, and it still works for me. Most of the UDP traffic seems to go in useless peer tracking.

    I have yet to notice DHT in uTorrent doing anything at all for me. I never found it making any difference to my downloads whether on or off. In fact, I killed off outgoing UDP for several clients using uTorrent, and their downloads did not change at all when I monitored them using Tomato graphs. Asking a few of them, they had not noticed any difference either. But everybody has DHT switched on, I think it is the default. Worldwide, DHT must be responsible for a HUGE amount of wasted bandwidth.

    So if you can't get people to switch it off, you must switch it off on their behalf:rolleyes:

    You can limit TCP and UDP by the use of the following scripts - there is also one for controlling the number of SMTP ports which will prevent virus mail bombs from bringing down your system.

    #Limit UDP from all users to 4 per second
    iptables -A FORWARD -p UDP -s -m limit --limit 4/s -j ACCEPT

    #Limit UDP connections per user
    iptables -I FORWARD -m iprange --src-range -p ! tcp -m connlimit --connlimit-above 50 -j DROP

    #Limit max TCP connections per user
    iptables -I FORWARD -p tcp --syn -m iprange --src-range -m connlimit --connlimit-above 250 -j DROP

    #Limit outgoing SMTP simultaneous connections to 10
    iptables -I FORWARD -p tcp --dport 25 -m connlimit --connlimit-above 10 -j DROP

    #Limit total TCP connections to 4000
    iptables -I FORWARD -p tcp --dport 1:65535 -m connlimit --connlimit-above 4000 -j DROP
    Take a look at the 3 attached jpg files.

    There aren't many users online at the moment, but there are at least a couple of P2P-ers running uTorrent with DHT enabled. There are 22 connections in "lowest" which are actively downloading files, and 129 in category "E" which have been throttled down to 1.14kbit/s ... get the idea? Note - there are 255 active in HIGH, which is mostly HTTP traffic. 11 active DNS and streaming video control connections in Highest. Total outbound is 343 kbit/sec which is close to the limit of my so-called 512k uplink.

    The second jpg shows the current Static DHCP list with 82 users. The third is of the forwarded UPnP ports, showing that 1 Bit Comet, 2 Limewire, Three uTorrent clients are online. The rest are mostly Messenger.

    BTW, I also had the problem with dnsmasq being killed off, but this sorted the problem and it hasn't happened for some while now. But that is a point with which I personally want to experiment, with a function to trigger the "close unwanted connections" function which you can see in Conntrack, before things go pear-shaped. For me, it is not acceptable for a product to allow itself to get into a situation where it's behaviour is unpredictable. If it is about to die, and it can be predicted, then it should flush everything and restart.

    But I digress.

    This complex has been running one WRT54GL gateway router 24 hours a day for months now, and with Tomato replacement firmware, works better than any router I've ever used, including the much more expensive Cisco's in our offices.. Here in Bangkok almost all residences and smaller hotels use the WRT54GL because of it's price and availability. A lot use commercial firms setting up useless hotspot software (with no QOS and hence dysfunctional) and charging for access via a card. Put bluntly, not many people have a system that works simply because they believe it is a product that they can just buy and hang on the wall. Of course, all of us here know that life isn't like that. It works in that people have "access" to the internet, but they quickly find that it is just "access" with no functionality.

    I'm getting a steady stream of people coming to look at the setup here, because the residents of this place have been talking with residents of other blocks - and they tell the owners - and they want to know more (it is actually a big headache because I have neither the time nor the inclination to support them). You see - working internet = full rooms :halo:

    So all I can say is, not only is it possible, it can and does work. It's been working here for many months.

    That's why I came on here to encourage beder (and others) to try it. If it doesn't work for him, then he hasn't lost much - a few dollars, and some time :biggrin:

    Attached Files:

  27. wdca

    wdca LI Guru Member

    I have got about 120(3x inet connections [24mbit]) users connected to a WRT54G v2.2 which is load sharing (TrzepakoTomato) the essential traffic to another 2 routers(WRT54G v2.2 and WRT54GL v1.1).
    On every router is QoS enabled and configured for a specified purpose.
    What counts.... that it is running hilarious :)
    The traffic goes up to 18mbits and 1000-1300 pps
  28. azeari

    azeari LI Guru Member

    yeah well tts true.. i can't limit my brother totally without him coming over to my room to complain every once in awhile, and it doesn't help that my parents refuse to let me shut my bro out of the router either (=

    well if your connections are limited in that way, i'm sure it'll work fine, its just how accommodating you are with p2p as a whole.
    If u do wanna be totally accommodating, the lil blue box won't cut it (=
  29. Toastman

    Toastman Super Moderator Staff Member Member

    Tomato QOS DOES work if you get it right...


    I hear what you say, but there are about 25 regular P2P users here who would most definitely not agree with you. Yes, they'd all like full bandwidth ALL of the time, but that isn't the point of QOS. The blue box is quite clearly "cutting it", and very well too.

    Let me put it this way.

    Anyone here can use P2P. If nobody else is using the web, he gets 90% of full bandwidth. If more P2P users come on, the whole lot of them share that 90%. If someone comes on to browse a web page, he isn't aware of them at all. Their P2P backs off to let them use the web. Web pages come up very fast, half to one second for the typical local pages. If someone else wants to watch IPTV, then he does it, I give web TV priority over P2P. The P2P *always* backs off to let all supported applications work. (Of course there will be some applications I haven't catered for or don't know about, which will share the "lowest" category with the P2P).

    As far as the P2P itself goes, I don't think any user would ever know he has been restricted in the usage of DHT and Kademlia UDP.

    Yes, we're accommodating to everybody. If we weren't they would leave the building, and we would lose the rent, you see. That's why it HAS to work. What I am trying to tell people is - if it doesn't work for you, then you probably are doing something wrong. It is not the fault of the router!

    to Maciej, wdca - wow !!! Thanks for confirming what i am trying to tell people !
  30. Toastman

    Toastman Super Moderator Staff Member Member


    I've looked at the Polish website, and can't make much out of it - so been guessing..

    I think you do the load sharing by randomly passing traffic to other router/adsl setup? The '--gw' and 'random' commands in your script don't work in normal tomato - so I guess that's the mod? It wasn't clear in your original post.

    I am interested in that, as I have some routers on my network connected to spare ADSL lines, at present just a few people are using it under the authority of a script. but I like the idea of sharing the load between all users, without having to have a router with two WAN ports.

    Can you explain how you do it?
  31. wdca

    wdca LI Guru Member

    Mainly it's very simple.
    1. Install TrzepakoTomato
    2. Configure QoS on the router(s)
    3. Set up the tcp/ip configuration as it is showed on the images.
    Example 1.
    One network and few routers based on the same layer, ip pool an so on...i'm using this solution - imho it's the best because the qos management is attached directly to a router and the router itself "sees" the users. Of course all routers has Trzepako mod installed.

    *Login on the via ssh
    There are several ways to load share the traffic.
    -Split traffic by port:
    iptables -t mangle -A POSTROUTING -p tcp --dport 80 -j ROUTE --gw
    This rule moves the www traffic to the router.
    -Split traffic by specified ports:
    iptables -t mangle -A POSTROUTING -m mport --source-ports 80,443,25,22 -j ROUTE --gw
    This rule moves the http,https,smtp,ssh to the router.
    -Split traffic by port range:
    iptables -t mangle -A POSTROUTING -p tcp --dport 1:1024 -j ROUTE --gw
    This rule moves the traffic of the essential ports to the router.
    -Split traffic by ip range:
    iptables -t mangle -A POSTROUTING -p tcp --dport 1:1024 -m iprange --src-range -j ROUTE --gw
    This rule moves the traffic from the ip range of the essential ports to the router.

    Example 2.
    One router few isp gateways.
    The use is simultaneously.
    *Login on the via ssh
    There are several ways to load share the traffic.
    -Split traffic by port:
    iptables -t mangle -A POSTROUTING -p tcp --dport 80 -j ROUTE --gw
    This rule moves the www traffic to the router.
    -Split traffic by specified ports:
    iptables -t mangle -A POSTROUTING -m mport --source-ports 80,443,25,22 -j ROUTE --gw
    This rule moves the http,https,smtp,ssh to the router.
    -Split traffic by port range:
    iptables -t mangle -A POSTROUTING -p tcp --dport 1:1024 -j ROUTE --gw
    This rule moves the traffic of the essential ports to the router.
    -Split traffic by ip range:
    iptables -t mangle -A POSTROUTING -p tcp --dport 1:1024 -m iprange --src-range -j ROUTE --gw
    This rule moves the traffic from the ip range of the essential ports to the router.
    Example 3.
    LOAD BALANCE - only with udp.
    The original LB works only with isp support so the tcp sessions are working fine (the session is stable)
    You have got 2 gateways and
    To split udp traffic randomly:
    # iptables -A PREROUTING -t mangle -p udp -m random --average 50 -j ROUTE --gw
    # iptables -A PREROUTING -t mangle -p udp -j ROUTE --gw
    # iptables -L PREROUTING -t mangle
    Chain PREROUTING (policy ACCEPT)
    target prot opt source destination
    ROUTE all -- anywhere anywhere random 50% ROUTE gw
    ROUTE all -- anywhere anywhere ROUTE gw
    Have Fun!
    Sorry for my lame eng :)
  32. Toastman

    Toastman Super Moderator Staff Member Member


    Thanks for the reply and the sample scripts. I'll have a think about how it can help me here. I have spare ADSL lines going to some of my AP's - and this is a way to make them useful. At the the moment just a few exclusive clients have them all to themselves :redface:



    After a lot of experimentation, I found the use of these two ipt commands wasn't so useful as I had hoped for various reasons. I am currently splitting traffic between two gateways by MAC address, using the "red" tag method - example for one user given below:

    dhcp-mac=red,00:16:44:D7:AA:A5 #Redirect this user to the 2nd gateway
    dhcp-option=net:red, 3, #Assigns "red" to the second gateway
    dhcp-option=net:red, 6, #Assigns "red's" DNS server to 1st gateway
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice