Need help with bandwidth management . . .

.. . . on limited funds.

I will try to be concise, while providing adequate info.

I handle IT for a property management company that recently took over
management of an RV park. This park provides wireless internet for the
residents. Currently, the wireless system consists of 3 ez3 APs
(http://www.e-zy.net/outdoor/3plus/) mounted on poles at the front, middle,
and back of the park, each connected with a cat5e home run that plugs into a
10/100 unmanaged switch that connects to a Linksys WRT54G rev 2 that I
flashed with dd-wrt r23 sp2. The internet pipe is a T1 provided by a local
LEC. We estimate that during the summer the network will need to support
30-50 users.

There are several strategic considerations that need addressing, and the
first one in my opinion is bandwidth management. Just in the last 2-3 days
we've seen the inernet speed drop to a crawl when one or two users start
hogging bandwidth with what appear to be massive downloads. The status
tools in the APs showed download/upload ratios on these users in the 20/1
range. I've got to find a way to impose QoS on the network.

But a big issue for the company right now is cost, so I have very little
budget to work with. So, if possible, I need to use whatever free and low
cost solutions I can come up with.

Thank you for any assistance. Please let me know what information I've left
out.

JM

JM wrote:
> . . . on limited funds.
>
> I will try to be concise, while providing adequate info.
>
> I handle IT for a property management company that recently took over
> management of an RV park. This park provides wireless internet for
> the residents. Currently, the wireless system consists of 3 ez3 APs
> (http://www.e-zy.net/outdoor/3plus/) mounted on poles at the front,
> middle, and back of the park, each connected with a cat5e home run
> that plugs into a 10/100 unmanaged switch that connects to a Linksys
> WRT54G rev 2 that I flashed with dd-wrt r23 sp2. The internet pipe
> is a T1 provided by a local LEC. We estimate that during the summer
> the network will need to support 30-50 users.
>
> There are several strategic considerations that need addressing, and
> the first one in my opinion is bandwidth management. Just in the
> last 2-3 days we've seen the inernet speed drop to a crawl when one
> or two users start hogging bandwidth with what appear to be massive
> downloads. The status tools in the APs showed download/upload ratios
> on these users in the 20/1 range. I've got to find a way to impose
> QoS on the network.
> But a big issue for the company right now is cost, so I have very
> little budget to work with. So, if possible, I need to use whatever
> free and low cost solutions I can come up with.
>
> Thank you for any assistance. Please let me know what information
> I've left out.
>
> JM

BTW - can you get anything besides a T1 ??
Wonder what the cost of the T1 is compared to say DSL or cable ?

Refer to www.dd-wrt.com/wiki/index.php/Quality_of_Service It would appear as
if some users are doing big downloads and setting the priority to BULK may
let them use bandwidth remaining from other "normal" users. Quite a bit of
tuning is available in the QoS section of DD-WRT. You may also wish to
upgrade to RC6 or 7 also.

It may be necessary to impose some user restrictions to basic browsing and
emails and no bittorrent or streaming videos etc. In a shared public arena,
this is not unreasonable. Again DD-WRT is very good.

Peter

"JM" <(E-Mail Removed)> wrote in message
news:vcCdnYv0NsTRWb7VnZ2dnUVZ_r-(E-Mail Removed)...
> . . . on limited funds.
>
> I will try to be concise, while providing adequate info.
>
> I handle IT for a property management company that recently took over
> management of an RV park. This park provides wireless internet for the
> residents. Currently, the wireless system consists of 3 ez3 APs
> (http://www.e-zy.net/outdoor/3plus/) mounted on poles at the front,
middle,
> and back of the park, each connected with a cat5e home run that plugs into
a
> 10/100 unmanaged switch that connects to a Linksys WRT54G rev 2 that I
> flashed with dd-wrt r23 sp2. The internet pipe is a T1 provided by a
local
> LEC. We estimate that during the summer the network will need to support
> 30-50 users.
>
> There are several strategic considerations that need addressing, and the
> first one in my opinion is bandwidth management. Just in the last 2-3
days
> we've seen the inernet speed drop to a crawl when one or two users start
> hogging bandwidth with what appear to be massive downloads. The status
> tools in the APs showed download/upload ratios on these users in the 20/1
> range. I've got to find a way to impose QoS on the network.
>
> But a big issue for the company right now is cost, so I have very little
> budget to work with. So, if possible, I need to use whatever free and low
> cost solutions I can come up with.
>
> Thank you for any assistance. Please let me know what information I've
left
> out.
>
> JM
>
>
>
>
>

ps56k wrote:
> BTW - can you get anything besides a T1 ??
> Wonder what the cost of the T1 is compared to say DSL or cable ?

DSL has a flat rate pricing (but a TOS prohibiting sharing out your
connection). Depending on the speed, its priced generally from $30
to $90 per month for 1.5 Mbps to 10 Mbps.

T1 is distance priced. In a large city, it can be had for around $300
per month. But fifty miles from that city, it may cost upwards $600
per month.

DTC wrote:
> ps56k wrote:
>> BTW - can you get anything besides a T1 ??
>> Wonder what the cost of the T1 is compared to say DSL or cable ?
>
> DSL has a flat rate pricing (but a TOS prohibiting sharing out your
> connection). Depending on the speed, its priced generally from $30
> to $90 per month for 1.5 Mbps to 10 Mbps.
>
> T1 is distance priced. In a large city, it can be had for around $300
> per month. But fifty miles from that city, it may cost upwards $600
> per month.

that was a specific question for the OP can get in their area,
not a generic educational question....

BTW - you might try going to McD's, Starbucks, Panera, etc...
and see with a Ping and/or Speedtest to the outside world,
what kind of service they are using and "sharing" with their customers.
Does it test out as symetrical (T1) or not (DSL/cable).

On Thu, 8 May 2008 22:25:56 -0500, "JM" <(E-Mail Removed)> wrote:

>...that connects to a Linksys WRT54G rev 2 that I
>flashed with dd-wrt r23 sp2.

Old version. Please re-flash with DD-WRT v24 RC6.2.
<http://www.dd-wrt.com/dd-wrtv2/down.php?path=downloads%2Frelease+candidates%2FDD-WRT+v24+RC6.2%2FBroadcom%2FLinksys%2FWRT54GS_v2/>
I suggest the dd-wrt.v24_generic_nokaid.bin version.
The bandwidth managements (QoS) is much better in v24 than in v23:
<http://www.dd-wrt.com/wiki/index.php/Quality_of_Service>

>The internet pipe is a T1 provided by a local
>LEC. We estimate that during the summer the network will need to support
>30-50 users.

Ouch. That's possible, but not likely. All it takes is one P2P user,
and they will saturate all your available outgoing bandwidth. At
least the T1 is symmetrical, so it handle more outgoing traffic than a
DSL line, but it still can be killed by just one user. What you're
really looking for is not bandwidth management. You're looking for
applications control or abuse management. That's not easy.

These daze, users are accustomed to a minmal DSL line with a
1.5Mbit/sec download limit. That's the same as your entire T1 with
30-50 users. Even if you succeed in balancing the load among these
30-50 users, the average performance will be so low, that you're
certain to have 30-50 complaints. What you probably consider abuse,
it common practice on their home connections. I suggest you consider
either a bigger pipe, faster connection, or multiple connections using
a load balancing router.

>There are several strategic considerations that need addressing, and the
>first one in my opinion is bandwidth management. Just in the last 2-3 days
>we've seen the inernet speed drop to a crawl when one or two users start
>hogging bandwidth with what appear to be massive downloads.

Yep. Slimbox downloads of videos. IPTV (watch TV on your computah).
You might consider sniffing the traffic to identify the exact type and
source of the traffic.

>The status
>tools in the APs showed download/upload ratios on these users in the 20/1
>range. I've got to find a way to impose QoS on the network.

That's not P2P file sharing. That's probably IPTV or downloading
videos. Any clue as to the approximate number MBytes or what IP's or
URL's are being used? That should give a clue as to what you're
dealing with.

>But a big issue for the company right now is cost, so I have very little
>budget to work with. So, if possible, I need to use whatever free and low
>cost solutions I can come up with.

The QoS built into the WRT54G with DD-WRT firmware will prevent
saturation but will not stop the abuse. It's easy enough to throttle
specific connections. However, with 30-50 simultaneous users, no
amount of throttling is going to make everyone happy.

>Thank you for any assistance. Please let me know what information I've left
>out.

1. Number of active users. I suspect that there may be 30-50
connections, but they are not all active at the same time.
2. Is there a PC available to do monitoring?
3. Is everyone connected via wireless or are there wired connections?
If wireless, I don't think you are going to be very successful at
distributing more than a T1 to the RV park. If you have conduit in
the ground, or CATV coax to the utility connection, you might consider
going wired instead of wireless.
4. Are all the wireless connections authenticated or is it a free for
all? If open, are you sure that all your users are your RV park
residents and not the neighbors? Do you have a RADIUS server? Note
that DD-WRT v24 includes various built in hotspot front end features,
but requires an external RADIUS server (or service) for
authentication.
5. Are you prepared to bill for excessive bandwidth use? That's the
only counter incentive I can offer for clueless users that think they
own the entire T1.

--
Jeff Liebermann (E-Mail Removed)
150 Felker St #D http://www.LearnByDestroying.com
Santa Cruz CA 95060 http://802.11junk.com
Skype: JeffLiebermann AE6KS 831-336-2558

On Fri, 09 May 2008 09:56:02 -0700, Jeff Liebermann <(E-Mail Removed)>
wrote:

>On Thu, 8 May 2008 22:25:56 -0500, "JM" <(E-Mail Removed)> wrote:
>
>>...that connects to a Linksys WRT54G rev 2 that I
>>flashed with dd-wrt r23 sp2.
>
>Old version. Please re-flash with DD-WRT v24 RC6.2.
><http://www.dd-wrt.com/dd-wrtv2/down.php?path=downloads%2Frelease+candidates%2FDD-WRT+v24+RC6.2%2FBroadcom%2FLinksys%2FWRT54GS_v2/>
>I suggest the dd-wrt.v24_generic_nokaid.bin version.

Duh. I didn't notice that RC7 was out. Try:
<http://www.dd-wrt.com/dd-wrtv2/down.php?path=downloads%2Frelease+candidates%2FDD-WRT+v24+RC7%2FBroadcom%2FLinksys%2FWRT54GS_v2/>
instead.

--
Jeff Liebermann (E-Mail Removed)
150 Felker St #D http://www.LearnByDestroying.com
Santa Cruz CA 95060 http://802.11junk.com
Skype: JeffLiebermann AE6KS 831-336-2558

"Jeff Liebermann" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> On Thu, 8 May 2008 22:25:56 -0500, "JM" <(E-Mail Removed)> wrote:
>
>>...that connects to a Linksys WRT54G rev 2 that I
>>flashed with dd-wrt r23 sp2.
>
> Old version. Please re-flash with DD-WRT v24 RC6.2.
> <http://www.dd-wrt.com/dd-wrtv2/down.php?path=downloads%2Frelease+candidates%2FDD-WRT+v24+RC6.2%2FBroadcom%2FLinksys%2FWRT54GS_v2/>
> I suggest the dd-wrt.v24_generic_nokaid.bin version.
> The bandwidth managements (QoS) is much better in v24 than in v23:
> <http://www.dd-wrt.com/wiki/index.php/Quality_of_Service>

I first used v24 RC5 on a WRT54G v8, but swapped in the v2 with r23 sp2 when
I mistakenly thought the v24 RC5 was not port forwarding. Since my post I
rectified the problem and put the other back in. I'm interested to see what
changes accompany the RC7. Thanks for the suggestion.


>>The internet pipe is a T1 provided by a local
>>LEC. We estimate that during the summer the network will need to support
>>30-50 users.
>
> Ouch. That's possible, but not likely. All it takes is one P2P user,
> and they will saturate all your available outgoing bandwidth. At
> least the T1 is symmetrical, so it handle more outgoing traffic than a
> DSL line, but it still can be killed by just one user. What you're
> really looking for is not bandwidth management. You're looking for
> applications control or abuse management. That's not easy.

All the above, actually. I'd like to have a method of capping each
connection, but I'm sure the equipment to accomplish that is not "free or
low cost." I've worked a couple of hours today with the v24 RC5 firware's
QoS lan port settings, and I cannot get anything consistent. Theoretically,
I should be able to connect each of the 3 APs into one of the router's
switch ports and limit the bandwidth per port (the settings are
256k/512k/1m/10m/100m). However, this does not provide me "per connection"
bandwidth limiting - only "per AP" - and, besides, the lan settings don't
seem to work by the numbers. It does have some effect, but not in any
precise way.

As for applications control, can that be accomplished to any significant
degree by port filtering? Is it realistic that I could sniff the network
over time and identify ports that typically are used for things like music
and video downloads and then block these ports? Are these ports consistent,
or do they differ according to the particular service, vendor, client
software, etc?


> These daze, users are accustomed to a minmal DSL line with a
> 1.5Mbit/sec download limit. That's the same as your entire T1 with
> 30-50 users. Even if you succeed in balancing the load among these
> 30-50 users, the average performance will be so low, that you're
> certain to have 30-50 complaints. What you probably consider abuse,
> it common practice on their home connections. I suggest you consider
> either a bigger pipe, faster connection, or multiple connections using
> a load balancing router.

I broached the topic of more bandwidth the first day I got involved. The
LEC that provides the T1 can bring in "business class" ADSL circuits for
about $80/month (the T1 costs about $350/month). I think the DSL is 4mb/1mb
or so. I like T1s, from a network admin standpoint, but I'm not sure it's
the best solution in this case. It's an easy sell for the LECs, because
it's a dynamic pipe that carries the voice and data. The LEC provides an
IAD (fancy channel bank) and breaks out two connections - one that
terminates on a RJ-21'ish block for the phone system and a 10/100 port for
the customer router. It's a good product, and I've had good experiences
with it for other customers, especially those with bursty voice traffic.
But this RV park almost never has more than two voice lines going at one
time. It has occurred to me that we could get 3-4 copper lines (at ~35 per)
and ~3 DSL circuits for what they are paying for the T1. See, part of the
thought process for the T1 (they used to have 2 with a different provider)
was to provide the guests with phone lines. However, it just hasn't
materialized. Everyone has cell phones, and almost no one needs a dial up
or fax line. There is a fax in the main office for publick use.


>>There are several strategic considerations that need addressing, and the
>>first one in my opinion is bandwidth management. Just in the last 2-3
>>days
>>we've seen the inernet speed drop to a crawl when one or two users start
>>hogging bandwidth with what appear to be massive downloads.
>
> Yep. Slimbox downloads of videos. IPTV (watch TV on your computah).
> You might consider sniffing the traffic to identify the exact type and
> source of the traffic.
>
>>The status
>>tools in the APs showed download/upload ratios on these users in the 20/1
>>range. I've got to find a way to impose QoS on the network.
>
> That's not P2P file sharing. That's probably IPTV or downloading
> videos. Any clue as to the approximate number MBytes or what IP's or
> URL's are being used? That should give a clue as to what you're
> dealing with.

Or music. I've got a Sonicwall SOHO3 that actually provides very good data
of this type. I can stick that in there and watch for a few days.


>>But a big issue for the company right now is cost, so I have very little
>>budget to work with. So, if possible, I need to use whatever free and low
>>cost solutions I can come up with.
>
> The QoS built into the WRT54G with DD-WRT firmware will prevent
> saturation but will not stop the abuse. It's easy enough to throttle
> specific connections. However, with 30-50 simultaneous users, no
> amount of throttling is going to make everyone happy.

That's what I think, too. FWIW, the 30-50 estimate may be a little high,
but still the point remains if the actual use is 20-30 or similar. That's
potentially way too much for a T1. Something I've given thought to this
weekend is an AUP (acceptable usage policy) that is at least posted in the
office, if not made part of the guest contract. Is it realistic that we
whitelist the open ports? I simply don't know enough about the range of
services "needed" for such a population of users. Can one limit the
available internet traffic to "the basics?" Is there such thing?


>>Thank you for any assistance. Please let me know what information I've
>>left
>>out.
>
> 1. Number of active users. I suspect that there may be 30-50
> connections, but they are not all active at the same time.

Well, that's an interesting thing. While monitoring the connections it
appears that many of the connections stay alive constantly, but the internet
usage is "on and off." In other words, I see some MAC addresses maintain a
wireless connection over a period of hours, but the behavior of the user
seems to be on-off, on-off, on-off. I guess this is not so different that
most networks, but it seems like these residents keep the internet up all
the time, and periodically use it for something specific. These kinds of
connections are the usual, and they don't seem to be problematic. It's the
users that obviously are downloading content that are the killers.

> 2. Is there a PC available to do monitoring?

Yes.


> 3. Is everyone connected via wireless or are there wired connections?

The original plan was for both. Conduit is available for the purpose, but
no further network wiring is to be done. There is coax at every "pad" for
TV. I'm relatively sure management is locked into wireless. I do no think
they will consider other options, as long as a solution to the immediate
challenge is within reach.


>Are all the wireless connections authenticated or is it a free for
> all?

The latter, which is regrettable, in my opinion. But management claims that
security measures would be confusing to this particular user population, and
they don't want to give any reason for these users to go elsewhere.

>If open, are you sure that all your users are your RV park
> residents and not the neighbors?

I am not sure. To the contrary, I'm sure that we've basically built a free
WISP. FWIW, this park is relatively isolated, but as we know, it only takes
1-2 abusive users to wreck the whole thing. I'm starting to see some kind
of authentication as a necessity.


>Do you have a RADIUS server?

Not at this time, but I could provide one.

> 5. Are you prepared to bill for excessive bandwidth use?

I'm sure I couldn't get this approved.

Thank you for the discussion.

JM

"ps56k" <(E-Mail Removed)> wrote in message
news:6bQUj.2124$(E-Mail Removed)...
> JM wrote:
>> . . . on limited funds.
>>
>> I will try to be concise, while providing adequate info.
>>
>> I handle IT for a property management company that recently took over
>> management of an RV park. This park provides wireless internet for
>> the residents. Currently, the wireless system consists of 3 ez3 APs
>> (http://www.e-zy.net/outdoor/3plus/) mounted on poles at the front,
>> middle, and back of the park, each connected with a cat5e home run
>> that plugs into a 10/100 unmanaged switch that connects to a Linksys
>> WRT54G rev 2 that I flashed with dd-wrt r23 sp2. The internet pipe
>> is a T1 provided by a local LEC. We estimate that during the summer
>> the network will need to support 30-50 users.
>>
>> There are several strategic considerations that need addressing, and
>> the first one in my opinion is bandwidth management. Just in the
>> last 2-3 days we've seen the inernet speed drop to a crawl when one
>> or two users start hogging bandwidth with what appear to be massive
>> downloads. The status tools in the APs showed download/upload ratios
>> on these users in the 20/1 range. I've got to find a way to impose
>> QoS on the network.
>> But a big issue for the company right now is cost, so I have very
>> little budget to work with. So, if possible, I need to use whatever
>> free and low cost solutions I can come up with.
>>
>> Thank you for any assistance. Please let me know what information
>> I've left out.
>>
>> JM
>
> BTW - can you get anything besides a T1 ??
> Wonder what the cost of the T1 is compared to say DSL or cable ?
>

This is a good line of thought and it figures into my strategy. Please see
my description in my reply to Jeff below.

Thank you,

JM

"ps56k" <(E-Mail Removed)> wrote in message
news:ZB_Uj.2163$(E-Mail Removed)...
> DTC wrote:
>> ps56k wrote:
>>> BTW - can you get anything besides a T1 ??
>>> Wonder what the cost of the T1 is compared to say DSL or cable ?
>>
>> DSL has a flat rate pricing (but a TOS prohibiting sharing out your
>> connection). Depending on the speed, its priced generally from $30
>> to $90 per month for 1.5 Mbps to 10 Mbps.
>>
>> T1 is distance priced. In a large city, it can be had for around $300
>> per month. But fifty miles from that city, it may cost upwards $600
>> per month.
>
> that was a specific question for the OP can get in their area,
> not a generic educational question....
>
> BTW - you might try going to McD's, Starbucks, Panera, etc...
> and see with a Ping and/or Speedtest to the outside world,
> what kind of service they are using and "sharing" with their customers.
> Does it test out as symetrical (T1) or not (DSL/cable).

Good suggestion, thank you.

JM