Share bandwidth evenly....

Hi,

Say we have 5 MBit/s internet bandwidth and around 15 users at one
wrt54gl access point running DDWRT 24.

Which measures should we take in ddwrt's config to make sure that the
available bandwidth would be shared as evenly as possible between these
users..?

Or should we put another firewall product in front of the ddwrt box to
control max bandwidth etc...

How do hotspot manager limit and distribute their available bandwidth...?

Thanks for comments and tips

regards

Tor

Jeff Liebermann skrev:
> On Sun, 22 Mar 2009 23:21:21 +0100, Geir Holmavatn
> <(E-Mail Removed)> wrote:
>
>> Say we have 5 MBit/s internet bandwidth and around 15 users at one
>> wrt54gl access point running DDWRT 24.
>
> Must I say it? Can't I just write it? Is it 5Mbits/sec symmetrical
> or is the outgoing bandwidth somewhat less? If so, how much less?

Ok Jeff,

Sorry about being too short... I'll give you much more details. I just
didn't want to overwhelm you in my initial post... :-|

This scenario is actually in a dorms area of a boarding high school. We
have several wrt54g* running dd-wrt v24 as access points in the
different areas. These wrts are all connected to a pfsense
router/firewall/gateway. Students connect their computers wirelessly
(802.11G only) to the wrts.

The ISP provide the pfsense gateway with 15Mbit downlink and 5Mbit
uplink. All WRTs are cabled together and connected to the pfsense box
with 100Mb ethernet.

When looking at pfsense's bandwidth graphs before, during and after one
student has downloaded a huge file, we see that during the download he
gets almost all of the 'free' bandwidth (which is ok).

However, unfortunately all the other students experience significantly
longer response times (ping / latency) and their downloads / browsing
only seems to share a small bandwidth available to those opening
sessions WHILE there are other huge downloads already underway.

I would like to impose a bandwidth limit of 1Mb or less for each user /
IP so single users don't grab too much of our valuable internet
bandwidth. If this need to be done at the wrt level I wonder if there
are tools available now which enable us to config multiple wrts at a
time either via some kind of centralized gui or by using scripts centrally.

For us it's the internet bandwidth which is precious and I concentrate
on that. I have never heard students complaining that they have slow
access to our intranet's downloading area (which is also available
through the wrt network).

When using wireshark we see relatively little torrent and gnutella
traffic, but in any case we have tried to stop p2p at the wrt level (QoS
as you suggest).

We'll also take the steps to avoid the 'Router Slowdown' you refer to.

So it cooks down to ways to limit internet bandwidth (focusing on
outgoing as you suggest). Any suggestions to this are welcome. I've
also heard that there is a commercial dd-wrt version available, but
haven't yet had time to look into it. Does that version have features
which can help us with our desire to distribute bandwidth evenly?

I'll gladly get you the thinkgeek item mentioned at the end of your post
if you can help us find good solutions and configurations to solve this
problem :-D

Take care :-)

rgds Geir

Geir Holmavatn wrote:

> For us it's the internet bandwidth which is precious and I concentrate
> on that. I have never heard students complaining that they have slow
> access to our intranet's downloading area (which is also available
> through the wrt network).
>
> When using wireshark we see relatively little torrent and gnutella
> traffic, but in any case we have tried to stop p2p at the wrt level (QoS
> as you suggest).

Have a look at installing the ntop module in pfSense. It's buggy as hell and
uses lots of RAM, but other than that it gives lots of insight into network
activity.

> We'll also take the steps to avoid the 'Router Slowdown' you refer to.
>
> So it cooks down to ways to limit internet bandwidth (focusing on
> outgoing as you suggest). Any suggestions to this are welcome.

Have a look at:

http://doc.pfsense.org/index.php/Traffic_Shaping_Guide

If pfSense won't do what you want, you could always look at IPCop instead:

http://www.ipcop.org/1.4.0/en/admin/...rvices_shaping

I built a WAN emulator from a linux box with 2 NICs in. Rate limiting was
the main aim, with latency and packet loss being optional extras. ISTR 'tc
qdisc ...' played a large part in that:

http://lartc.org/howto/lartc.ratelimit.single.html
http://lartc.org/howto/lartc.qdisc.f...LTERING.SIMPLE

Jeff's suggestion of per-station rate limiting by reducing the wireless
connection rate is an ingenious one :-)

--
<http://ale.cx/> (AIM:troffasky) ((E-Mail Removed))
19:34:30 up 108 days, 21:45, 2 users, load average: 0.02, 0.05, 0.00
Sexy ladies, and nasty boys, all freaky freakin', to the robot noise

On Mar 23, 2:50*pm, alexd <troffa...@hotmail.com> wrote:

>
> Jeff's suggestion of per-station rate limiting by reducing the wireless
> connection rate is an ingenious one :-)
>

Actually, I think Jeff is lamenting that this appears to be a solution
but would not be a good idea because lowering the rate would increase
air time consumed and thus further clog the airways.

BUT, seeing that there are multiple APs going, it seems like if 3-5
users share one AP, then limiting the bandwidth to 2 or 6 Mbps
(thruput of 1 or 3) might do the job to spread the load, yet not clog
up the airwaves nearly as much as if one 2 Mbps radio was serving all
15 users. In addition, you would tend to localize any problems so
that only those sharing the saturated radio (if so) would be
affected. Also, you could learn where it tends to happen.

Problem I see is that DD-WRT only limits the transmission rate, not
the total link ? If I look at our DD-WRT router, which is set for
12 Mbps, it shows 12 Mbps for the rate in "Status". But on the pc
end, it shows 54 Mbps as the rate.
If that is not actually true, then connection rate might work for
you.

QOS: If you set up your network so that your APs are also serving
as local routers, connecting through their WAN side, then you could
perhaps control bandwidth through the QOS settings in DD-WRT. I have
not used it, but see that under NAT/QOS>QOS, when you activate it,
there are settings for uplink and downlink max speeds. Again, to do
this, you would have to run each Linksys as it's own router and there
may be consequential problems with that setup...or maybe not? I
would think that intra-networking would be complicated, but perhaps
it's workable.

QOS is still unexplored territory to me, but maybe there's something
there...

Steve

Bill Kearney skrev:
>> Are the WRT54G boxes acting as access points (no router section) or as
>> routers (with double NAT)? The QoS and traffic management sections of
>> the WRT54G are in the router section.
>
> You don't have to run NAT to use it as a router. Are the QoS features
> available when using it as a router in the 'classic' sense? You can
> avoid the DHCP hassles by forwarding the requests to a centralized
> server. Which would have to be configured for scopes supporting each
> subnet of course. An option which would certainly be easier than
> babysitting DHCP servers on multiple low-end routers. You'd also gain a
> bit more logging and filtering options based on the subnet (easier, say,
> to set up on the fly filtering based on IP addresses).
>
> -Bill Kearney

If I uncheck NAT in the wrt boxes , do I need to enter WAN IPs then, or
how's eveything working together in that mode (which I suspect is
'transparent fw mode'. Please elaborate or hint me towards some
informative urls.

/geir

Jeff Liebermann skrev:
> On Mon, 23 Mar 2009 14:01:35 +0100, Geir Holmavatn
> <(E-Mail Removed)> wrote:
>
>> This scenario is actually in a dorms area of a boarding high school. We
>> have several wrt54g* running dd-wrt v24 as access points in the
>> different areas. These wrts are all connected to a pfsense
>> router/firewall/gateway. Students connect their computers wirelessly
>> (802.11G only) to the wrts.
>
> Are the WRT54G boxes acting as access points (no router section) or as
> routers (with double NAT)? The QoS and traffic management sections of
> the WRT54G are in the router section. If this section is disabled or
> bypassed, as is common with multiple AP systems, all the bandwidth
> limiting must be done at the Pfsense (M0n0wall) router.

Yes the wrts are plain access points with no router configured (wan IF
disabled). We have one central dhcp server and all wrts are wired together.

What would the config be if we want to use their router section but
transparently? (We want to still use our dhcp server, if possible).

I'm going to do some tests against our intranet from clients experienced
saturation / slow access during the nights to confirm if the bottleneck
is at the wireless level or a pure internet bandwidth problem.

Results will be posted here in a couple of days...

Finally, does anyone here have comments on centralized management of
several wrt boxes? Does it exist scripting solutions or other
approaches available...?

best regards

geir

seaweedsl wrote:

> BUT, seeing that there are multiple APs going, it seems like if 3-5
> users share one AP, then limiting the bandwidth to 2 or 6 Mbps
> (thruput of 1 or 3) might do the job to spread the load, yet not clog
> up the airwaves nearly as much as if one 2 Mbps radio was serving all
> 15 users. In addition, you would tend to localize any problems so
> that only those sharing the saturated radio (if so) would be
> affected. Also, you could learn where it tends to happen.

If each AP was routing its own subnet rather than bridging, the OP might get
more insight into who is using all the bandwidth.

> If I look at our DD-WRT router, which is set for
> 12 Mbps, it shows 12 Mbps for the rate in "Status". But on the pc
> end, it shows 54 Mbps as the rate.

I wouldn't rely on the rate reported by your PC. I'm pretty sure DD-WRT
limits the rate at the 802.11 layer.

> QOS: If you set up your network so that your APs are also serving
> as local routers, connecting through their WAN side, then you could
> perhaps control bandwidth through the QOS settings in DD-WRT. I have
> not used it, but see that under NAT/QOS>QOS, when you activate it,
> there are settings for uplink and downlink max speeds. Again, to do
> this, you would have to run each Linksys as it's own router and there
> may be consequential problems with that setup...or maybe not?

I've managed to get >25Mbps [ethernet, not wifi] out of a Buffalo WHR-HP-54G
running DD-WRT with NAT turned off, ie just routing. Don't know what model
of APs the OP is using but if it's capable of running DD-WRT then it's
probably capable of delivering at least his internet bandwidth.

> I would think that intra-networking would be complicated, but perhaps
> it's workable.

It's as complicated as 'several' static routes on the pfSense gateway, which
would only need to be done once. Networks upstream of it need not know
about each individual wireless LAN.

--
<http://ale.cx/> (AIM:troffasky) ((E-Mail Removed))
19:01:39 up 109 days, 21:12, 3 users, load average: 0.04, 0.06, 0.02
Sexy ladies, and nasty boys, all freaky freakin', to the robot noise

Geir wrote:

> If I uncheck NAT in the wrt boxes , do I need to enter WAN IPs then, or
> how's eveything working together in that mode (which I suspect is
> 'transparent fw mode'.

If you turn off NAT, you will need to have one subnet per AP. You should be
able to get DD-WRT to forward DHCP requests to your DHCP server. You will
then need to tell your pfSense gateway how to get to each network, and to
make sure pfSense knows to NAT traffic coming from each wireless subnet
before sending it out to the internet. It's really not as scary as it
sounds.

> Please elaborate or hint me towards some informative urls.

For example:

Name LAN WAN NAT?
pfSense 192.168.1.1/24 x.x.x.x Yes
AP1 10.0.1.1/24 192.168.1.101/24 No
AP2 10.0.2.1/24 192.168.1.102/24 No
APn 10.0.n.1/24 192.168.1.10n/24 No

with the WAN of each AP connected to the same switch as the pfSense's LAN.

You would then need to tell pfSense how to reach each wireless LAN with
a 'static route':

http://boedot.files.wordpress.com/20...e-dns-path.png

So, to get to AP1's LAN [10.0.1.0/24], set a static route pointing to
192.168.1.101 as the gateway, and so on for each AP. That's how I'd do it
anyway. You don't need to take a big-bang approach to this; you can move
one AP at a time and see how it goes. Once you've got the static routing
sorted, you could play with RIPv2 if you're feeling brave!

If you absolutely want to stick with a bridged LAN/WLAN, you can traffic
shape by MAC with ebtables on linux generally, don't know about DD-WRT
specifically:

http://ebtables.sourceforge.net/examples/example5.html

--
<http://ale.cx/> (AIM:troffasky) ((E-Mail Removed))
19:16:44 up 109 days, 21:28, 3 users, load average: 0.05, 0.06, 0.01
Sexy ladies, and nasty boys, all freaky freakin', to the robot noise