Solved

Throttle Badnwidth for a public access point...

Posted on 2006-11-29
10
490 Views
Last Modified: 2013-11-09
Hello,

we are using a Linksys WRT54G wireless router at a coffee shop for public internet access.  We have a problem ocassionally where the customers in the shop are still connected, but can't get to the internet.  Our assumption is that this is caused by one of the customers downloading large files, or using some p2p app.  we assume they are sucking up all the bandwidth and none is left over for the other users in the shop to get to the internet.  Obviously since it is a public hotspot, we have no control over what people do while using this AP.

So the question is: is there some type of wirless AP or wireless router that will allow us to limit each wireless user to a certain data rate.  I.e no one can ever have more than 30k per second of badnwidth?  This way even is somoene does come in and try to use p2p apps or download large files, they will not be able to suck up everyone else's bandwidth.  The lowest cost robust solution will be the winner.

Anyone have a suggestion?
0
Comment
Question by:ccarmichael7
  • 3
  • 2
  • 2
  • +2
10 Comments
 
LVL 2

Expert Comment

by:ammowagon
Comment Utility
Best way is free: make a FreeBSD (http://www.freebsd.org/) box and put DummyNet (http://www.freebsd.org/cgi/man.cgi?query=dummynet&sektion=4)
This is both a solution to your problems and it makes it even more secure.
0
 
LVL 1

Expert Comment

by:dskillin
Comment Utility
A way that we've worked around it is to place an ethernet bridge in between the pipe and the AP.

http://tldp.org/HOWTO/Ethernet-Bridge-netfilter-HOWTO.html

Turning on Netem in the kernel you would be able to limit any connection to what ever value you decided.  There are also settings for bursting, to allow full bandwidth for a short period of time, then taper down to a final value.  Bursting helps standard pages to load quickly, while detering the downloaders.

http://swik.net/netem

Run ntop on top of that, and you'll have a very good idea where traffic is going should you want to look at it.

http://www.ntop.org/

These tools will also provide you control, should you require it.

If you were to put a DHCP server on the same machine and use the IP as a bridge instead of a router as I assume you are doing, you would have the ability to monitor and control every piece of traffic that passed through.

Utilizing different DHCP scopes, it is even possible to set up different levels of service.
0
 
LVL 2

Expert Comment

by:JaneArcher1
Comment Utility
set up QOS on the router.
Then you can give http traffice high priority and p2p low priority

so people browsing the web will get fast access. but just as nice, is that if only one person is in the cafe trying to downlaod a large file they will get all the bandwith.

as soon as some one tries to connect to the internet to web browse. the router running QOS will move there date infount of all the P2P data.

QOS = Quility of service. i dont think the wrt54g has QOS on it however. but the wrt54gs dose :) and its only 39 quid at PC world at the moment!!
0
 
LVL 1

Expert Comment

by:dskillin
Comment Utility
The problem I see with straight QOS doesn't deter the large downloads.  DLs over port 80 will keep on moving.
0
 

Author Comment

by:ccarmichael7
Comment Utility
Thanks for the responses guys!  

We would prefer some type of hardware solution, as putting in a linux box on the site will cost for both setup labor and the hardware.  

Is there really no hardware solution out there that will accomplish this?
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 4

Expert Comment

by:dempsedm
Comment Utility
I have a perfect solution for you.  

I install and support networks for hotel rooms as one of my many job functions.  We use Nomadix products.  They act like a router/firewall, but also allow people with misconfigured IP settings to still get access, and also allows for you to limit the amount of bandwidth any one connection uses.  Their base product even has build in WiFi.  It also has a switch so you can plug in additional APs, if needed.  

Here is the product you should look at:

http://www.nomadix.com/products/platforms/ag/

0
 
LVL 2

Expert Comment

by:ammowagon
Comment Utility
Here are some interesting sites for you to look at
http://www.seattlewireless.net/index.cgi/LinksysWrt54g#head-139ad2ceb788f2536f4e4dd6b74efd16f423cc05
http://openwrt.org/
They are based around the router you have using linux and is basically hacking your exsisting router for added functionality. I have never tried this but i thought it was an interesting solution. Warning, obviously flashing the bios of your router can result in complete loss of functionality.
0
 

Author Comment

by:ccarmichael7
Comment Utility
The Nomadix soudns like it is the right device.  Two last questions...

1. Is this thing pretty simple to configure with knowledge of networking, or do they use there own proprietary terms and vernacular?
2.  Just to be clear.  We can use this device to limit all the Wireless users in the coffe shop to x number of kbs per second on upload and download?  i.e. no one can use more than 20kb per second.  So that one user cannot hog all the badnwidfth at the site?

Thank You!
0
 
LVL 4

Accepted Solution

by:
dempsedm earned 500 total points
Comment Utility
1.  I configured the larger enterprise versions of these.  We did have to use a console and command line interface just for the very initial config, then everything else was from Web Interface.  Something that tripped me up the first time was that I didn't know you had to access the web interface from the WAN side of things.  I guess it is a security measure to prevent people inside your coffee shop from trying to configure your Internet access.

I found once I familarized myself with it, it was pretty easy to use for basic stuff.  The user guide was very straightforward.  I think the more complex stuff is doing authentication with credit card service, etc.  This is if you want to bill the users, or tie it into another system.

If you have never used Telnet and command line, it may require you to read the directions for the initial config.  Maybe they don't use the console any more (using a serial cable to connect and set the IP address, password, etc.) or maybe that is only on the larger enterprise versions I've worked on.

2.  The NSE does contain a setting that is something like "limit connections to _____ kbps" which I have used before.  According to their data sheet at http://www.nomadix.com/Files/Downloads/Products/AG_Data_Sheet.pdf "bandwidth management" is listed as a feature, so it should be the case on this product.

If you like, the device also offers home page redirection, which some of my clients use.  You can make them go to www.yourcoffeeshop.com or whatever when they first connect, or even create a page specific for people using the hotspot.

Also something that is cool, you may enter a SMTP server with your authentication info that allows them to do outbound e-mail despite any smtp server settings that they may not like them outside of their usual network.  It bypasses their setting and uses the smtp server you set up.  Pretty slick stuff.

I used to work for a Nomadix parnter company/VAR and resold their products.  These are newer parts that the ones I have, so you may want to call 1-800-NOMADIX for pre-sales questions, just to make sure you got everything covered.  They can direct you to a reseller, or you may be able to find one on the Internet.  Keep in mind that if you find a used or grey market one, you might not have support for it unless you purchase it.

0
 
LVL 4

Expert Comment

by:dempsedm
Comment Utility
Discounted on-line:

http://store.wifi-parts.com/agwihoga.html

Just make sure you get full support from Nomadix as a new product purchase when you buy from someplace like this.
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

If your business is like most, chances are you still need to maintain a fax infrastructure for your staff. It’s hard to believe that a communication technology that was thriving in the mid-80s could still be an essential part of your team’s modern I…
When it comes to security, there are always trade-offs between security and convenience/ease of administration. This article examines some of the main pros and cons of using key authentication vs password authentication for hosting an SFTP server.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now