[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1258
  • Last Modified:

Need to limit bandwidth on EVERY IP address on an internal subnet

I have a Comcast cable line connected to a few Linksys WAPs, and there are users who are flooding out the entire line with P2P networking I would assume and the line is extremely slow at times.  I need to be able to limit each internal IP address to only take up a portion of the line.  I was basically thinking since the line is 6000/1000, I would limit each IP address to a max of 750/150 or something like that.  For the line to flood, a lot of people would have to be doing things they should not be doing.  Monitoring would be nice, but it is not required.  I think a Linksys WRT54GL with DD-WRT or Tomato firmware might do this, but I am not exactly sure how.  Please post if you have experience doing something like this.  I would also take other suggestions besides the Linksys as long as they are not too expensive.  I need to do this with 5 cable lines, and I really cant spend much more than $250/line.  Thank you!
0
mattpayne59
Asked:
mattpayne59
  • 6
  • 4
  • 4
1 Solution
 
Don JohnstonInstructorCommented:
Here's a link that details how to do QOS with a Linksys running DD-WRT.

http://lifehacker.com/software/feature/ensure-a-fast-internet-connection-when-you-need-it-326543.php
0
 
mattpayne59Author Commented:
I dont see anything in that link that will do what I need it to do... At least not very easily.
0
 
Don JohnstonInstructorCommented:
> I need to be able to limit each internal IP address to only take up a portion of the line.

So you want to limit bandwidth by IP address?

About a third of the way down the page is an entry titled "Throttle by IP Address"

0
Free Backup Tool for VMware and Hyper-V

Restore full virtual machine or individual guest files from 19 common file systems directly from the backup file. Schedule VM backups with PowerShell scripts. Set desired time, lean back and let the script to notify you via email upon completion.  

 
mattpayne59Author Commented:
But I want every IP address in the entire subnet to have the same limits.  Sounds to me like from that I am going to have to enter 255 different entries.  Can it be done with a range command that will do each one seperately?
0
 
Don JohnstonInstructorCommented:
I don't know. I've never worked with one of these devices before. I just ran across the link one day and bookmarked it.

I agree though. It sounds like it would require an entry for each device.
0
 
mattpayne59Author Commented:
Thank you for trying... There must be some easy way to do this with some inexpensive device.
0
 
Don JohnstonInstructorCommented:
I'd be surprised if there was. Rate limiting is not a typical feature "low-end" routers.
0
 
giltjrCommented:
How many total IP addresses are there?

You may want to look at using a "inexpensive" PC running Linux and using some of the features built in to the 2.6 kernel.  Search on netem

You can also look here for various software packages that claim to throttle network bandwidth:

     http://www.linuxlinks.com/Software/Networking/Tools/Bandwidth/
0
 
mattpayne59Author Commented:
It is a Class C... I would rather not put a PC if I dont have to.  Does the WRT54GL do what you are talking about?
0
 
giltjrCommented:
Out of the box no.  If you are willing to ruin one I believe that  the WRT54GL run Linux and Linksys provides the source code.  You could always try to build your own code for it that includes that function and the management interface to control it.

You MIGHT be able to use QOS.  It will not limit the bandwidth, but you could set P2P at a low priority and non-P2P at a high priority.  
0
 
mattpayne59Author Commented:
I bought a WRT54GL and flashed it with the Tomato 1.11 firmware which supports QOS.  I think you might be right that QOS is the way to go instead of limiting each IP address.  So basically I am going to just put DNS and WWW traffic at the highest priority since the people behind it are supposed to just be doing web browsing.  That way this will take priority over any streaming video/music and P2P.  Sound right?
0
 
giltjrCommented:
It will take priority, but only on OUTBOUND traffic.  That is traffic from you to the Internet.

Say you and I are on your network and I am downloading a file from the Internet.  The majority of the traffic will be inbound and will not be prioritized and could eat up all of the inbound bandwidth.

What bandwidth throttling does is watch the traffic flow and will hold or drop packets as needed to keep a specific connection below the limits you set.   In the case where I am downloading files using ftp, the ack packets going back to the ftp server would be held up or dropped completely.  This will cause the ftp server to pause sending data for awhile.

So QOS alone may not help that much.
0
 
mattpayne59Author Commented:
This firmware looks like it allows bandwidth throttling because it is allowing me to do QOS in my inbound traffic.  Here is a link to check out the firmware:

http://lampiweb.com/tomato/status-index.htm

If you click QOS, it has different levels where you can specify different types of traffic.  Seems like if I set this up properly (which seems like it is almost the default) I will have small web browsing prioritized and DNS and everything else will have limited bandwidth.
0
 
giltjrCommented:
Umm, I'm not sure what the inbound stuff does.  If you notice on the outbound it actually shows how much outbound bandwidth at each priority you will get.  For the inbound there is not.

Now what it could do is hold/drop inbound packets, which will delay your PC form sending ack's out, which should slow up inbound traffic.
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

  • 6
  • 4
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now