Solved

Need to limit bandwidth on EVERY IP address on an internal subnet

Posted on 2007-11-28
14
1,237 Views
Last Modified: 2012-06-21
I have a Comcast cable line connected to a few Linksys WAPs, and there are users who are flooding out the entire line with P2P networking I would assume and the line is extremely slow at times.  I need to be able to limit each internal IP address to only take up a portion of the line.  I was basically thinking since the line is 6000/1000, I would limit each IP address to a max of 750/150 or something like that.  For the line to flood, a lot of people would have to be doing things they should not be doing.  Monitoring would be nice, but it is not required.  I think a Linksys WRT54GL with DD-WRT or Tomato firmware might do this, but I am not exactly sure how.  Please post if you have experience doing something like this.  I would also take other suggestions besides the Linksys as long as they are not too expensive.  I need to do this with 5 cable lines, and I really cant spend much more than $250/line.  Thank you!
0
Comment
Question by:mattpayne59
  • 6
  • 4
  • 4
14 Comments
 
LVL 50

Expert Comment

by:Don Johnston
ID: 20366721
Here's a link that details how to do QOS with a Linksys running DD-WRT.

http://lifehacker.com/software/feature/ensure-a-fast-internet-connection-when-you-need-it-326543.php
0
 

Author Comment

by:mattpayne59
ID: 20367663
I dont see anything in that link that will do what I need it to do... At least not very easily.
0
 
LVL 50

Expert Comment

by:Don Johnston
ID: 20367686
> I need to be able to limit each internal IP address to only take up a portion of the line.

So you want to limit bandwidth by IP address?

About a third of the way down the page is an entry titled "Throttle by IP Address"

0
 

Author Comment

by:mattpayne59
ID: 20367706
But I want every IP address in the entire subnet to have the same limits.  Sounds to me like from that I am going to have to enter 255 different entries.  Can it be done with a range command that will do each one seperately?
0
 
LVL 50

Expert Comment

by:Don Johnston
ID: 20367725
I don't know. I've never worked with one of these devices before. I just ran across the link one day and bookmarked it.

I agree though. It sounds like it would require an entry for each device.
0
 

Author Comment

by:mattpayne59
ID: 20367780
Thank you for trying... There must be some easy way to do this with some inexpensive device.
0
 
LVL 50

Expert Comment

by:Don Johnston
ID: 20368213
I'd be surprised if there was. Rate limiting is not a typical feature "low-end" routers.
0
Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

 
LVL 57

Expert Comment

by:giltjr
ID: 20370889
How many total IP addresses are there?

You may want to look at using a "inexpensive" PC running Linux and using some of the features built in to the 2.6 kernel.  Search on netem

You can also look here for various software packages that claim to throttle network bandwidth:

     http://www.linuxlinks.com/Software/Networking/Tools/Bandwidth/
0
 

Author Comment

by:mattpayne59
ID: 20379172
It is a Class C... I would rather not put a PC if I dont have to.  Does the WRT54GL do what you are talking about?
0
 
LVL 57

Expert Comment

by:giltjr
ID: 20379363
Out of the box no.  If you are willing to ruin one I believe that  the WRT54GL run Linux and Linksys provides the source code.  You could always try to build your own code for it that includes that function and the management interface to control it.

You MIGHT be able to use QOS.  It will not limit the bandwidth, but you could set P2P at a low priority and non-P2P at a high priority.  
0
 

Author Comment

by:mattpayne59
ID: 20411671
I bought a WRT54GL and flashed it with the Tomato 1.11 firmware which supports QOS.  I think you might be right that QOS is the way to go instead of limiting each IP address.  So basically I am going to just put DNS and WWW traffic at the highest priority since the people behind it are supposed to just be doing web browsing.  That way this will take priority over any streaming video/music and P2P.  Sound right?
0
 
LVL 57

Expert Comment

by:giltjr
ID: 20413352
It will take priority, but only on OUTBOUND traffic.  That is traffic from you to the Internet.

Say you and I are on your network and I am downloading a file from the Internet.  The majority of the traffic will be inbound and will not be prioritized and could eat up all of the inbound bandwidth.

What bandwidth throttling does is watch the traffic flow and will hold or drop packets as needed to keep a specific connection below the limits you set.   In the case where I am downloading files using ftp, the ack packets going back to the ftp server would be held up or dropped completely.  This will cause the ftp server to pause sending data for awhile.

So QOS alone may not help that much.
0
 

Author Comment

by:mattpayne59
ID: 20413723
This firmware looks like it allows bandwidth throttling because it is allowing me to do QOS in my inbound traffic.  Here is a link to check out the firmware:

http://lampiweb.com/tomato/status-index.htm

If you click QOS, it has different levels where you can specify different types of traffic.  Seems like if I set this up properly (which seems like it is almost the default) I will have small web browsing prioritized and DNS and everything else will have limited bandwidth.
0
 
LVL 57

Accepted Solution

by:
giltjr earned 500 total points
ID: 20414136
Umm, I'm not sure what the inbound stuff does.  If you notice on the outbound it actually shows how much outbound bandwidth at each priority you will get.  For the inbound there is not.

Now what it could do is hold/drop inbound packets, which will delay your PC form sending ack's out, which should slow up inbound traffic.
0

Featured Post

Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Suggested Solutions

Cable Modem Provisioning from DPoE compliant server  This Article is to support CMTS administrators to provide an overview of DOCSIS compliance configuration file, and to provision a cable modem located at customer place from a Back office serve…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now