Slashdot Mirror
P2P Traffic Shaping For Home Use?
An anonymous reader writes "My housemate uses an aggressive P2P client, that when in use makes the Internet unusable for everyone else connected to the network. After hearing about various ISPs shaping traffic to reduce P2P traffic, I was wondering if there was a solution for managing P2P traffic on a home network. I have a Linksys WRT54G available for hacking. Can Slashdot recommend a way to reduce the impact of P2P on my network and make it usable again?"
Install OpenWrt, then:
/etc/config/qos
ipkg install qos-scripts
vi
[ enter your linespeed in the right place ]
qos-start
Just set up QoS such that VOIP, SMTP, HTTP, HTTPS, and whatever else you care about gets prioritized.
you can put it between the router and the net if you're using the wireless capabilities.
a forum about traffic shaping with smoothwall
http://www.linux-noob.com/forums/index.php?s=dffc19493975498724b50564217f05e4&showtopic=3250&pid=11502&st=0&#entry11502
smoothwall linux
http://www.smoothwall.org/
https://www.gnu.org/philosophy/free-sw.html
a. 1st off and most importantly make sure the internet connection isn't in your name so you are not the one who gets sued by the RIAA b. go get DD-WRT (check your WRT54G version..later one's suck) then set up the traffic shaping QoS feature. http://www.dd-wrt.com/wiki/index.php/Quality_of_Service
actually I am happy to see you, however that is in fact a banana in my pocket.
as opposed to using traffic shaping, you can force the guy to switch clients to azureus http://azureus.sourceforge.net/
in advanced mode, you can set upload and download maximums, if you plan on allowing this, and using latency specific online gaming, you should set the limits to HALF of what azureus is capable of without anyone using the internet.
https://www.gnu.org/philosophy/free-sw.html
I have the same issue at home, except I'm the one who is running bittorrent. As of right now, it is not perfect, but it has greatly improved since I started doing tweaks. The first thing I did was install DD-WRT on the router. After that, I maxed the connection limit to 4096 and set the timeout to a low setting, like 5 minutes. From there, I did some modifications to the QoS settings. If a wired connection is used, set his connection to the lowest priority, and the rest to the top priority. This is not perfect, so I'm still tweaking things to obtain a better outcome. The other suggestion is to tell him to use the scheduler feature found in the bittorrent client; a little bit of downtime at peak times goes a long way to keep harmony at home. -Lilkat
That would be my suggestion aswell...
Besides, whatever client he is using, must have its own throttle, tell him/her to set it to like 75% of what the line can handle.
Some have timers too, so it can be 50/50 during multiple use, and 100% when he's the only one. Which is far easier than tweaking/hacking something you don't really use that often, and you may want to allow other software to use 100% (or as much as possible) on his machine (file sharing over the network, etc).
Raise priority for
- Web (Http and https, maybe also 8080)
- DNS (UDP:53)
- Mail (SMTP, IMAP, POP3 (including SSL versions))
- IRC (if you use)
- FTP
- SSH, Telnet
- All TCP acknowledgement packets.
- Maybe some gaming protocols (Directplay, WoW, etc - these unfortunately require checking docs for each game)
that way, you have whitelisted most of the "interactive" protocols that suffer from loaded link. No need to keep chasing after the latest encrypted, onion routed P2P application that happens to be flavor of the month. The biggest problem is the online gaming stuff.
It also has QoS features, and a nice AJAX interface.
When I bought a WRT54G I had the same problem... mine is v6. Apparently after v4 Linksys(or more accurately Cisco, who owns them) lowered the internal memory to lessen the effectiveness of third party flashing. Unfortunately in doing so, they made their routers horrible. There isn't enough memory to hold larger IP tables, so bittorrent traffic and the like bogs it down until it needs a restart. DDWRT helps a little, in that you can schedule restarts to go every hour or so, but the sporatic connection is less than ideal. My solution was similar to the above. I just used my older model wired Linksys router to handle all the IP routing and set the WRT54G(with DDWRT) as a pass-through device. It's unfortunate that they felt like crippling a perfectly useful router just because free firmware made it competitive with their high end products.
http://games.dlink.com/products/?pid=370
Works well, but is rather expensive. Has an oversized NAT table to help with UDP server pings, so this will remedy and torrent problems you might have with your current setup.
QoS system is fairly flexible with an intuitive GUI and many preconfigured service options.
Has an option to pack the output frames completely (harms XBox Live possibly) as well as delay non-prio packets in favour of VOIP/gaming/as you configure.
Matt
http://www.openbsd.org/cgi-bin/man.cgi?query=pf.conf 'nuf said
If you are both roommates, and share the Internet, it is unfair for one person to disrupt things such that no one else can access the Internet. Otherwise make him pay for his own line and he can do whatever he wants. You don't all want to get in trouble, right?
In the Administration section, on the Management page, make some changes to the IP Filter Settings. Set the Maximum Ports to 4096 (the maximum), and the Timeout values for both TCP and UDP to 120 seconds.
Running Azureus used to kill all the other network activity on my LAN. These changes made all the difference in the world.
Lemmings are silly; dinosaurs are extinct.
Yea, I finally gave up on DD-WRT. It was unstable and a resource hog. Tomato is a MUCH better option if you want a web gui.
My pings dropped 10ms and the QOS actually works.
Gone!
Good point. How 'bout a wikipedia link for the WRT54G, with entries on available firmware?
Don't tell me to get a life. I'm a gamer; I have LOTS of lives!
Any WRT54G model before v5 can be modified easily, v5+ can sometimes be modified with DD-WRT. And of course they still sell the GL, which is quite worth the price ($60 on amazon) because of how useful it becomes with this alternate firmware. The GL can also be modified and has the advantage of still being sold under a clear model number, so you know you can mod it, unlike others.
On the other hand, there is awesome shaping available in tomato firmware, it can classify traffic and show you what percentage of your traffic was in each class.
http://www.polarcloud.com/img/ssqosc108.png
http://www.polarcloud.com/img/ssqosg108.png
http://www.polarcloud.com/tomato
To hack a wrt54g, you either need an old one (v1-3, I believe) or the hacker friendly WRT54GL. The newer versions don't run linux.
OpenWRT hardware requirements If it's version 4.0 or earlier (or the L model), it has enough RAM and flash (16MB, 4MB respectively) to run OpenWRT, or other wrt54g-friendly distributions. (OpenWRT is pretty cool; it has an olsrd package you can install from the web configurator, and with a little bit of effort you can make an ad-hoc mesh. Not useful for traffic shaping, but interesting nonetheless. I expect there are probably tools available to do traffic shaping with OpenWRT as well, I just never needed to mess with that.)
Grab the Tomato firmware for your Linksys. Tomato's QoS features are much easier to configure than others like DDWRT. With Tomato, you don't need to be a Linux networking guru to do what you want. Tomato also handles P2P very well. You can pound a WRT54 running Tomato with heavy P2P traffic 24/7 for months with no perfmrance problems. No resets required. Grab it here http://www.polarcloud.com/tomato/
"Liechtenstein is the world's largest producer of sausage casings, potassium storage units, and false teeth."
use "Tomato" - it lets you dynamicly change the priority of a connection depending on the upload/download size.
eg. you can say all HTTP downloads over 1MB get lower priority. It will also work for keep-alive connections so it will work if your flatmate is downloading "a whole website" (since the total size of the site is over 1MB)
I have a Linksys wrt54g v8 and it has some good QoS options with the native firmware. You can restrict usage and bandwith by mac address, by the ethernet port your roomie's computer is connected to, or even the classic, by the tcp port. You can also set or deny different services depending on the time of day, and computer using them too.
As someone mentioned in a previous post, it's much easier to just whitelist priorized services such as ssh, telnet or gaming protocols than wasting too much CPU cycles on detecting obscure P2P protocols with layer 7 filters.
... ...
Personally, I use iptables & tc to setup a simple HTB (Hierarchical Token Bucket filter) system with 3 priority levels:
- Interactive: SSH (with Minimize-Delay TOS-Flag), Telnet, Jabber,
- Medium: HTTP, IMAP, SMTP, POP3,
- Low: All the rest
Shaping the upload speed is my only concern. All 3 classes may use the complete upload bandwidth. The interactive HTB class gets a guaranteed 90% of the bandwidth and a high burst value. The lowest HTB class has a burst of 0 and about 5% guaranteed upload speed.
While this is only primitive setup, it allows lag-free ssh with an unlimited upload in the background.
An in-depth how-to about the Linux Traffic Control system: http://www.tldp.org/HOWTO/Traffic-Control-HOWTO/index.html
A short pragmatic example using HTB & SFQ can be found here: http://gentoo-wiki.com/HOWTO_Packet_Shaping
From the uTorrent FAQ: "The default firmware for Linksys (and all replacement firmwares except for the latest DD-WRT and HyperWRT Thibor) have a severe problem where they track old connections for FIVE days, which causes the router to hang when using P2P apps, or any software that generates a lot of connections. DHT only aggravates the situation because of the number of connections it generates."
Does NOT apply to WRT54G/GS v5 and up.
HTH
For the tiny bit of extra money however, the GL is definitely worth it in terms of hacking.
"He who can destroy a thing, controls a thing." --Paul Atreides, Dune
but you want to tell everything you know about "P2P traffic shaping for home use" and be useful to more people.
This won't be directly helpful to the submitter (he's working with a WRT54G), but this is how I do it in Linux. Set up the shaping rules with tc. Classify traffic with iptables. Examples follow:
In order, those commands establish a htb scheduler with a celing of 632,320bit/s (you have to set this around 70-80% less than your actual upload to force the packets to queue at your box and not the dsl/cable modem), then establishs children underneth it for each class of traffic. The children will get AT LEAST the specified rate and when extra is available will borrow it according to their priority number. Prio 0 gets all extra bandwidth until satisifed or no more exists, then prio 1, prio 2, etc, etc.
The second set of commands attaches a fair queuing algorithm so individual connections within those classes will share the bandwidth (more) fairly.
From there it's just a matter of using iptables to classify the traffic. This example shoves all bittorrent traffic into the lowest queues. We assume that anything coming from 172.25.42.254 is bittorrent traffic because we add that as a second IP address on the client behind NAT and make Azureus bind to that IP (all other traffic goes out on the default IP).
Those commands
I want peace on earth and goodwill toward man.
We are the United States Government! We don't do that sort of thing.
I had a REV 8 linksys and it would be perfect as it LOCKS up on max bandwidth. The internal webserver also crashed and it won't take open source firmware. I got a good one when I bought a Buffalo that rocks, just before a texas judge stopped their product from being sold here.
;)
DD-WRT would do that easily. It can do it to wireless as well. Look for a compatible router, preferably one that can take a full install and strangle their link.
http://www.dd-wrt.com/
I'd go on a Vegan diet but the delivery time from Vega is too long. --brownkitty
My understanding is the motivation was primarily cost. VxWorks runs on less hardware, and presumable the amount saved my reduced flash is greater than the per seat license cost for VxWorks?
>It's unfortunate that they felt like crippling a perfectly useful router just because free firmware made it competitive with their high end products.
Due to popular demand its back as the WRT54GL
"Tomato is the way to go, as half of the posters seem to be saying."
my original suggestion was to use smoothwall's QoS. but some people felt tomato would be better than a smoothwall setup, the only reason i like smoothwall is you don't need to flash a hardware router, and if you use an older PC it will use less power running smoothwall than it ever did running windows, for whatever reason any PC from the 486 on, always uses less power running free open source software than running windows, i think it's the 'system idle thread' i think it literally makes the cpu busy out rather than fall asleep...
never had a problem with a Linux or BSD system doing no CPU activity, just routing a few packets and letting the cpu idle and use any on chip power savings... when i first switched my 486 from 24/7 windows to 24/7 freebsd (in 1996) i saved $10 a month in electric bills. (i still have the bills but they're in storage) plus, i never had to reboot freeBSD windows would crash every week.
https://www.gnu.org/philosophy/free-sw.html
I use ipcop http://www.ipcop.org/ for my home network - it's all of about 40 megs (well it was, I see the new update is quite a bit bigger so I may be low on that figure) and can run on any old pc lying around.
It can do the traffic shaping you're wanting, plus, I found, especially when I am doing p2p downloading or some online gaming, my old netgear (very old) couldn't keep up and would drop packets. I saw my download speeds go up significantly and I have the opportunity to do traffic shaping if needed.
It's free (donation) and very simple to set up. You don't have to be a linux guru to set it up, it has a web based interface for configuration.
It works great for me.
Illiterate? Write for free help!
Even the most expensive residential router chokes on the shear number of connections your average P2P client tries to maintain.
I modified my WRT54G's setting to be just a wireless access point and switch by disabling the DHCP server - then built a cheap Smoothwall firewall using an old P3 800Mhz with a pair of pci nics.
DSL -> Smoothwall -> LAN Port 1 on WRT54
Leaving the WAN port unused, I still have three ports for wired PCs (nearly unlimited with the addition of more switches) and wireless works without a hitch. The WRT's job is just to be a switch and manage wireless authentication and encryption.
The Smoothwall easily handles the traffic without slowing down other clients and (bonus) has QoS built in.
It also provides web caching, email antivirus, DNS, NTP, Snort IDS, and so much more.
Oh, and it's totally open source and available for download from smoothwall.org
i used to have a wrt54gl and it's a great router. there is a good chance if you don't know the L is on the model name and the router was bought within the last year it's the crummy non-moddable version, but in case it is, i highly recommend tomato firmware, it pretty much sorted out my network sharing problems with a flatmate who streamed video constantly clogging up the unlimited 512kbps line i had set up. once i was running tomato and downgraded his QoS priority everyone else (me and the other flatmate) were able to consistently get fair access to the bandwidth.
btw i am posting this as an anonymous coward because for some reason i can't recover my account.
I can attest to the firmware aspect, the attenas aren't the issue, it's the firmware's bugginess that kills it. Open Source Firmware fixed that problem for me.
Usually such issues come from the asymetric lines you get stuck with from ISPs.
Using full bandwidth up will congest your downstream. It can be solved with a very simple cap on upload, limiting it to 80-90% of max upload bandwidth. No need to go high-tech on his ass.
Symetric lines do not exhibit these issues, atleast not so noticably.