Slashdot Mirror
P2P Traffic Shaping For Home Use?
An anonymous reader writes "My housemate uses an aggressive P2P client, that when in use makes the Internet unusable for everyone else connected to the network. After hearing about various ISPs shaping traffic to reduce P2P traffic, I was wondering if there was a solution for managing P2P traffic on a home network. I have a Linksys WRT54G available for hacking. Can Slashdot recommend a way to reduce the impact of P2P on my network and make it usable again?"
Install OpenWrt, then:
/etc/config/qos
ipkg install qos-scripts
vi
[ enter your linespeed in the right place ]
qos-start
Just set up QoS such that VOIP, SMTP, HTTP, HTTPS, and whatever else you care about gets prioritized.
a. 1st off and most importantly make sure the internet connection isn't in your name so you are not the one who gets sued by the RIAA b. go get DD-WRT (check your WRT54G version..later one's suck) then set up the traffic shaping QoS feature. http://www.dd-wrt.com/wiki/index.php/Quality_of_Service
actually I am happy to see you, however that is in fact a banana in my pocket.
as opposed to using traffic shaping, you can force the guy to switch clients to azureus http://azureus.sourceforge.net/
in advanced mode, you can set upload and download maximums, if you plan on allowing this, and using latency specific online gaming, you should set the limits to HALF of what azureus is capable of without anyone using the internet.
https://www.gnu.org/philosophy/free-sw.html
Raise priority for
- Web (Http and https, maybe also 8080)
- DNS (UDP:53)
- Mail (SMTP, IMAP, POP3 (including SSL versions))
- IRC (if you use)
- FTP
- SSH, Telnet
- All TCP acknowledgement packets.
- Maybe some gaming protocols (Directplay, WoW, etc - these unfortunately require checking docs for each game)
that way, you have whitelisted most of the "interactive" protocols that suffer from loaded link. No need to keep chasing after the latest encrypted, onion routed P2P application that happens to be flavor of the month. The biggest problem is the online gaming stuff.
When I bought a WRT54G I had the same problem... mine is v6. Apparently after v4 Linksys(or more accurately Cisco, who owns them) lowered the internal memory to lessen the effectiveness of third party flashing. Unfortunately in doing so, they made their routers horrible. There isn't enough memory to hold larger IP tables, so bittorrent traffic and the like bogs it down until it needs a restart. DDWRT helps a little, in that you can schedule restarts to go every hour or so, but the sporatic connection is less than ideal. My solution was similar to the above. I just used my older model wired Linksys router to handle all the IP routing and set the WRT54G(with DDWRT) as a pass-through device. It's unfortunate that they felt like crippling a perfectly useful router just because free firmware made it competitive with their high end products.
http://games.dlink.com/products/?pid=370
Works well, but is rather expensive. Has an oversized NAT table to help with UDP server pings, so this will remedy and torrent problems you might have with your current setup.
QoS system is fairly flexible with an intuitive GUI and many preconfigured service options.
Has an option to pack the output frames completely (harms XBox Live possibly) as well as delay non-prio packets in favour of VOIP/gaming/as you configure.
Matt
http://www.openbsd.org/cgi-bin/man.cgi?query=pf.conf 'nuf said
Yea, I finally gave up on DD-WRT. It was unstable and a resource hog. Tomato is a MUCH better option if you want a web gui.
My pings dropped 10ms and the QOS actually works.
Gone!
Good point. How 'bout a wikipedia link for the WRT54G, with entries on available firmware?
Don't tell me to get a life. I'm a gamer; I have LOTS of lives!
Any WRT54G model before v5 can be modified easily, v5+ can sometimes be modified with DD-WRT. And of course they still sell the GL, which is quite worth the price ($60 on amazon) because of how useful it becomes with this alternate firmware. The GL can also be modified and has the advantage of still being sold under a clear model number, so you know you can mod it, unlike others.
On the other hand, there is awesome shaping available in tomato firmware, it can classify traffic and show you what percentage of your traffic was in each class.
http://www.polarcloud.com/img/ssqosc108.png
http://www.polarcloud.com/img/ssqosg108.png
http://www.polarcloud.com/tomato
OpenWRT hardware requirements If it's version 4.0 or earlier (or the L model), it has enough RAM and flash (16MB, 4MB respectively) to run OpenWRT, or other wrt54g-friendly distributions. (OpenWRT is pretty cool; it has an olsrd package you can install from the web configurator, and with a little bit of effort you can make an ad-hoc mesh. Not useful for traffic shaping, but interesting nonetheless. I expect there are probably tools available to do traffic shaping with OpenWRT as well, I just never needed to mess with that.)
As someone mentioned in a previous post, it's much easier to just whitelist priorized services such as ssh, telnet or gaming protocols than wasting too much CPU cycles on detecting obscure P2P protocols with layer 7 filters.
... ...
Personally, I use iptables & tc to setup a simple HTB (Hierarchical Token Bucket filter) system with 3 priority levels:
- Interactive: SSH (with Minimize-Delay TOS-Flag), Telnet, Jabber,
- Medium: HTTP, IMAP, SMTP, POP3,
- Low: All the rest
Shaping the upload speed is my only concern. All 3 classes may use the complete upload bandwidth. The interactive HTB class gets a guaranteed 90% of the bandwidth and a high burst value. The lowest HTB class has a burst of 0 and about 5% guaranteed upload speed.
While this is only primitive setup, it allows lag-free ssh with an unlimited upload in the background.
An in-depth how-to about the Linux Traffic Control system: http://www.tldp.org/HOWTO/Traffic-Control-HOWTO/index.html
A short pragmatic example using HTB & SFQ can be found here: http://gentoo-wiki.com/HOWTO_Packet_Shaping
but you want to tell everything you know about "P2P traffic shaping for home use" and be useful to more people.
This won't be directly helpful to the submitter (he's working with a WRT54G), but this is how I do it in Linux. Set up the shaping rules with tc. Classify traffic with iptables. Examples follow:
In order, those commands establish a htb scheduler with a celing of 632,320bit/s (you have to set this around 70-80% less than your actual upload to force the packets to queue at your box and not the dsl/cable modem), then establishs children underneth it for each class of traffic. The children will get AT LEAST the specified rate and when extra is available will borrow it according to their priority number. Prio 0 gets all extra bandwidth until satisifed or no more exists, then prio 1, prio 2, etc, etc.
The second set of commands attaches a fair queuing algorithm so individual connections within those classes will share the bandwidth (more) fairly.
From there it's just a matter of using iptables to classify the traffic. This example shoves all bittorrent traffic into the lowest queues. We assume that anything coming from 172.25.42.254 is bittorrent traffic because we add that as a second IP address on the client behind NAT and make Azureus bind to that IP (all other traffic goes out on the default IP).
Those commands
I want peace on earth and goodwill toward man.
We are the United States Government! We don't do that sort of thing.
I had a REV 8 linksys and it would be perfect as it LOCKS up on max bandwidth. The internal webserver also crashed and it won't take open source firmware. I got a good one when I bought a Buffalo that rocks, just before a texas judge stopped their product from being sold here.
;)
DD-WRT would do that easily. It can do it to wireless as well. Look for a compatible router, preferably one that can take a full install and strangle their link.
http://www.dd-wrt.com/
I'd go on a Vegan diet but the delivery time from Vega is too long. --brownkitty
You're right, I neglected to say which direction the timeout should go. It's definitely reduce the TCP and UDP timeout values to 120 seconds. One of the problems with P2P is establishing many connections to flaky systems or networks. Your client (and router hold the connection open, waiting for response that never comes. That fills up the connection table and makes it hard to establish other, more productive ones.
You want to reduce the time your router waits from 1 hour, as it's currently set, to two minutes.
Lemmings are silly; dinosaurs are extinct.
My understanding is the motivation was primarily cost. VxWorks runs on less hardware, and presumable the amount saved my reduced flash is greater than the per seat license cost for VxWorks?
>It's unfortunate that they felt like crippling a perfectly useful router just because free firmware made it competitive with their high end products.
Due to popular demand its back as the WRT54GL
I use ipcop http://www.ipcop.org/ for my home network - it's all of about 40 megs (well it was, I see the new update is quite a bit bigger so I may be low on that figure) and can run on any old pc lying around.
It can do the traffic shaping you're wanting, plus, I found, especially when I am doing p2p downloading or some online gaming, my old netgear (very old) couldn't keep up and would drop packets. I saw my download speeds go up significantly and I have the opportunity to do traffic shaping if needed.
It's free (donation) and very simple to set up. You don't have to be a linux guru to set it up, it has a web based interface for configuration.
It works great for me.
Illiterate? Write for free help!