P2P Traffic Shaping For Home Use?

An anonymous reader writes "My housemate uses an aggressive P2P client, that when in use makes the Internet unusable for everyone else connected to the network. After hearing about various ISPs shaping traffic to reduce P2P traffic, I was wondering if there was a solution for managing P2P traffic on a home network. I have a Linksys WRT54G available for hacking. Can Slashdot recommend a way to reduce the impact of P2P on my network and make it usable again?"

It's simple with OpenWrt

Install OpenWrt, then:

ipkg install qos-scripts
vi /etc/config/qos
[ enter your linespeed in the right place ]

qos-start

Re:It's simple with OpenWrt

[corsec67]

Or install Tomato and go to the QOS tab. It is pretty simple to get QOS going on Tomato

How about ask?

[Alioth]

How about just nicely explaining the problem to him, and requests he runs his P2P stuff overnight when no one is using the connection?

If that doesn't work, well, his port on the switch might mysteriously fail during waking hours.

Re:How about ask?

[kesuki]

as opposed to using traffic shaping, you can force the guy to switch clients to azureus http://azureus.sourceforge.net/

in advanced mode, you can set upload and download maximums, if you plan on allowing this, and using latency specific online gaming, you should set the limits to HALF of what azureus is capable of without anyone using the internet.

Talk to your housemate

[Dolohov]

Seriously. An arms race is not going to solve your problem.

Re:Talk to your housemate

[ozamosi]

When I use bittorrent, I like to squeeze out as much bandwith as possible. However, I don't like when others get annoyed.

To fix the annoyance, I would have to limit my bandwidth usage at some times of the day - and I wouldn't just have to limit my usage according to when the other tenants are awake, and according to when they use how much bandwidth, but also according to how much bandwidth my ISP feels like giving me today (my ISP is seriously bandwidth starved).

If my router had good QoS, I wouldn't have to worry about annoying others, while still being able to use all spare bandwidth. I would definitely prefer this solution.

QoS

[llamalad]

Just set up QoS such that VOIP, SMTP, HTTP, HTTPS, and whatever else you care about gets prioritized.

In the days of Napster

[eric76]

In the days of Napster, a nephew of mine spent a year living with me while going to college nearby.

His use of Napster would make the cable modem connection unusable. In response, I'd go to the home firewall device (had one of the early Linksys models) and block the traffic.

He thought the cable company was doing it.

Re:In the days of Napster

Of course, you could try talking to him, but then if he refuses it ruins the credability of the above plan somewhat. Not at all. After he refuses to talk about it, you block his traffic then when he says something's up you say "Shit! I tried to talk to you about this but you wouldn't listen. I knew this would happen. The Cable Company must be fucking with our access. They've probably told the police too! Right... you hide in the attic until this blows over. I'll say you've fled to Brazil or something."

Obvious

Beat the shit out of the fucker.

Man up!

[zogger]

Tell this person to stop being a hog and to drop upload and download speeds so that other people can use the net. This is a social problem that doesn't need a techno fix. Either that or tell them to get their own connection, stop sharing it with them.

Anonymous Coward

Switch to Comcast!

1st off

[atarione]

a. 1st off and most importantly make sure the internet connection isn't in your name so you are not the one who gets sued by the RIAA b. go get DD-WRT (check your WRT54G version..later one's suck) then set up the traffic shaping QoS feature. http://www.dd-wrt.com/wiki/index.php/Quality_of_Service

Easiest way: Raise QoS of OTHER traffic.

[Zarhan]

Raise priority for

    - Web (Http and https, maybe also 8080)
    - DNS (UDP:53)
    - Mail (SMTP, IMAP, POP3 (including SSL versions))
    - IRC (if you use)
    - FTP
    - SSH, Telnet
    - All TCP acknowledgement packets.
    - Maybe some gaming protocols (Directplay, WoW, etc - these unfortunately require checking docs for each game)

that way, you have whitelisted most of the "interactive" protocols that suffer from loaded link. No need to keep chasing after the latest encrypted, onion routed P2P application that happens to be flavor of the month. The biggest problem is the online gaming stuff.

All major clients, but it still requires talking..

[Nerobro]

I love how people pimp their own client. But nearly every PTP client I've touched, has bandwidth limiting. Some of them, uTorrent included, allows you to schedule your bandwidth.

The real problem here isn't traffic shaping, but about traffic courtesy. Your housemate may not know how much trouble their causing. Talk to them. Get them to set their max speeds to 1/2 or 1/4 of the available bandwidth.

They may be surprised when their OWN web browsing gets better.

Yet this does all hinge on you talking to said housemate. Go talk. I've had the "talk" and been the person talking to the housemate. It usually works out well.

the human approach

[Peganthyrus]

Presumably saying "Hey, dude, can you throttle the hell out of your P2P? I'm getting no net whatsoever." is not an option.

If so, yeah, you could try looking into the alternate firmwares for the router; they let you throttle stuff based on ports. You'll have to look at the serial number to know for sure if you can stick that in, or spend like $80 or whatever for the WRTGL, which has enough firmware space to do fun things.

Just speak to him!

[drspliff]

My housemate has a machine setup for bittorrent, when we first moved in together it was very annoying as he seemed oblivious that running it all the time meant that my connections were slow, dropping all the time & unusable.

So I spoke to him, you know - in a rational way. It's now scheduled for the nights & days when we're either asleep or at work with a few hours in between & most of the weekends where it's either throttled down to 10k/s (by uTorrent) or stopped completely.

On top of that we've got a Smoothwall box with packet prioritization for ssh/web/email/im etc. but no bandwidth throttling.

At the end of the day, if you cant come to an agreement then it's probably just gonna get worse for you two and there's nothing you can do to stop him being an asshole.

Re:Just speak to him!

[Omnifarious]

I had a housemate who ran P2P software all the time without even realizing it. Talking to him did nothing. Limiting the number of outbound packets from his computer to a certain number per second with a fairly high burst solved the problem. He liked playing WoW and when his WoW connection started getting all weird and I told him it was his P2P sofware he started to make sure it wasn't running. The average cap I set was plenty enough for WoW and enough for a decent download speed for P2P as well.

I'm all for bandwidth throttling and traffic shaping as long as it's to ensure usage fairness. If I were running an ISP I would have a per-customer 5 minute bandwidth meter and customers who had exceeded their share for 5 minutes would have all their traffic dropped to the lowest priority until there was a 5 minute interval in which they hadn't exceeded their share.

And it would be share of total pipe available to the ISP's upstreams, not some arbitrary fixed cap per customer. If the P2P application were written to favor connecting to other customers of the ISP that would be a way to avoid the re-prioritization completely.

Re:Need more input!

[Divebus]

Simple - take a BIG HAMMER to his computer.

Re:All major clients, but it still requires talkin

[PC+and+Sony+Fanboy]

tell him that his .torrent-ing is adversely affecting your social life on WoW. He'll either understand, or not.

If not, just use some DPS and hide behind the couch....

Re:Buy another Linksys and link them.

[Angry+Rooster]

When I bought a WRT54G I had the same problem... mine is v6. Apparently after v4 Linksys(or more accurately Cisco, who owns them) lowered the internal memory to lessen the effectiveness of third party flashing. Unfortunately in doing so, they made their routers horrible. There isn't enough memory to hold larger IP tables, so bittorrent traffic and the like bogs it down until it needs a restart. DDWRT helps a little, in that you can schedule restarts to go every hour or so, but the sporatic connection is less than ideal. My solution was similar to the above. I just used my older model wired Linksys router to handle all the IP routing and set the WRT54G(with DDWRT) as a pass-through device. It's unfortunate that they felt like crippling a perfectly useful router just because free firmware made it competitive with their high end products.

I use a DLink DLG-4300

[QX-Mat]

http://games.dlink.com/products/?pid=370

Works well, but is rather expensive. Has an oversized NAT table to help with UDP server pings, so this will remedy and torrent problems you might have with your current setup.

QoS system is fairly flexible with an intuitive GUI and many preconfigured service options.

Has an option to pack the output frames completely (harms XBox Live possibly) as well as delay non-prio packets in favour of VOIP/gaming/as you configure.

Matt

Re:I use a DLink DLG-4300

[chrysrobyn]

I've got to echo the DLink recommendation -- but I've had the 4100 for about a year. They call their QOS stuff "Game Fuel" (there were a few slashdot stories about it when they started hyping it up).

I've been very happy with mine, including being able to torrent like a freak and still use the Vonage box to make VOIP calls. I know the torrents are being throttled by my little box, but I can't see a big impact on transfer speeds. As a bonus, the DLink is much faster than the NAT firewall it replaced-- my maximum throughputs are higher.

Setup is as easy as configuring a normal NAT device. Of course, if you want to play with port forwarding, that's there too, and if you want your QOS to be a little more sophisticated than the default (which you should really try and see if you're happy with it), there are a plethora of configuration options.

OpenBSD Packet Filter

[Piranhaa]

http://www.openbsd.org/cgi-bin/man.cgi?query=pf.conf 'nuf said

DD-WRT

[Solandri]

You may be able to install DD-WRT on your router. It (along with other alternate firmwares) provides much better traffic shaping capabilities (called QoS for quality of service) than the default firmware. It lets you assign traffic to bulk (lowest), standard, express, premium, and exempt; based on port, MAC address, netmask (destination IP), or traffic type. Off the top of my head I believe the priorities refer to guaranteed 10%, 25%, 50%, 90%, and 100% of packets will get through.

First step would be to find out what type of P2P he's using and (if it's not recognized by DD-WRT) what ports. Drop those down to bulk priority. Raise special activities like https web browsing to express (on the assumption that connecting to an https server means you're doing something important like accessing your bank). Stuff that's time-critical like VoIP and gaming should get premium priority. This took care of 90% of the problems I had.

The remaining 10% proved extremely tricky. Newer bittorrent clients default to encryption on, and it was getting by the QoS. I tried tweaking all sorts of settings to mitigate this without success. What eventually worked was a setting anything on ports higher than 1024 to bulk priority, then specifying certain ports as having higher priority. This is the QoS equivalent of switching from allow all and blocking things you don't want, to deny all and allowing things you do want. That seems to have solved the bittorrent problem.

The only problems that remain have to do with http and ftp transfers of large files. If someone sticks a 40 MB file on a web site, the router can't tell it apart from regular http traffic, so you can't drop its priority without also affecting regular web browsing. In one case a user was running a program to download an entire web site - that was killing the network since to the router it looked just like a lot of web browsing. Same with ftp - if you drop ftp's priority so the 100 MB transfers are bulk, the small ftp files like certain software updates are also bulk.

Re:DDWRT gives you a GUI then you can....

[schnikies79]

Yea, I finally gave up on DD-WRT. It was unstable and a resource hog. Tomato is a MUCH better option if you want a web gui.

My pings dropped 10ms and the QOS actually works.

Re:Need more input!

[UncleTogie]

Can you expand on this? Something like "if the version happens to be xxx then you could do foo, if the version happens to be yyy then you could do bar..."

Good point. How 'bout a wikipedia link for the WRT54G, with entries on available firmware?

Re:Need more input!

[mrsteveman1]

Any WRT54G model before v5 can be modified easily, v5+ can sometimes be modified with DD-WRT. And of course they still sell the GL, which is quite worth the price ($60 on amazon) because of how useful it becomes with this alternate firmware. The GL can also be modified and has the advantage of still being sold under a clear model number, so you know you can mod it, unlike others.

On the other hand, there is awesome shaping available in tomato firmware, it can classify traffic and show you what percentage of your traffic was in each class.

http://www.polarcloud.com/img/ssqosc108.png
http://www.polarcloud.com/img/ssqosg108.png
http://www.polarcloud.com/tomato

OpenWRT requirements

[j1m+5n0w]

OpenWRT hardware requirements If it's version 4.0 or earlier (or the L model), it has enough RAM and flash (16MB, 4MB respectively) to run OpenWRT, or other wrt54g-friendly distributions. (OpenWRT is pretty cool; it has an olsrd package you can install from the web configurator, and with a little bit of effort you can make an ad-hoc mesh. Not useful for traffic shaping, but interesting nonetheless. I expect there are probably tools available to do traffic shaping with OpenWRT as well, I just never needed to mess with that.)

Linux, iptables and Traffic Control (tc)

[xororand]

As someone mentioned in a previous post, it's much easier to just whitelist priorized services such as ssh, telnet or gaming protocols than wasting too much CPU cycles on detecting obscure P2P protocols with layer 7 filters.

Personally, I use iptables & tc to setup a simple HTB (Hierarchical Token Bucket filter) system with 3 priority levels:

- Interactive: SSH (with Minimize-Delay TOS-Flag), Telnet, Jabber, ...
- Medium: HTTP, IMAP, SMTP, POP3, ...
- Low: All the rest

Shaping the upload speed is my only concern. All 3 classes may use the complete upload bandwidth. The interactive HTB class gets a guaranteed 90% of the bandwidth and a high burst value. The lowest HTB class has a burst of 0 and about 5% guaranteed upload speed.

While this is only primitive setup, it allows lag-free ssh with an unlimited upload in the background.

An in-depth how-to about the Linux Traffic Control system: http://www.tldp.org/HOWTO/Traffic-Control-HOWTO/index.html

A short pragmatic example using HTB & SFQ can be found here: http://gentoo-wiki.com/HOWTO_Packet_Shaping

Get Your Own Connection

[rueger]

Instead of cheaping out spend $30 a month for your own cable or DSL connection. Or, as many have suggested, just talk to the guy.

Barring that just connect the 220v dryer line to the wall socket in his room and hope that he got his power bar for $5.99 at WalMart.

Or even better please all of your room-mates and just move.

From the Slashdot crowd?

[Serenissima]

I'm sure the reaction of physical violence isn't one most Slashdot readers would take. All that heavy breathing would just tire us out too quickly.

Re:Need more input!

[Shakrai]

but you want to tell everything you know about "P2P traffic shaping for home use" and be useful to more people.

This won't be directly helpful to the submitter (he's working with a WRT54G), but this is how I do it in Linux. Set up the shaping rules with tc. Classify traffic with iptables. Examples follow:

(in /etc/ppp/ip-up -- would likely be rc.local or similar file for a cable modem user who doesn't use ppp)

# ADSL connection is 832,000 bits/s on upload.
#
# We rate limit to 632,320 bits/s (76%) to account for ATM/PPPoE/IP protocol overhead.
#
# This is broken up as follows:
#
# 72,000 bits/s for TCP Acks (keep our downloads fast even if upload is pegged)
# 35,000 bits/s for interactive packets (icmp echo/reply, tcp syns, network time protocol, small ssh packets -- only small ones so we don't prioritize scp transfers)
# 236,500 bits/s for priority traffic (traffic to my work VPN)
# 236,500 bits/s for normal traffic (this is the default)
# 35,000 bits/s for low priority traffic (udp trackers in bittorrent)
# 35,000 bits/s for idle priority traffic (bittorrent uploads)

/sbin/tc qdisc add dev $1 root handle 1: htb default 50
/sbin/tc class add dev $1 parent 1: classid 1:1 htb rate 632320bit ceil 632320bit
/sbin/tc class add dev $1 parent 1:1 classid 1:20 htb prio 1 rate 72000bit ceil 632320bit quantum 1454
/sbin/tc class add dev $1 parent 1:1 classid 1:30 htb prio 2 rate 35000bit ceil 632320bit quantum 1454
/sbin/tc class add dev $1 parent 1:1 classid 1:40 htb prio 3 rate 227660bit ceil 632320bit
/sbin/tc class add dev $1 parent 1:1 classid 1:50 htb prio 4 rate 227660bit ceil 632320bit
/sbin/tc class add dev $1 parent 1:1 classid 1:60 htb prio 5 rate 35000bit ceil 632320bit quantum 1454
/sbin/tc class add dev $1 parent 1:1 classid 1:70 htb prio 6 rate 35000bit ceil 632320bit quantum 1454

/sbin/tc qdisc add dev $1 parent 1:20 handle 20: sfq perturb 10
/sbin/tc qdisc add dev $1 parent 1:30 handle 30: sfq perturb 10
/sbin/tc qdisc add dev $1 parent 1:40 handle 40: sfq perturb 10
/sbin/tc qdisc add dev $1 parent 1:50 handle 50: sfq perturb 10
/sbin/tc qdisc add dev $1 parent 1:60 handle 60: sfq perturb 10
/sbin/tc qdisc add dev $1 parent 1:70 handle 70: sfq perturb 10

In order, those commands establish a htb scheduler with a celing of 632,320bit/s (you have to set this around 70-80% less than your actual upload to force the packets to queue at your box and not the dsl/cable modem), then establishs children underneth it for each class of traffic. The children will get AT LEAST the specified rate and when extra is available will borrow it according to their priority number. Prio 0 gets all extra bandwidth until satisifed or no more exists, then prio 1, prio 2, etc, etc.

The second set of commands attaches a fair queuing algorithm so individual connections within those classes will share the bandwidth (more) fairly.

From there it's just a matter of using iptables to classify the traffic. This example shoves all bittorrent traffic into the lowest queues. We assume that anything coming from 172.25.42.254 is bittorrent traffic because we add that as a second IP address on the client behind NAT and make Azureus bind to that IP (all other traffic goes out on the default IP).

iptables -t mangle -N LOW
iptables -t mangle -N IDLE
iptables -t mangle -A LOW -j CLASSIFY --set-class 1:60
iptables -t mangle -A LOW -j RETURN
iptables -t mangle -A IDLE -j CLASSIFY --set-class 1:70
iptables -t mangle -A IDLE -j RETURN
iptables -t mangle -A FORWARD -p udp -s 172.25.42.254 -j LOW
iptables -t mangle -A FORWARD -p udp -s 172.25.42.254 -j RETURN
iptables -t mangle -A FORWARD -p tcp -s 172.25.42.254 -j IDLE
iptables -t mangle -A FORWARD -p tcp -s 172.25.42.254 -j RETURN

Those commands

Re:Need more input!

[mrmeval]

I had a REV 8 linksys and it would be perfect as it LOCKS up on max bandwidth. The internal webserver also crashed and it won't take open source firmware. I got a good one when I bought a Buffalo that rocks, just before a texas judge stopped their product from being sold here.

DD-WRT would do that easily. It can do it to wireless as well. Look for a compatible router, preferably one that can take a full install and strangle their link. ;)

http://www.dd-wrt.com/

More of a house rules issue than a technical one

[kungfoolery]

If you can't have a frank conversation about communal resource usage with your own roommate than your have much bigger problems than mere router configuration will ever solve.

I'm sure you guys have laid down basic guidelines governing how you'll split up paying for and using shared stuff. Like, "Hey dude, if you insist on running that 20 node Beowulf cluster in your room to crunch SETI work units all day, you should pay more for electricity." Or if nothing that specific, at least rules along the lines of "neither of us should monopolize the common area on a consistent basis preventing the other from ever having guests over."

I don't think shared Internet usage should be any different. If you're the administrator of the network at home, it seems that what you're suggesting would be tantamount to setting up bear traps in the common area to discourage over foraging by your inconsiderate roommate. Of course, if he/she is that much of a boor, maybe you have no choice.

Bottom line though: it would probably be better to talk it over with your roommate rather than putting the smack down with filters and such... in the end, there'll be a lot less resentment from both ends.

The social problems: eating it cause it's there

[Televiper2000]

Honestly, this is the reason ISPs are moving toward throttling, packet shaping, and simply capping the bandwidth. There's a minority of bit torrent users hoarding the bandwidth so that they can hoard piles and piles of movies, music, and games that they have no reasonable expectation of using. "hey check it out man, I have the entire Simpson's series dubbed in Japanese!"

Re:And after you install DD-WRT...

[Tau+Neutrino]

You're right, I neglected to say which direction the timeout should go. It's definitely reduce the TCP and UDP timeout values to 120 seconds. One of the problems with P2P is establishing many connections to flaky systems or networks. Your client (and router hold the connection open, waiting for response that never comes. That fills up the connection table and makes it hard to establish other, more productive ones.

You want to reduce the time your router waits from 1 hour, as it's currently set, to two minutes.

Re:Buy another Linksys and link them.

[ydrol]

> lowered the internal memory to lessen the effectiveness of third party flashing

My understanding is the motivation was primarily cost. VxWorks runs on less hardware, and presumable the amount saved my reduced flash is greater than the per seat license cost for VxWorks?

>It's unfortunate that they felt like crippling a perfectly useful router just because free firmware made it competitive with their high end products.
Due to popular demand its back as the WRT54GL

Don't use software to solve social problems...

[rit]

The best piece of professional advice I ever received was this:

"Don't use software to solve social problems"

This seems pretty apt here - instead of spending money and time trying to do this the hard way....

Just fucking smack him, and tell him to behave responsibly or lose his internet privileges.

IPCop

[jcrousedotcom]

I use ipcop http://www.ipcop.org/ for my home network - it's all of about 40 megs (well it was, I see the new update is quite a bit bigger so I may be low on that figure) and can run on any old pc lying around.

It can do the traffic shaping you're wanting, plus, I found, especially when I am doing p2p downloading or some online gaming, my old netgear (very old) couldn't keep up and would drop packets. I saw my download speeds go up significantly and I have the opportunity to do traffic shaping if needed.

It's free (donation) and very simple to set up. You don't have to be a linux guru to set it up, it has a web based interface for configuration.

It works great for me.