Ask Slashdot: Low Cost IP-based Traffic Shaping?

Deuteron asks: "Hi! I work for an ISP and we're about to deploy wireless net access and need a way to limit people to the bandwidth they pay for. We're planning on starting out with offering 128k, 256k, and 1M links. The wireless hardware itself (Breezecom if you're interested) will handle the 1M part for us. The tricky part is the lower speeds. I've done some extensive checking and haven't found any IP or MAC address based shapers as of yet. Can anyone point me to some free or extremely low cost solutions? Any leads would be greatly appreciated!"

See Linux-2.2.x

[maynard]

See the traffic shaper pseudo device support in Linux-2.2.x. According to it's documentation it can shape from about 9600 to 256kb per pseudo-device. Documentation lives at:
/usr/src/linux/Documentation/networking/shaper.t xt

You might also want to look into the Linux Firewalling code if you're going to use it for traffic shaping as well. See:

filter and ipmasq.txt in the same directory.

Cheers!
J. Maynard Gelinas

Why aren't you using Breezecom's shaper

[anticypher]

This sounds like an exploratory question for someone who hasn't yet come up with a business plan. Are you truly expecting to provide a huge amount of bandwidth to thousands of customers and then try to use a free linux program to enforce your ToS? I'd love to see you succeed with this, because the latest Linux kernels have some traffic shaping in them, and you could help out the coders with a real world test bed.

Why then aren't you taking advantage of Breezecom's built in Maximum Information Rate Class of Service? Do they charge too much for the management software? Have you even talked with their account reps? Their whole business is aimed at ISPs trying to do exactly this same thing. Breezecom modems emulate a serial connection, but their cheaper LAN products emulate an ethernet link. Their modems have a built in rate limiter, their LAN replacement is only aimed at office environments and not ISPs. It sounds like you have chosen the cheapest products, and are now trying to add something for nothing.

To properly implement a per user CoS, you must assign a static IP address to each end station, and possibly lock it down to a MAC address. Then you can set up a traffic shaper for each customer with little hassle. Easiest way to do is have different customers in different subnets, so all the 128k people are on one subnet, 512k on another. Rule writing is easiest that way. If you try to do CoS on systems dynamically grabbing an IP address (DHCP or equiv), you will spend all your time writing custom code to match addresses to customers to ToS to shaper rules and so on. Avoid it.

The best solution for packet shaping is Packeteer, who make a great box with a fairly good interface. The cost isn't that high compared with how much you will spend trying to implement the same thing with free software. Just buy one of their boxes and throw it in line with your ISP, then configure it a little and you can mostly forget it.

The next solution is Cisco, who have a bunch of different options built into their IOS for crude packet shaping. Presumably at some point you will have to buy a big Cisco router, probably when you get more than 50-100 customers. Since you are an ISP, what routers are you using now?

The cheap but limited solution is the latest linux kernel with IP Chains and Class Based Queueing. It should scale to handle a few subnets, each having its own CoS, but may not do 512k or higher. Crude, but should keep your bean counters happy until you have enough paying customers to afford something to cover a bigger user base.

Also check out NetBSD shaping, since I haven't yet.

No matter what you do, always enforce your bandwidth policy from the beginning, because you will lose all of your original customers later when you start to enfore the policy. Never give customers free bandwidth even if it is available, you are asking for a customer relations headache down the road if you do. Poor customer relations is the main reason small ISPs go out of business. This is the voice of experience learned the hard way :-(

Remember, packet shaping is a one way process, if you want to limit the connection from the user back towards the internet, you have to install something at the customer end, either a small box or software on their machines. A nightmare you probably shouldn't touch.

Good luck, and tell us what solution you end up with and how it works. We geeks are a curious bunch.

the AC