P2P Traffic Shaping For Home Use? 288
An anonymous reader writes "My housemate uses an aggressive P2P client, that when in use makes the Internet unusable for everyone else connected to the network. After hearing about various ISPs shaping traffic to reduce P2P traffic, I was wondering if there was a solution for managing P2P traffic on a home network. I have a Linksys WRT54G available for hacking. Can Slashdot recommend a way to reduce the impact of P2P on my network and make it usable again?"
It's simple with OpenWrt (Score:3, Informative)
ipkg install qos-scripts
vi
[ enter your linespeed in the right place ]
qos-start
QoS (Score:5, Informative)
get a PC with smoothwall linux (Score:3, Informative)
a forum about traffic shaping with smoothwall
http://www.linux-noob.com/forums/index.php?s=dffc19493975498724b50564217f05e4&showtopic=3250&pid=11502&st=0&#entry11502 [linux-noob.com]
smoothwall linux
http://www.smoothwall.org/ [smoothwall.org]
1st off (Score:5, Informative)
Re:How about ask? (Score:4, Informative)
in advanced mode, you can set upload and download maximums, if you plan on allowing this, and using latency specific online gaming, you should set the limits to HALF of what azureus is capable of without anyone using the internet.
QoS is definitely recommended (Score:2, Informative)
Re:How about ask? (Score:3, Informative)
Besides, whatever client he is using, must have its own throttle, tell him/her to set it to like 75% of what the line can handle.
Some have timers too, so it can be 50/50 during multiple use, and 100% when he's the only one. Which is far easier than tweaking/hacking something you don't really use that often, and you may want to allow other software to use 100% (or as much as possible) on his machine (file sharing over the network, etc).
Easiest way: Raise QoS of OTHER traffic. (Score:5, Informative)
- Web (Http and https, maybe also 8080)
- DNS (UDP:53)
- Mail (SMTP, IMAP, POP3 (including SSL versions))
- IRC (if you use)
- FTP
- SSH, Telnet
- All TCP acknowledgement packets.
- Maybe some gaming protocols (Directplay, WoW, etc - these unfortunately require checking docs for each game)
that way, you have whitelisted most of the "interactive" protocols that suffer from loaded link. No need to keep chasing after the latest encrypted, onion routed P2P application that happens to be flavor of the month. The biggest problem is the online gaming stuff.
mmm, Tomato (Score:3, Informative)
It also has QoS features, and a nice AJAX interface.
Re:Buy another Linksys and link them. (Score:3, Informative)
I use a DLink DLG-4300 (Score:5, Informative)
Works well, but is rather expensive. Has an oversized NAT table to help with UDP server pings, so this will remedy and torrent problems you might have with your current setup.
QoS system is fairly flexible with an intuitive GUI and many preconfigured service options.
Has an option to pack the output frames completely (harms XBox Live possibly) as well as delay non-prio packets in favour of VOIP/gaming/as you configure.
Matt
OpenBSD Packet Filter (Score:5, Informative)
Re:Talk to your housemate (Score:2, Informative)
And after you install DD-WRT... (Score:3, Informative)
Running Azureus used to kill all the other network activity on my LAN. These changes made all the difference in the world.
Re:DDWRT gives you a GUI then you can.... (Score:4, Informative)
My pings dropped 10ms and the QOS actually works.
Re:Need more input! (Score:5, Informative)
Good point. How 'bout a wikipedia link for the WRT54G, [wikipedia.org] with entries on available firmware?
Re:It's simple with OpenWrt (Score:5, Informative)
Re:Need more input! (Score:5, Informative)
On the other hand, there is awesome shaping available in tomato firmware, it can classify traffic and show you what percentage of your traffic was in each class.
http://www.polarcloud.com/img/ssqosc108.png [polarcloud.com]
http://www.polarcloud.com/img/ssqosg108.png [polarcloud.com]
http://www.polarcloud.com/tomato [polarcloud.com]
Re:Need more input! (Score:2, Informative)
OpenWRT requirements (Score:4, Informative)
Tomato (Score:2, Informative)
Re:DD-WRT (Score:1, Informative)
eg. you can say all HTTP downloads over 1MB get lower priority. It will also work for keep-alive connections so it will work if your flatmate is downloading "a whole website" (since the total size of the site is over 1MB)
Re:Need more input! (Score:2, Informative)
Linux, iptables and Traffic Control (tc) (Score:5, Informative)
Personally, I use iptables & tc to setup a simple HTB (Hierarchical Token Bucket filter) system with 3 priority levels:
- Interactive: SSH (with Minimize-Delay TOS-Flag), Telnet, Jabber,
- Medium: HTTP, IMAP, SMTP, POP3,
- Low: All the rest
Shaping the upload speed is my only concern. All 3 classes may use the complete upload bandwidth. The interactive HTB class gets a guaranteed 90% of the bandwidth and a high burst value. The lowest HTB class has a burst of 0 and about 5% guaranteed upload speed.
While this is only primitive setup, it allows lag-free ssh with an unlimited upload in the background.
An in-depth how-to about the Linux Traffic Control system: http://www.tldp.org/HOWTO/Traffic-Control-HOWTO/index.html [tldp.org]
A short pragmatic example using HTB & SFQ can be found here: http://gentoo-wiki.com/HOWTO_Packet_Shaping [gentoo-wiki.com]
Re:I use a DLink DLG-4300 (Score:4, Informative)
I've got to echo the DLink recommendation -- but I've had the 4100 for about a year. They call their QOS stuff "Game Fuel" (there were a few slashdot stories about it when they started hyping it up).
I've been very happy with mine, including being able to torrent like a freak and still use the Vonage box to make VOIP calls. I know the torrents are being throttled by my little box, but I can't see a big impact on transfer speeds. As a bonus, the DLink is much faster than the NAT firewall it replaced-- my maximum throughputs are higher.
Setup is as easy as configuring a normal NAT device. Of course, if you want to play with port forwarding, that's there too, and if you want your QOS to be a little more sophisticated than the default (which you should really try and see if you're happy with it), there are a plethora of configuration options.
Known problem with Linksys (Score:2, Informative)
From the uTorrent FAQ [utorrent.com]: "The default firmware for Linksys (and all replacement firmwares except for the latest DD-WRT and HyperWRT Thibor) have a severe problem where they track old connections for FIVE days, which causes the router to hang when using P2P apps, or any software that generates a lot of connections. DHT only aggravates the situation because of the number of connections it generates."
Does NOT apply to WRT54G/GS v5 and up.
HTH
Re:Need more input! (Score:3, Informative)
For the tiny bit of extra money however, the GL is definitely worth it in terms of hacking.
Re:Need more input! (Score:5, Informative)
but you want to tell everything you know about "P2P traffic shaping for home use" and be useful to more people.
This won't be directly helpful to the submitter (he's working with a WRT54G), but this is how I do it in Linux. Set up the shaping rules with tc. Classify traffic with iptables. Examples follow:
In order, those commands establish a htb scheduler [luxik.cdi.cz] with a celing of 632,320bit/s (you have to set this around 70-80% less than your actual upload to force the packets to queue at your box and not the dsl/cable modem), then establishs children underneth it for each class of traffic. The children will get AT LEAST the specified rate and when extra is available will borrow it according to their priority number. Prio 0 gets all extra bandwidth until satisifed or no more exists, then prio 1, prio 2, etc, etc.
The second set of commands attaches a fair queuing algorithm so individual connections within those classes will share the bandwidth (more) fairly.
From there it's just a matter of using iptables to classify the traffic. This example shoves all bittorrent traffic into the lowest queues. We assume that anything coming from 172.25.42.254 is bittorrent traffic because we add that as a second IP address on the client behind NAT and make Azureus bind to that IP (all other traffic goes out on the default IP).
Those commands
Re:Need more input! (Score:4, Informative)
DD-WRT would do that easily. It can do it to wireless as well. Look for a compatible router, preferably one that can take a full install and strangle their link.
http://www.dd-wrt.com/ [dd-wrt.com]
Re:And after you install DD-WRT... (Score:4, Informative)
You want to reduce the time your router waits from 1 hour, as it's currently set, to two minutes.
Re:Buy another Linksys and link them. (Score:4, Informative)
My understanding is the motivation was primarily cost. VxWorks runs on less hardware, and presumable the amount saved my reduced flash is greater than the per seat license cost for VxWorks?
>It's unfortunate that they felt like crippling a perfectly useful router just because free firmware made it competitive with their high end products.
Due to popular demand its back as the WRT54GL
Re:All major clients, but it still requires talkin (Score:3, Informative)
my original suggestion was to use smoothwall's QoS. but some people felt tomato would be better than a smoothwall setup, the only reason i like smoothwall is you don't need to flash a hardware router, and if you use an older PC it will use less power running smoothwall than it ever did running windows, for whatever reason any PC from the 486 on, always uses less power running free open source software than running windows, i think it's the 'system idle thread' i think it literally makes the cpu busy out rather than fall asleep...
never had a problem with a Linux or BSD system doing no CPU activity, just routing a few packets and letting the cpu idle and use any on chip power savings... when i first switched my 486 from 24/7 windows to 24/7 freebsd (in 1996) i saved $10 a month in electric bills. (i still have the bills but they're in storage) plus, i never had to reboot freeBSD windows would crash every week.
IPCop (Score:3, Informative)
It can do the traffic shaping you're wanting, plus, I found, especially when I am doing p2p downloading or some online gaming, my old netgear (very old) couldn't keep up and would drop packets. I saw my download speeds go up significantly and I have the opportunity to do traffic shaping if needed.
It's free (donation) and very simple to set up. You don't have to be a linux guru to set it up, it has a web based interface for configuration.
It works great for me.
Build a Better firewall... (Score:3, Informative)
I modified my WRT54G's setting to be just a wireless access point and switch by disabling the DHCP server - then built a cheap Smoothwall firewall using an old P3 800Mhz with a pair of pci nics.
DSL -> Smoothwall -> LAN Port 1 on WRT54
Leaving the WAN port unused, I still have three ports for wired PCs (nearly unlimited with the addition of more switches) and wireless works without a hitch. The WRT's job is just to be a switch and manage wireless authentication and encryption.
The Smoothwall easily handles the traffic without slowing down other clients and (bonus) has QoS built in.
It also provides web caching, email antivirus, DNS, NTP, Snort IDS, and so much more.
Oh, and it's totally open source and available for download from smoothwall.org
Re:Need more input! (Score:1, Informative)
btw i am posting this as an anonymous coward because for some reason i can't recover my account.
Re:Buy another Linksys and link them. (Score:2, Informative)
Re:Need more input! (Score:1, Informative)
Re:OpenWRT requirements (Score:3, Informative)
Re:Easiest way: Raise QoS of OTHER traffic. (Score:2, Informative)
That won't do much good on the router. Your router is a layer 3 device and (except for packet classification) only looks at the IP header. TCP congestion control is layer 4 and operates at each end of your TCP connection. This is a good idea if your P2P client is running on a Linux box, however. But do the config on that box, not the router.
Re:How about ask? (Score:1, Informative)
Using full bandwidth up will congest your downstream. It can be solved with a very simple cap on upload, limiting it to 80-90% of max upload bandwidth. No need to go high-tech on his ass.
Symetric lines do not exhibit these issues, atleast not so noticably.