Follow Slashdot blog updates by subscribing to our blog RSS feed

 


Forgot your password?
Close
typodupeerror
×
Linux Software

Ask Slashdot: Low Cost IP-based Traffic Shaping? 109

Posted by Cliff from the lets-not-run-out-of-bandwidth-here dept.
Deuteron asks: "Hi! I work for an ISP and we're about to deploy wireless net access and need a way to limit people to the bandwidth they pay for. We're planning on starting out with offering 128k, 256k, and 1M links. The wireless hardware itself (Breezecom if you're interested) will handle the 1M part for us. The tricky part is the lower speeds. I've done some extensive checking and haven't found any IP or MAC address based shapers as of yet. Can anyone point me to some free or extremely low cost solutions? Any leads would be greatly appreciated!"
This discussion has been archived. No new comments can be posted.

Ask Slashdot: Low Cost IP-based Traffic Shaping? More

Ask Slashdot: Low Cost IP-based Traffic Shaping?

Comments Filter:

  • Re:Class based queueing under 2.2.x (Score:1)

    by Anonymous Coward
    Oops!!! That's CBQ.init that you search for at Freshmeat. And you also need to pick up the IProute2 package to get it all working.

  • Class based queueing under 2.2.x (Score:2)

    by Anonymous Coward
    We are doing this exact thing to offer internet service to several companies off of out T-1 connection. Class based queueing works much better than the traffic shaper. To use it, get the cbqinit script off of Freshmeat, and turn on the experimental stuff under the 2.2.x kernels to enable class based queueing. After you do this, sizing the traffic is as easy as editing a text file to mandate bandwith on a per network or per class basis. It is much easier to configure and in my opinion shapes the traffic much better than the traffic shaper.

    darkdave@uwyo.edu
  • Posted by Vik Olliver (at home):

    It depends on which country you are in. New Zealand for instance has a per Mb charge for overseas traffic.

    Vik :v)

  • Performing it straight on an interface shouldn't hurt too much - although I gotta admit, I've got no numbers to back me up here.

    Matching per IP address is rather CPU intensive though, according to the documentation.

    Dave


    --

  • [These links are long. If they get broken, go to www.cisco.com [cisco.com] and search for "Committed Access Rate".]

    Some of the more interesting versions of the Cisco IOS (the 11.1CA and CC tree I think, and v12 if you're feeling brave) will perform incoming and outgoing traffic shaping. The closest to what you'd like is probably Committed Access Rate [cisco.com].

    It can be applied directly to an interface to limit all IP traffic, or you can define an access list so that it will limit all traffic that matches a particular protocol, QOS flag... or your customer's IP subnet.

    This last option is useful to limit a customer's access to the internet at large while still giving them full speed access to, say, your local mail or FTP server. You perform the limit on your connection to the rest of the world, using a different rate limit for each customer.

    The v12.0 documentation is linked above, or check this CCO search [cisco.com].

    Dave


    --

  • AFAICS Breezecom offer wireless E1(or T1) links which are synchronous....
  • Ah, a code bigot.

    I agree with you that the original code has been around forever, and that that might make it more stable... But this argument doesn't necessarily hold. Sendmail has been around forever too, but it's never been stable. Linux hasn't been around forever, but I've never had a problem with any kernel TCP/IP code.

    In fact, the only kernel code I have a problem with is any new, contributed, unimportant features. I don't care if my cheap TV card doesn't work properly with my cheap video card as long as I have a working ethernet connection over my cheap ethernet card... :)

    I don't think the Linux TCP/IP stack is a new, experimental, or partially working feature. Even if someone changed a few lines of code, that's why the development model works the way it does. Maybe if it had a problem in 2.1.1xx, it got fixed by 2.2.1, eh? That's what code freeze and stable version means.

    Anyhow, if you're all gung-ho about using a "stable version", use a distribution based off of 1.2.13, or 2.0.36 or something. Or use XENIX, a true SYSV derivative. ;) But don't talk about stability problems that don't exist because you think a particular branch of code is better, but don't have proof. That's bigotry.
  • The Breezecom stuff is directional point-to-point, and not shared, so it's perfectly safe to sell the whole bandwidth of a connection.
  • It is not very known, but sophisticated QoS and
    bandwidth limiting is available in 2.2. Try going to Networking options->QoS and fair queuing in kernel configuration and I'm sure you'll see lots of options with hard-to-understand descriptions ;)


    For the software and docs, go to ftp://ftp.proxad.net/mirrors/ftp.inr.ac.ru/ip-rout ing/ and download latest iproute from there.
  • It is not very known, but sophisticated QoS and
    bandwidth limiting is available in 2.2. Try going to Networking options->QoS and fair queuing in kernel configuration and I'm sure you'll see lots of options with hard-to-understand descriptions ;)

    For the software and docs, go to ftp://ftp.proxad.net/mirrors/ftp.inr.ac.ru/ip-rout ing/ and download latest iproute from there.
  • First of all, as far as I remember bwmgr is available for Linux now as well.

    Secondly, I use Linux 2.2 and QoS on several routers, with not-so-good hardware. How unmature it may be, it works.

    And finally, I think you do advocacy in a wrong way. I dont have anything *BSD, but advocacy like this doesn't encourage me to try it. If you wrote a couple of advantages of what FreeBSD has now and how do you use IMHO it would give a much better effect.
  • As I recall this a kernel feature in Linux now, in the 2.2.x series...please correct me if i am mistaken...I have not seen any information on implementing this however...
  • Here at PC Resource.Net we are in the process of rolling out a wireless radio data network with the sole purpose of supplying fast and cheap internet connections.
    Having read all of the above comments I feel that I should let you know how we are doing it here.
    Initially, all connections will be run as fast as the network can run. ie a 128k link will run as fast as a 1mb link until we have enough customers to justify an upgrade of our central router.
    We then plan the following:-

    The faster connections (512k+) will all be managed at router side using the CIR functions with static information.

    The slower (64k - 256k)connections will all be managed through bandwidth limiting on our Linux boxes.
    I am happy to provide any further information as required.

  • See Linux-2.2.x (Score:4)

    by maynard ( 3337 ) on Tuesday July 06, 1999 @05:44AM (#1816606) Journal
    See the traffic shaper pseudo device support in Linux-2.2.x. According to it's documentation it can shape from about 9600 to 256kb per pseudo-device. Documentation lives at:
    /usr/src/linux/Documentation/networking/shaper.t xt

    You might also want to look into the Linux Firewalling code if you're going to use it for traffic shaping as well. See:

    filter and ipmasq.txt in the same directory.

    Cheers!
    J. Maynard Gelinas

  • You only actually need to choke the users down to what they've paid for when there is actual contention. If you let them have the full capabilities of the hardware the rest of the time, it costs you nothing and can only make them happier.
  • Dummynet is useful, but also available for FreeBSD is the AltQ package. This adds several additional QOS-style packet queuing disciplines, such as WFQ (weighted fair queuing) and CBQ (class-based queuing), that are bettm er to use to implement a BW/traffic shaping device.

    See http://www.csl.sony.co.jp/person/kjc/software.html
  • Here's a product that should do what you need:

    http://www.etinc.com/bwmgr.htm

    I would highly, highly reccommend that you use FreeBSD, especially if you are in a commercial/ISP environment. Linux is great and all but you can't beat FreeBSD's rock-solid tried-and-true TCP/IP stack. http://www.freebsd.org

    good luck!

  • One thing I forgot to add...

    I would definitely do this at the router, if you can afford it. FreeBSD certainly rocks but doing this from a decent Cisco would be your best bet if you really want to do it right.

    If you can't afford a decent Cisco router, build a fast machine out of high-quality parts (or better yet, buy a Dell) and Intel NICs and install FreeBSD and the ET/BWMGR software.

    I think you'd be making a big mistake to use experimental Linux code on a very un-mature version of Linux (2.2.x) to try and do this.
  • FreeBSD's networking code is based on the original BSD networking code which has been around forever.

    Linux's TCP/IP stack was redone in 2.2.x and has not had enough time to mature.

    Don't get me wrong--I'm not dissing linux. The idea behind Linux rocks but the fact is, FreeBSD is more "solid". FreeBSD's code is tightly controlled by a core group of programmers who are less/not likely to add experimental/partially-working features to the -STABLE releases. I can't tell you how many times I've found partially-working stuff in Linux kernels.

    My advice to you would be to try it for yourself. Download a -STABLE release, install it, and put it head-to-head with Linux. That's what we did a year ago, before we made the big move from Linux to FreeBSD.

  • I've got a collection of all the documentation I've been able to find on the 2.2.x network stack, including the QoS stuff.

    It's all at my linux 2.2 site [freedom.org], check it out. Hope it helps.

  • Yes, you can limit downstream bandwidth. Routers have QoS, the linux kernel has several shapers to choose from, etc. But upstream might be more difficult. A malicious customer could simply type ping -s 1500 -f www.somewhere.com, and flood the entire wireless link he/she was on. There isn't an easy way to fix this. You can, however, confinscate their equipment and/or report them to the FCC for causing harmful inteference if they do decide to take down the link. I know that several cablemodems use snmp to inject QoS filters at the hardware level. Maybe there's similar offerings for other NICs. It could help during an emergency, and also to help limit upstream bandwidth.



    --

  • Re:Sorta related... (Score:3)

    by replica ( 7768 ) on Tuesday July 06, 1999 @06:43AM (#1816614) Homepage
    Check out the IPChains HOWTO [rustcorp.com]. You can implement TOS scheduling in your chain.
  • I want to get a T1 connection to my residence in the San Fernando Valley area of Southern California.

    How good would a wireless T1 be, and how much would it cost? I'm considering a wired T1, but it's a bit pricey for an individual.

    I'd also like to hear any feedback on cheaper wired T1 providers. I'm considering SoftAware - I know they're good, but $ 1,500 a month (all inclusive) is a little much.


    D
    ----
  • Right now, I spend $ 1,500 a month to rent office space including a shared 10mbps line, with my share being roughly a T1.

    Unfortunately, the company leasing me the space is likely to go out of business within the next 6 months or so, so I'm trying to figure out my alternatives. The best one is probably to pipe a T1 into my home, but I'd like to save a few bucks doing it.

    I've been doing computer consultancy/software development for over fourteen years, so you might want to compare apples to apples income-wise. It's also a matter of priorities - I really, really want high-speed Internet access to the home.

    D

    ----
  • Actually, my current apartment rent is $ 595 a month, for an incredibly boring place in a really boring (but safe) part of the Valley.

    To be in the Westside where all the action is, you can pay $ 900 a month and live in a decaying slum-like apartment. I know, because I checked.

    Fortunately, lower interest rates make houses not that far away. My mid to high five figure income can probably qualify me to buy a low to mid-end house. The cheapest single family house in a dismal area of the Valley is $ 100,000. Houses start getting dull but civilized around $ 200,000. For $ 400,000, you can live in eastern Malibu in a small but pleasant place with a partial ocean view. For $750,000 you can get a magnificent view of the ocean in Malibu with no land but what your house is sitting on. For $ 650,000 you can get a shack-like home on the beach. For $ 1,000,000 you can get a little land plus your spectacular view. For $ 3,995,000 you can get something pretty impressive. The most expensive home in Malibu is around $ 20 million.

    I'm contemplating the purchase of a house, partially as an investment, partially for tax reasons, but mainly because a nice apartment costs about the same a month as a decent house.

    I understand that these prices are bargain city compared to Silicon Valley's.

    D

    ----
  • I was under the impression that it was only
    possible to set QOS on outgoing connections. The
    problem here is on incoming large packets hogging
    the modem line. A 1500 packet can take a significant
    amount of time to receive.

    I wondered about dropping the MRU to force smaller packets and
    more fragmentation, but of course efficiency also drops.

    - Richard.
  • You might want to consider offering access to the 1 meg network in an open manner, but surcharge bandwidth usage (K transfered) above a point. I assume you could use IP accounting to manage this. You could also set it up so that when a new user brings up a new machine, a program watching the ARP tables could see the dynamic ARP entry, add a firewall rule to block all requests but port 80 and DNS. Then redirect port 80 to a local page where they can "log in." After they log in, create a static ARP entry for them and tie the accounting for their IP. If you do a search, MIT has done something like this on their network.

    Good Luck

    Dan
  • I'm assuming you'll have to have the traffic shaper on the LAN side of the wireless network. This means that your QOS and bandwidth restrictions will happen on the wrong side of your wireless network. Since you're not differentiating your speeds at the wireless side, all customers will be competing for the wireless bandwidth at the same speed. I'd be pretty upset if I was paying you full price for high bandwidth but couldn't get it.
  • Think Frame Relay.

    Limit the burst rate to 150% of the "CIR" or whatever the customer is paying for. That would keep the users "happy."

    I don't know the breezecom stuff, but if it can't handle much more than 1Mb then I wouldn't sell that speed. Wireless is a shared technology. Unless you can garentee that they will always be able to get 1Mb at a minimum then I would bump the top speed you "sell" to maybe 512Kb and let them burst to 150%, or 768Kb.
  • There's an introductory article in the June 1999 Linux Journal that may help...
  • It has to. What you might pay $500 to $600 here for an apartment, its almost double that in most areas of California. And don't even think about buying a house in either Los Angeles, San Jose, or San Francisco. Unless of course you make in the high 6 to 7 figures a year.
  • Check out the Packeteer PacketShaper. (www.packeteer.com). I've used this product before, and it's well worth the cash you pay for it.

    I don't know what kind of budget you have, but considering that you are planning on implementing this in a business, I highly suggest you go with a hardware solution. As I don't work for Packeteer, I suggest you call their sales staff for more info.
  • You can do that, and make your customers happy - but then why would any of them buy the 1M connection? Word will get around and suddenly you'll have everyone on 128K connections, using 1M.

    Easy. Those who pay for 1M will always get 1M (the money pays for necessary equipment) If "word gets around" then the service becomes so popular that it gets overloaded, and those who didn't pay for 1M suddenly fall down to the 128k they paid for. Those who paid for 1M still have 1M of course. Those who paid for cheap 128k and got addicted to 1M now seriously think of upgrading their service to 1M...

    Also, allowing people to use spare capacity will spread the load more, utilizing the equipment better. Geeks will use the service at odd hours in order to get better bandwith cheaply. If they have to pay to get more even in low-load situations then they may do so - and only use the service at more convenient times. This won't necessary make more money as everybody wanting 1M at the most loaded time of day will force the vendor to install a lot more equipment which will be idle half of the time.
  • We are going to offer Wireless 1M dedicated connections in our area for $350/mo, so it is considerably cheaper then a wired T1.
    Troy Harris
    Systems Administrator
  • Hello there,
    there's a solution available for linux 2.2.x
    and freebsd 3.0.1 at:
    http://www.etinc.com
    The license costs $500 per MAC Addr.
    It works great.
  • I don't know that the traffic shaper device is appropriate. It seems that it only works on a subinterface basis, which suggests the need for a single sub-interface per subscriber.

    This sounds like a waste of IP addresses to me. I would also worry about the ability of the kernel to support large numbers of subinterfaces in an efficient manner.
  • Given the cost of a cisco, it makes sense to consider doing the QOS stuff on another box.

  • A counterpoint. (Score:3)

    by Gumber ( 17306 ) on Tuesday July 06, 1999 @06:20AM (#1816630) Homepage
    The previous poster suggests that you only throttle when bandwidth contention is an issue, suggesting that it will build goodwill.

    I would suggest the opposite. You will certainly have a surplus of bandwidth when you roll out your service. If you open things up wide to everyone then you will probably have some very happy customers for a few months, and they will doubtless tell their friends. Soon you will have a growing customer base of people who are coming to expect more than they pay for. Then you have to start throttling down bandwidth. People are now getting less than they were getting before. Even if they are getting what they paid for, a lot of people are going to feel like they are getting shortchanged and they will start complaining vocally.

    Maybe this isn't such a bad thing though. If you build a subscriber base quickly on word of mouth because you are giving away spare bandwith then you might be better off than if you build the subscriber base more slowly, or you have to advertise to build it quickly. It depends on how much the malcontents cost you once you have to start throttling connections, vs the costs of slower growth, or the costs of advertising. Unfortunately, the cost of the former is hard to predict.

    As for dealing with the daily peaks of bandwidth utilization, again, I think people will tend to react better to consistant performance throughout the day or week, rather than wide fluctuations. On the other hand, if it is possible to allow maximal thruput on short (10-40k) spurts and throttle it down on longer downloas, then it becomes more difficult for people to quantify and less likely to engender ill will.
  • As a hard core Linux user..

    The nice thing about FreeBSD is that when the docs say it supports some hardware, it really supports it. FreeBSD contains very little or no beta or prerelease code, particularly in the kernel -- unlike most GNU/Linux distributions.

    The Linux and FreeBSD development models are significantly different, and neither is really better than the other. FreeBSD values rock solid stability and extensively tested code more than Linux's fast and radical growth and support for peripherals.

    Personally, I use Linux because I want my workstation on the "bleeding edge" of technology, so that I know what's going on.. and so that I can use my cheap TV card with my cheap video card. I also think that the dynamic nature of the Linux kernel will assist with advancing new technologies more than the "conservative" FreeBSD. However, it is still important to advance the "old" technologies...

    Both operating systems are very stable and fast, and as server OS's they both give the commercial systems a run for their money. Neither have significant stability problems. But FreeBSD is sometimes faster and it never claims to support hardware that is really only half-supported. I have not had a stability problem with either OS, but if reliability and performance were my top priority, I would at least consider FreeBSD.
  • People have posted very good points about the pros/cons of bandwidth limiting.

    I feel that the best solution, (the one that would make ME happy) would be to allow the full bandwidth available to the client, unless things get busy. Then, you enforce a CIR, like in frame relay.
    And, you make it VERY CLEAR when you sell the service that this is how things work!

    Also, there are lots of posts about linux traffic shaping, and other free solutions. There are several commercial products that do this for you. One is called the iPATH. It's not horribly expensive, and allows you to do many interesting things with ethernet/IP.


    Also... regarding traffic.
    I am a firm believe that the proper way and the only long-term way to deal with bandwidth is to charge people based on what they use. Chare a relatively small monthly fee for the hookup, and charge a fair rate for the bandwidth used.

    I get REALLY mad when I read my cablemodem contract and it says 'you can NOT run a server of ANY kind, shaw@home is for casual, home use only.
    Who the heck made THEM the god of deciding what 'Internet USE' is? They provide me with a certain amount of bandwidth to my house. I can FTP things UP to people all day long.. but if I put up a server so they can request things themselves, I risk losing my connection. It is for 'attended use only'... what???
    They make it out like someone who does more than surf for porn and read email is 'abusing' their service.
    You know, if they chargedbased on bandwidth, they wouldn't have a problem. I would be MORE than willing to pay a fair rate for the bandwidth I use, as a tradeoff for them providing me with proper service.
  • Well. its like any other area of life. "If other people are breaking the laws, then the laws must not mean much, so its OK if I do it too.." kind of thinking usually dosen't work well.

    There's often reasons behind the laws, that put
    them there in the first place. Oh, sorry about the "its the telcos, preventing competition" bit, these restrictions have been there (in one form or other) for much longer than those current issues.

    Another thing, if you are going to operate illegally and possibly interfere with other services (the real reason the rules are there), I'd pick a piece of band that DIDN'T have Hams around to notice and probably seek you out over it, rather than someplace not so traveled.

    Another another thing.. being an engineer and knowlegable in radio (and a Ham), there are problems with just upping your power. Narrower bandwith (like voice) = more sensitive recievers, and better range for same power = lower data rate in data mode. Higher bandwidth = faster data rates = less sensitive recievers = less range for same power/antenna situation. Its more of a challange for hi bandwith radio. Also, and worst, is the situation of multipath, and one station interfering with many others due to too much power. Digital signals need very clean signals, typically.. noise that you can hear and understand voice with can totally obliterate a digital connection. Having signal bounce back off mountains, tall buildings, airplanes, etc. can mess up a normally clear path, and that gets worse fast with more power.

    There's much to consider in something like this, too much for a short mail. Basically, low power and lots of antenna gain (which equals directivity, i.e. dishes or beams) is the better direction to go. There is a website that has a paper on these issues, written by a Ham researcher in digital high speed Ham networks, if you are really interested. I belive its called the "Higher speed Packet" page, Packet radio being the commonly used digital mode of networking.
    Search on Packet Radio, high speed, to find it..

    Anyway, I don't mean to say you shouldn't try something, since I really don't know the ISM laws,
    it may not be a problem to add antenna gain, and leave power the same, depends on how they wrote
    it up. That would work better, be cheaper, and the more directional you get the less interference you cause to whoever is your neighbors. Antennas are pretty easy and cheap to make, once you know a little bit about whats what. Get a copy of the Amateur Radio Handbook at the local library, or buy one, for starters...

    Didn't mean to write a book, but didn't want to see a place where common courtesy was also the better result way to go get by.. :-)

    Hope it helped...
  • FreeBSD has a feature called dummynet. See the
    following URL: http://www.iet.unipi.it/~luigi/ip_dummynet/
  • I'd like to add that, in my experience, BWMGR does not work as advertised, nor is et interested at all in providing technical support or issuing the various bug fixes needed to make it really work.
  • His point was that linux _as_ a router is much less efficient and more error prone than a dedicated router.
  • I thought that there was a one (1) watt limit to the 900 MHz band, and you would need a license for anything else. Using a yagi to transmit would place 800 mW above that limit (ERP in one direction). However, just using a yagi to receive would not. Also, I don't see how you could use an amplifier legally on 900 MHz without a license.

    The FCC changes rules a lot, so I am not up on all of them. The question I have, besides the 160 KHz band (again 1 watt and not enough bandwith), part 15 devices (most require FCC type approval and FCC id numbers, and only let you have milliwatts-has that changed?),

    what other band besides 1 watt 900 MHz is there for high bandwith unrestricted use???

    yeah, I know about light too. Just RF.
  • There is these little black vans with just 'FCC' on the side. I really didn't believe that they existed until I saw one with its 10 or more antenna on top.

    Higher power is not a problem until you start interfering with somebody's TV set. They end up bitching to the FCC. Then the FCC sends the little black van to your area.

    I never thought that they ever caught anybody. Until I saw some press clippings about some guy whose equipment was confiscated and he paid a hefty fine.

    Well you say, I am not going to interfere with somebody's TV, the frequency is too high.

    Then you end up interfering with somebody's cell site, or somebody's direct TV, in the future it will be TV all over again with HDTV micro signals. But I can guarantee before you interfere with any of the above, there is one thing you _will_ interfere with -

    Aunt Myrtles old electric organ down the street. Every neighborhood including yours has one - an electric organ. They will pick up _any_ miss directed RF no matter the frequency. They are especially good with hi-power CB.

    I personally don't use CB. I did have one once, and when I did turn it on, a couple of times. It seemed that there was this guy who would flip his multi-KW on at 8 oclock and slam my needle. Then he would go about making these weird slow throat noises with reverb mixed in.

    It's those dumbshits that piss me off. I suppose I could have triangulated him quite easily with a couple of electric organs - or toasters for that matter. Then I could have stuck a needle in his coax and smoked his ass out - just never got around to it.

    Just this last fourth some worker was killed when the fireworks spontaneously ignited that was being set up. It has been theorized that stray RF was to blame. My experience with the CB idiot certainly has me thinking. Frequency too high or just a little more power?? Just don't interfere with a plane's navigation system and send it down.
  • I think that might not be the right URL..

    From www.e-spec.com:

    "e-spec is a proprietary Application Framework developed specifically for building Windows* based
    Product Selection Software programs"

    It doesnt say a thing about wireless comm..

    I also tried www.e-spec.net (doesnt exist)
    and www.espec.com (something about environmental
    testing labs)

  • Wireless Network Solutions [newbridge.com]

    Check out the network management part. I know that what you are asking is very possible.
  • Performing it straight on an interface shouldn't hurt too much - although I
    gotta admit, I've got no numbers to back me up here.

    - Yes, the overhead is something like 0.001% or
    less. Can live with it.

    Matching per IP address is rather CPU intensive though, according to the
    documentation.

    Actually, it's a bit more involved than that.
    According to documentation, using the standard
    access list (if you wish to match IP addr)
    shouldn't be that bad, but using the extended
    access list (if you wish to match say TCP port
    number) causes more overhead. What we've got
    is something like 10% overhead with a standard
    access list, and >20% with extended access list.

    By overhead I mean 'the packet rate which still
    can be processed by CPU'. (on input for instance,
    you'll see 'ignores' if CPU can't keep up with
    the incoming packet rate)

    Hope it helps.
  • This will hurt latency, affecting online games, telnet sessions, etc. Remember, you want to limit bandwidth, but not hurt their network experience.

    How about just giving them 1M burst, and charging them if they use more than their allotment over a one month period?

  • I personally have had problems with the 2.2 kernels that are probably related to the TCP/IP stack. I'm still trying to nail down exactly what's wrong.

    Statistics were posted to /. in the last day about FreeBSD vs. Linux web server performance.

    It's generally agreed that Linux/Apache lost to IIS in the revised Mindquest comparison (NOT the original, insanely loaded one) because of the Linux TCP/IP stack.

    Using linux without considering alternatives is bigotry.
  • Linux Router Project supports traffic shaping, although I've yet to set it up. If the breezecom routers dont do it you may be able to build a Linux router that'll traffic shape and do wireless to 2megabit too. see the Linux Wireless Router Howto [rage.net]

    This may also be a cheap solution to some of the other replyers who were interested in wireless routers if your into DIY!

    -- Greg
  • This sounds like an exploratory question for someone who hasn't yet come up with a business plan. Are you truly expecting to provide a huge amount of bandwidth to thousands of customers and then try to use a free linux program to enforce your ToS? I'd love to see you succeed with this, because the latest Linux kernels have some traffic shaping in them, and you could help out the coders with a real world test bed.

    Why then aren't you taking advantage of Breezecom's built in Maximum Information Rate Class of Service? Do they charge too much for the management software? Have you even talked with their account reps? Their whole business is aimed at ISPs trying to do exactly this same thing. Breezecom modems emulate a serial connection, but their cheaper LAN products emulate an ethernet link. Their modems have a built in rate limiter, their LAN replacement is only aimed at office environments and not ISPs. It sounds like you have chosen the cheapest products, and are now trying to add something for nothing.

    To properly implement a per user CoS, you must assign a static IP address to each end station, and possibly lock it down to a MAC address. Then you can set up a traffic shaper for each customer with little hassle. Easiest way to do is have different customers in different subnets, so all the 128k people are on one subnet, 512k on another. Rule writing is easiest that way. If you try to do CoS on systems dynamically grabbing an IP address (DHCP or equiv), you will spend all your time writing custom code to match addresses to customers to ToS to shaper rules and so on. Avoid it.

    The best solution for packet shaping is Packeteer, who make a great box with a fairly good interface. The cost isn't that high compared with how much you will spend trying to implement the same thing with free software. Just buy one of their boxes and throw it in line with your ISP, then configure it a little and you can mostly forget it.

    The next solution is Cisco, who have a bunch of different options built into their IOS for crude packet shaping. Presumably at some point you will have to buy a big Cisco router, probably when you get more than 50-100 customers. Since you are an ISP, what routers are you using now?

    The cheap but limited solution is the latest linux kernel with IP Chains and Class Based Queueing. It should scale to handle a few subnets, each having its own CoS, but may not do 512k or higher. Crude, but should keep your bean counters happy until you have enough paying customers to afford something to cover a bigger user base.

    Also check out NetBSD shaping, since I haven't yet.

    No matter what you do, always enforce your bandwidth policy from the beginning, because you will lose all of your original customers later when you start to enfore the policy. Never give customers free bandwidth even if it is available, you are asking for a customer relations headache down the road if you do. Poor customer relations is the main reason small ISPs go out of business. This is the voice of experience learned the hard way :-(

    Remember, packet shaping is a one way process, if you want to limit the connection from the user back towards the internet, you have to install something at the customer end, either a small box or software on their machines. A nightmare you probably shouldn't touch.

    Good luck, and tell us what solution you end up with and how it works. We geeks are a curious bunch.

    the AC
  • Does BSD ipfw support filtering based on IP TOS?
  • I also work for an ISP using the same product. And the Station Adapters or Access points and wireless Bridges you are using have software built in that will limit the speed. We have sevral customers that on 128 k connections that work fine. If you read the manual it will tell you how.

    If you are sending all the signals to a seprate building and then bouncing them down to your server room I suggest doubling up on the antennas and using the uni24 (http://www.breezecom.com/Products/ant24dbi.htm) that way it won'tbe a bottleneck
  • I do not understand why Linux users insist on arguing when a *BSD user says a particular feature is better in in a *BSD than in Linux.

    While Linux has excellent support, a lot of apps, a runs on a ton of hardware there are areas where the BSD derivatives are better. 1 of which is the TCP/IP stack (As admitted by a number of Linux kernel developers) and another area is in applications related to ISP's as that has been an important niche for FreeBSD especially.

    I wish the Linux users would focus on making Linux better instead of jumping down *BSD users throats any time they point out an area where a BSD is better.


    And as for reliability... it will be a long time before I trust Linux in a critical server and I will never trust a development kernel on a critical server. The same holds true for the *BSD's... Development kernels are not for production use and anyone who thinks otherwise has no concept of what business is about.


    -ket
  • You only actually need to choke the users down to what they've paid for when there is actual contention. If you let them have the full capabilities of the hardware the rest of the time, it costs you nothing and can only make them happier.

    I guess you're working under the assumption that only "normal" users have to pay for bandwidth. ISP's often have to pay based on how much bandwidth they use per month. If you're gonna let people have 1Mb connections for the price of 128Kb connections, you'd better make sure the cost of the 128Kb connections pays for the 1Mb of bandwidth that you're using.

  • Could you expand on this? In what way is FreeBSD more rock-solid and tried-and-true than Linux? What is it, specifically, that makes FreeBSD better for this application than Linux? I am currently a Linux user, and want to know if FreeBSD (or any of the other *BSDs) might be better suited to some applications. I also think there are many other users looking for concrete reasons to evaluate free OSes other than Linux.
  • I have a setup with a few Breexe nodes, and some leased line customers.

    My setup is a linux box connected to the net, static routing, so that each MAC is forced to a certain IP, and then shaper, some of the connected people have a few boxes, then I just shape them all through one device, so that they share their own alloted bandwith.

    Shaper (as far as I know) only shape outgoing (to the local people) trafic, had some trouble with morons uploading tons, so I use a spare box in between my "Breeze hub" box and my backbone, with lots of virtual IPs, each shaper device uses its own def route to one of the virtuals, so then I can shape both ways. Maybe not the most elegant, but it works ;)
  • I completely agree. A real world example of this is shaw cable in toronto canada. I was a beta tester since early 1996 -- and access started at almost full 10mbps downlink and 768kbps uplink (no kidding). Anyway, the finally opened the network to everyone else, and over a course of the year they changed the pricing scheme to 39.95 canadian per month, and the monthly subscriber rate exploded. This of course ended in speeds that were 5-10x slower than access was previously. Believe me, the customers were not happy. However, the simple fact that they were not happy with 1-3mbps downlink and 250-400kbps uplink for 39.99 a month is the point. Stable speeds are the way to go. I'd be a lot happier with a set 2mbps downlink and 500kbps uplink with a higher tier QOS than having to worry about going on the internet during prime time where speeds are sometimes extremely slow (relatively of course).

    This guy, if I'm not mistaken, is targetting business users? If he is, he MUST go for stable speeds. If it's business users you are looking at, the WILL use the speed. The only situation I see where you can completely oversubscribe bandwidth is when you're dealing with an end consumer. They tend to use far less than their line is capable of on average. I myself average less than 5k/s per day and I would consider myself a pretty heavy user.

    However, if you think you can keep up with the subscriber rate, go ahead. All you have to do is segment the network at set peak intervals. You have to think like an amateur psychologist though. Giving more, then providing less in the future isn't a very good thing. People don't like less, they continually want more and more. So in conclusion, give them stable rates, and if they REALLY want more, then charge them more money to get a better QOS on a higher tier.

    An example of a wireless internet provider who has completely F***** this up, is www.mipps.net in toronto. They sell full 2mbps full duplex wireless connections but their connection to shaw fiberlink internet is a joke. They also give every customer a linux firewall router box instead of a cisco (running an old 2.0 kernel) which I think is a complete joke.

  • IP - Shaping - Nist Net (Score:3)

    by wwalker@pobox.com ( 66545 ) on Tuesday July 06, 1999 @07:22AM (#1816654) Homepage
    Check out NistNet. It should do everything you are looking for.

    http://osi.ncsl.nist.gov/itg/nistnet/
  • Perfect for low-profiling your high-traffic web server from the packet-sniffing cable modem ISPs.

    Perfect when used with TCP wrapper and " DENY".
  • With RedHat Traffic Shapping and TCP Wrapper (for blocking ISP's port scan and compliance with AUP server ban), one can get a very fine industrial type web server that is at least accessible and suppresses your traffic profile to those below your neighbor kid's Quake Server or MP3 FTP site.
  • you mentioned having CoS on systems dynamically grabbing an IP address (DHCP or equiv)..and to avoid it...

    is there any way to do this in linux without a hassle? I'd like to be able to set outgoing traffic limits for any IP's that are setup to go through my gateway box.. i messed around with CBQ and got it to work, but it will only shape traffic for ips on a local eth device.. id like to just shape traffic for each ip on the subnet that uses the gateway, to mabye 10-15KB/s outgoing, unlimited incoming...
  • This might not be the appropriate forum but.... my company worked on this project (a traffic shaper kernel module) for over a year and we didn't have the resources to test and sell the product. The features we have implemented are a lot more advanced than what is currently in the 2.2.X kernels like: 1. Bandwidth regulation based on: IP address or ranges of IPs TCP or UDP service 2. Bursting for any or all the bandwidth shaping rules 3. Real-time bandwidth statistics 4. dynamic configuration of bandwidth shaping rules
  • oops.. I posted too soon.. so if any company wants to pick up this project and give it a good home (and hopefully make it open-source) please email me. We are only asking what we have into it.. The address is paulusk@indirect.com..
  • If your intent to saturate your local market with the Breezecom product (and I hope you do) you will see a significant reduction in performance because of the dwell time that the hoppers must sit when they collide. The more hoppers, the more times that they will collide, the more frequently your clients will have dwell periods. The end result is a significant performance hit. Sadly, the solution you are looking for is automatically built into the product that you will be using.

    A well developed and planned network might allow you to use the product with some limited success without too much colliding.

    I am interested in learning how you will tackle some other issues.

    Paul

    You may contact me directly at paul@rli.net or give me a call at 580-250-4247.

    www.rli.net

  • You can do this with QoS features in the 2.2 kernels. Just read the ipchains homepage (somewhere in the docs, you'll figure out) and see how you can assign different strategies when queueing different types of IP packets.

Slashdot Top Deals

The use of money is all the advantage there is to having money. -- B. Franklin

Close