Bandwidth limit per IP/Mac

I've hunted through multiple solutions in search for this over the last couple of months off and on, and haven't found an actual clear solution for what I'm looking to do; most people helping end up directing the person asking to various excellent methods of ensuring bandwidth fairness or reducing buffer bloat. That's probably the right answer for most of the people asking, but I'm looking for a very specific solution that actually does require a bandwidth limit for a single device (or IP range).

I've got a small home network running OpenWRT successfully with a Verizon air card. I do some light streaming video usage, almost exclusively with a single device (smart TV). My interest is in limiting bandwidth to this one device in order to force the Netflix and Amazon apps into a considerably lower video resolution, since both services intentionally avoid giving you a choice in their app settings. Doing so considerably extends the portion of the month I can watch low res video without getting the rest of my connection deprioritized. No fairness-oriented solution will solve this particular quirk without applying a pretty hard kb/s limit to the device.

I'm currently running an OpenWRT derivative named ROOter, based on LEDE 17.01.2, and it's been working perfectly otherwise for almost a year and a half. If necessary to get a package I'd need, I can back up my current image and upgrade to the latest version, which is based on OpenWrt 18.06.1. I'm using ROOter primarily due to the excellent job it does handling air cards.

My hardware can't support multiple SSID's, so if the easiest solution is to move the single device to a new interface and rate limit that one interface, I can do that, but it'll take a bit of extra work.

Is there a simple solution I'm missing? I've done custom traffic shaping using tc, but it's been years, and I'd end up completely re-learning if I need to do a custom setup. I'll do that if I need.

Thanks for your time if you have any suggestions!

First I would suggest you to upgrade your router to latest version if possible or otherwise at least upgrade to 17.01.6 because it should be possible. The upgrade should fix the problems and provide enhanced security.

I have a small script that I created some time ago and it may be able to help you. [Info] Limiting Download Speed based on MAC

In case, you want to limit traffic speed for http or https_ONLY_, squid (cache/proxy) can do that for you.
Semi-professional solution is to use traffic limits, enforced by captive portal in coop with RADIUS. However, steep learning curve.

There are lots of OpenWRT "Software" do the bandwidth per IP job. Google search those: eqos (tested working), luci-app-nft-qos (tested working, active development, MAC supported), qosv4(a tomato firmware shaping per IP merge, works on older version of WRT)

I am also interested in per IP/MAC bandwidth control. OP, did you manage to find a satisfactory solution?

Yes and no. Several of the recommendations above looked very likely to work, but at the time I was also stuck on a very outdated version of the ROOter branch that wasn't new enough to support them... and then I got ridiculously, stupidly busy at work, so am only now (in the last few weeks) getting back to my router setup to start working my way through the upgrades necessary to actually implement one of the suggested solutions. The gist of the problem is that almost all of the good solutions require at least one kernel module that's not precompiled with ROOter, and since ROOter is custom compiled, you either need to compile your own copy with the module or ... well, suffer.

If you've got an air card that works well with vanilla OpenWRT, you're ahead of the game. I'm also running an older generation, quirky air card ... so right now I've got a newer, better supported air card on the way from China (since the model I'm looking for is apparently almost impossible to get domestically right now). Once I have that upgrade completed, I can start playing with my second router and vanilla OpenWRT to see if I can get it supported under the vanilla platform where I'll have a lot more kernel module options.

I see. So your pains are in large part due to hardware.

I just installed luci-app-nft-qos, luci-app-qos and trafficshaper. I don't know which one caused a new menu item to in Luci, but I was able to set separate download/upload limits on a particular device and successfully confirmed the speeds on speedtest.net

Perfect. luci-app-nft-qos was one of the most promising looking ones recommended to me, so I'll give that a try as soon as I get my other upgrades worked out. In my case too, individual air cards are fairly stupidly cheap per month as well, they just have a relatively low bandwidth limit, so once I get an initial modem upgrade worked out I'm looking to add a second card and do mwan3. I should be able to lock my couple of bandwidth-hungry devices to one card, so even when that one goes over and gets throttled, it won't affect my other devices being able to use the "fast lane" as well.

Thanks! I think you've actually helped me out on this one more than I was able to you!

1 Like

As a late but useful follow-up, I've spent the past few months slowly upgrading all my equipment so I can get a more recent OpenWRT on my (new) main router, which is now up to 19.07.4. Among other things, this has finally allowed me to test the suggestions above. Specifically, luci-app-nft-qos was exactly the tool to fit the bill perfectly. I wanted to follow up with my final answer for anyone finding this via search later.

Since I wanted to rate-limit exactly one client and leave the rest essentially untouched, I landed at the following setup:

  • Rate limit enabled, and set to static
  • Default rate (applies to everything) set WAY higher than I'll ever see on my multiple LTE connections, which effectively disables the limit for default devices.
  • Device I wanted to limit (a Firestick) set to a download limit of 100KB/s (not kb/s, this app uses B).

This has produced the desired effect of limiting me to lower data usage (really, lower resolution) on streaming with zero effect on any of my other gear. It's working perfectly so far.

Thanks to all who contributed suggested approaches!

4 Likes

I just found your thread, a lot of good info here.

Just wanted to ask, do you know if this package would work if I'm just using my OpenWrt router as a dumb AP, or must it act as the router/gateway to one's LAN in order to take advantage of this?

I've got an IPFire box running as my actual router, and I'm using its built-in QoS to pretty decent effect. But it's not quite enough for this one heavy user on the network whom I'd like to limit.

Anyone got an idea?