Help with beginner QoS

Hey, so I'm new to open wrt as a whole, although I am rather familiar with coding in Arduino, matlab and python. I need some help getting started with QoS for my network: (go to bottom to see why I need this)

Basically here's what I want to happen:
-There are 2 types of users on the network: Throttled and unlimited
-Every user is throttled by default, unless I manually specify them to be unlimited
-Throttled users have unlimited speed until they reach a specified data usage within 24 hours
-Once a user hits this specified data usage, their speed is reduced to approx 1mbps.
-Every night this data cap resets and people will go back to having uncapped speed until they hit the data limit again the next day.
-I would also like to have times of the day that throttled users have no internet (or speeds MEGA slowed down)
-I would also like the network to kick off throttled users off wifi every week or so, where they'd just need to retype the password. I'm not sure if this is a router thing or an AP thing.

Let me know where I should look to get started setting all this up! I assume I'd need to code some sort of QoS script? Frankly I have no idea where to start. Any tips/suggestions would be awesome so I can configure all this!

Here's my use scenario:
At my cabin (where this network would be implemented) I plan to use an LTE modem and some sort of openwrt router. Likely a ubiquiti ER-X, unless you guys have a better suggestion. This would be used in conjunction with a Unifi AC Pro, unless again you have a better suggestion. The only issue is my cabin has lots of friends and family coming though as it is inside a camp, and basically nobody at this camp has wifi. I'm more than happy to share our connection, but I don't want people to abuse it as we only have 500gb monthly data from our 4g line. My goals stated above for this router above should prevent most of the network abuse, although I'm more than happy to take suggestions. Frankly I really only want them to have internet when I'm having them over, and the last thing I would want is for kids to stand outside the cabin while I'm not there just to use the internet.

Thanks for all your suggestions and help!

Take a look at ESPRESSObin V5 + case + Ruckus R510 from Ebay.

Thanks for the reply! I'm mainly wondering how to go about implementing these QoS rules, as I have no idea where to even get started. Also whats the advantage of the hardware you mentioned instead of the ubiquiti gear? From what I can tell it seems to be much more expensive.


looks to me as you are in over your head implementing this yourself (if you dont already have a clue).
so maybe look for turn-key solutions that meet your requirements.

on a sidenote; newer android versions seem to include a per-connection mac-address randomization which will probably render all those per-client limits moot.

This is just the ideal scenario for me, figured I'd give it a shot learning it and see where I get. I've already been looking into it on my own but so far I haven't found anything overly helpful. I'm more than capable to code, I'm just not sure if that's what configuring qos requires. If it is, and I can figure out where to start, I'm sure I'll get it working.

Do you guys have any good articles you'd recommend I read up on? Forum posts? Videos? I'm here to learn!


If look at "By It Now"
UniFi AC Pro ~$120
Ruckus R510 ~$175
If Auction, i saw R510 were sold ~110

Okay thanks! Perhaps it's the Canadian dollar messing things up for me lol. I'll definitely look into it!

Assuming I could get that hardware for a reasonable price, what are the main advantages to it in your opinion?

this equipment simply has no analogues

idk if ruckus ap will magically solve your qos-needs @Noveon plz elaborate
afaik it is a current hype/goto product for mid-size commercial venues.

@op to get a grip i recommend you look into sqm-scripts and further into hfsc for your qos spec. probably enough to make it work as intended.
but your needs according to data-quota will need some kind of asset/client tracking db and conditional framework.
maybe doable from within iptables (maybe conntrack-bytes) but i not sure that this is readiy available and maybe not trivial to intergrate.

delusion lives only in your head, so you forgot to add imho

You make a claim so you have to provide evidence for it otherwise it is just your opinion.

Here is my suggestion. Instead of a single preshared key, use enterprise WPA. Give each person a login, you can even print them up on cards and pass them out. Set up freeradius to handle the authenication and accounting.

Now when YOU log in other users get authorization for 24 hrs say. This means if you're not around people don't slurp up your data.

If you want to give people slow access at other times use dynamic vlans. So when you are logged in people get steered to say vlan 3 and when they're on their own steered to vlan 4. Now put QoS on vlan 3 for full download rate and on 4 so max download rate is small.

1 Like

Thanks for the suggestion! I'll look into it!

Okay, cool! That's not a bad idea actually! Also I don't necessarily need the speed to slow down a lot once they hit a specified data rate, I could maybe just have the entire vlan a little slower than the unlimited users, and have them kicked off in even just a few hours. This would likely make the entire coding a lot simpler rather than tracking each data packet.

Also I like the idea of having a bunch of cards, maybe I'll build some sort of device so they can "take a number" sort of thing but with wifi haha.

I'm not hard set on these rules by any mean, and I'm all for making it more simple with different rules! Let me know if you guys have any other suggestions!

You could definitely do something like this, also you could have the whole guest vlan have a daily quota and then slow the whole vlan after the quota. Say 1GB /day at full speed and 500kbps after. With a large number of guests I think the take a number approach is best. It lets you change the password for just users who are problematic without causing everyone to need a new password. I'd also expire the passwords after say 6mo, just so you know what's up.

1 Like

Smart. So is this easily implemented in a specific router? Or will it still likely need to be hard coded as well?

You'll have to read up on freeradius and probably set up a small database, maybe sqlite. The only thing not out of the box will be the decision about who is special and who is not, maybe the quota stuff which can be done with some iptables rules, SQM can do the shaping as long as you're shaping a whole vlan, you just run a Cron job to check the quota and change the SQM speed... It's all pretty straightforward if a little bit specialized. Tracking quotas per user is much harder than a quota for the whole guest vlan

1 Like

Okay thanks! Good to know! I wonder if I could maybe even create a new vlan for each user lol. Haha I'll read up on it!

Start out with the wpa Enterprise stuff, get a user database set up and the dynamic vlans, one for unlimited and one for guests. Log every authentication in the database with the time. Then you can probably move from there to a few scripts that make decisions based on the data logged in the database.

1 Like

Will do! Thanks!