Limit traffic on certain IPs

Installing and Using OpenWrt Network and Wireless Configuration
1

i have a 50/5 Mbps VDSL (primitive) connection at home and i would like to make the most, as i have many friends and guests using it. I am trying to use the QoS over Nftables, but i would like some help to optimize it. All families devices get a static IP in the LAN and the LAN subnet is 192.168.160.0/24.
I would like all dhcp clients, that do not get a static IP to get an IP from the pool 192.168.160.160/27 (.161-.190 IPs) and all of them share 10/1 Mbps.
here is my config of /etc/config/nft-qos.


config default 'default'
        option limit_mac_enable '0'
        option priority_enable '0'
        option limit_enable '1'
        option limit_type 'static'
        option static_unit_dl 'kbytes'
        option static_unit_ul 'kbytes'
        option static_rate_dl '50000'
        option static_rate_ul '50000'
        list limit_whitelist '192.168.160.240'
        list limit_whitelist '192.168.160.241'
        list limit_whitelist '192.168.160.242'
        list limit_whitelist '192.168.160.243'
        list limit_whitelist '192.168.160.244'
        list limit_whitelist '192.168.160.245'
        list limit_whitelist '192.168.160.246'
        list limit_whitelist '192.168.160.247'
        list limit_whitelist '192.168.160.248'
        list limit_whitelist '192.168.160.249'
        list limit_whitelist '192.168.160.250'

config download
        option unit 'kbytes'
        option hostname 'DHCP_10M'
        option ipaddr '192.168.160.160/27'
        option rate '1100'

config download
        option unit 'kbytes'
        option hostname 'Zach_Mobile'
        option ipaddr '192.168.160.238'
        option rate '1280'

config download
        option unit 'kbytes'
        option hostname 'TV_Box_1'
        option ipaddr '192.168.160.237'
        option rate '5000'

config download
        option unit 'kbytes'
        option hostname 'TV_Box_1'
        option ipaddr '192.168.160.236'
        option rate '5000'

config download
        option unit 'kbytes'
        option hostname 'Helen_Mobile'
        option ipaddr '192.168.160.234'
        option rate '1280'

config download
        option rate '50000'
        option unit 'kbytes'
        option hostname 'RPI_VPN'
        option ipaddr '192.168.160.251'

config upload
        option unit 'kbytes'
        option hostname 'DHCP_1M'
        option ipaddr '192.168.160.160/27'
        option rate '110'

config upload
        option unit 'kbytes'
        option hostname 'Zach_Mobile'
        option ipaddr '192.168.160.238'
        option rate '128'

config upload
        option unit 'kbytes'
        option hostname 'TV_Box_1'
        option ipaddr '192.168.160.237'
        option rate '250'

config upload
        option unit 'kbytes'
        option hostname 'TV_Box_1'
        option ipaddr '192.168.160.236'
        option rate '250'

config upload
        option unit 'kbytes'
        option hostname 'Helen_Mobile'
        option ipaddr '192.168.160.234'
        option rate '128'

config download
        option unit 'kbytes'
        option hostname 'Anthony_Mobile'
        option ipaddr '192.168.160.232'
        option rate '1280'

config upload
        option unit 'kbytes'
        option hostname 'RPI_VPN'
        option ipaddr '192.168.160.251'
        option rate '128'

config download
        option hostname 'undefined'
        option rate '50000'
        option unit 'kbytes'

config upload
        option unit 'kbytes'
        option hostname 'Anthony_Mobile'
        option ipaddr '192.168.160.232'
        option rate '128'

the entries in the range 192.168.160.23X will have certain bandwidth each one.
the entries in the whitelist section should get the max bandwidth.

i would like to ask if have something wrong or anything that could get optimised.

1 Like
2

May I ask why you want to limit everyone and not use sqm for a good and fair experience for everyone? 10mbit is to slow for a HD stream but at least two people could watch hd while there is still room for web traffic :man_shrugging:

3

i would not like to give that much room for HD streams on the guests. if i do that, then i would not be able to remote work.

4

but that's the idea of SQM. You distribute the connection speed equally.
And if my math is not totally off, then 90% of 50 Mbit/s is 45 Mbit/s, which can easily hold 2 HD streams and a Video Call...

I got 100 Mbit/s and I can stream 4k youtube, while GF is watching HD, and I update my Steam Lib...

https://openwrt.org/docs/guide-user/network/traffic-shaping/sqm

If you don't know it yet, have a look. Its basicly just installing one package and dropping two lines in the config, and start the service. Fire and forget and have a far better exp on slow uplinks.

5

When I set up SQM the first time, we had a 40Mbit/s VDSL link. And the results were - simply put - impressive. So to emphasize what @_bernd said: why don't you give it a try?

I never tried, but if I'm not mistaken SQM could also be used to shape down the speed of a specific interface. So if all guests were on their own VLAN, SQM could be used to shape the interface speed down to the desired 10/1.

1 Like
6

Very much agreed on the SQM front. It turns out you can do a lot with around 50 Mbps downstream speeds. I used to have a VDSL2 connection that was 50 Mbps down and 20 Mbps up for many years, for instance. And with SQM enabled on that link, I could watch a 4K stream or be gaming, parents could watch Netflix in 4K, and my brother could be on TikTok loading endless videos, all without hitches.

SQM is really easy to set up, and doesn't come with all the technical debt and constant tweaking that traditional QoS wants from you.

7

OK i will give SQM a try. is there any way to limit some IPs to specific speed?

8

Not sure, never looked it up.

But let's just install sqm for now and configure it with 90% of DL and UL capacity and see how it feels

9

Not within SQM*, but you could also use luci-app-nft-qos if you really think you need to throttle some IPs...

But as has been proposed, start out with sqm (use piece_of_cake.qos with cake as qdisc and configure it for per-internal-IP fairness) and test whether that is sufficient, you can always add things on top if need be...

*) You can obviously write your own script to be used with the sqm framework and in your own script the sky is the limit, but there is no ready made template that makes it easy to achieve your selective traffic shaping goal.

10

indeed SQM gives a fair share in the network traffic, without bottlenecks. tried it for 2 hours with many users and seems fine.
i am afraid i have to put some boundaries in my LAN, as i have some particular uses that are really heavy users and give me issues with my remote work. I am afraid i am not familiar how to write my own script for that.
here comes the big question. can i keep SQM with piece of cake QoS and install nft-qos to reduce the speed of those? like my initial post/config

or will i cause more issues?

11

Have you tried the per-internal-IP fairness configuration that will share the capacity equitable between all internal IP addresses, so a heavy user will not get a larger share of the capacity than remote work, as long as your remote work capacity requirements stay below your fair capacity share you should be isolated pretty well from the heavy users.

EDIT: fixed wrong link...

I honestly never tried, and hence can not answer, but that sould be easy to test, no?

Try it and post your results here, as that is an interesting question :wink:

12

I used this combination a year ago and it worked.
Dont know if it works on 24.10.

14

nft-qos and the config that i have in my post #1 is the one that i am currently using. Seems to work for me.

1 Like
15

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.