Speedlimiting certain IPs

Hello everyone!

I know this topic is quite popular on this forum but I couldn't understand a word in any other. All I want to know if it is possible to speed limit any device in the network via IP or MAC?

First, why I need this. For example, there is one PC that simply surfs the internet, some images etc. Everything would be okay until the other device will connect and start streaming Youtube or something like that. The first device then will start to suffer from insane speed drop which will make even web pages to load for a minute. And we have like 20+ devices here usually connected to the router.

I want to make it fair. For me it sounds easier if it is possible to fairly distribute the maximum speed for every device, eg. let everyone use only their own part of the internet. So if there are only 4 active devices everyone will be able to use only 1/4-th speed of the internet. I simply want to make it stable, if one device is using a lot of traffic at the moment everyone suffers because of that, but I want to make him be limited to some speed so that everyone had the stable connection and knew their possibilities with it.

I hope I described it clear enough to provide an answer because I had a good brainfart writing this :smiley: Thank you for attention!

cake as the qdisc with piece_of_cake in SQM has fairness already built in.

1 Like

Hey! Thx for the quick reply!

First, what is cake as well as that command? Is that some module which I should enable with that command trough putty?

SQM is Smart Queue Management? Does that mean it is already enabled in my system? I don't know where to look to check that.

And lastly, if I would want to speed limit only one device as the title says am I able to do that? Because that is actually the simplest solution to limit few devices that might use too much.

See the SQM section of the LEDE User Guide...


1 Like

Ah, this is pretty much in the ball park of what sqm-scripts can offer. You need to follow the "sing and dance" section of https://lede-project.org/docs/user-guide/sqm:

Making cake sing and dance, on a tight rope without a safety net

By now, we hope the SQM message has been clear: stick to the defaults and use cake.

But cake offers new options that make it the nicest and most complete shaper for a typical home network: Per-Host Isolation in the presence of network address translation (NAT), so that all hosts' traffic shares are equal. (You can choose to isolate per-internal or per-external host IP addresses, but typically fairness by internal host IPs seems in bigger demand.)

A quick aside about Network Address Translation (NAT): ISPs usually assign only one external IP address to each customer. The home router assigns unique internal addresses for each computer in the home, and uses a technique called NAT (or “masquerading”) to rewrite those internal IP addresses and ports to work across the single external address.

NAT works pretty well, too, but causes problems when shaping traffic. Since all the traffic going to/from the ISP has the same external IP address, cake treats every traffic flow (or stream or connection) identically: a single Netflix stream to one internal computer gets the same bandwidth as a single BitTorrent stream to another. But since a BitTorrent client can start many BitTorrent streams, the second machine can get “more than its share” of the capacity.

Recent versions of cake (LEDE 17.01.0 and newer) have two options that avoid this problem:

Cake can now access the kernel's internal translation tables and get access to the true source and destination addresses of incoming and outgoing packets;
Cake can use the information about true source and destination addresses to control traffic from/to internal external hosts by true IP address, not per-stream.
Cake's original isolation mode was based on flows: each stream was isolated from all the others, and the link capacity was divided evenly between all active streams independent of IP addresses. More recently cake switched to triple-isolate, which will first make sure that no internal or internal host will hog too much bandwidth and then will still guarantee for fairness for each host. In that mode, Cake mostly does the right thing. It would ensure that no single stream and no single host could hog all the capacity of the WAN link. However, it can't prevent a BitTorrent client - with multiple connections - from monopolizing most of the capacity. And running speedtests from multiple internal hosts to the same speedtest server can give unpredictable results.

Cake now uses the true source/destination address information to create Per-Host Isolation, and dynamically distributes the available bandwidth fairly between the currently-active IP addresses. So a single Netflix stream to one host ideally gets just as much capacity as all the BitTorrent traffic destined to another.

To enable Per-Host Isolation Add the following to the “Advanced option strings” (in the Interfaces → SQM-QoS page; Queue Discipline tab, look for the Dangerous Configuration options):

For ingress queueing disciplines: nat dual-dsthost

For egress queueing disciplines: nat dual-srchost


“Ingress” is the shaper instance handling traffic coming from the internet, “into” the router.
“Egress” is the shaper instance handling traffic towards the internet, “from” the router.
Enter these strings carefully and exactly. If things do not seem to work, your first troubleshooting step should be to clear these advanced option strings!
At some point in time, these advanced cake options may become better integrated into luci-app-sqm, but for the time being this is the way to make cake sing and dance…
This discussion assumes SQM is instantiated on an interface that directly faces the internet/WAN. If it is not (e.g., on a LAN port) the meaning of ingress/egress flips. In that case, specify egress queueing disciplines as nat dual-dsthost and the ingress one as nat dual-srchost.


This is not inside the scope of what sqm-scripts offers, but you could just put a shaper on those machines directly...

Thx for response!

I am already looking on the SQM thingy. It actually sounds pretty useful, will see if it actually helps. But before that can you provide a link or some information on those shapers? What is that?

Well, traffic shaping is the process of queueing data and restricting the outlet of the queue to a desired bandwidth (effectively part of what sqm-scripts does), the trick is what to do with the packets accumulating in the queue...
For linux the iproute2 tc (traffic control) binary, in cooperation with the required kernel modules, will allow you to set up hierarchies of queueing disciplines (qdiscs for short) that can include traffic shapers or policers (policers are rather dumb devices that will drop everything indiscriminate unlike shapers who give the dropping decision typically more thought and overall have nicer results).
For macosx or windows I am not sure about the availability of free traffic shapers. That is, for macos there is the link conditioner prefernce panel which at least allows to configure a policer quite easily, this comes as a part of the additional tools for xcode package.
For windows there seems to exist a number of applications that offer traffic shaping, but they typically are not free, and I have no personal information/knowledge about their quality, so I will refrain from any specific recommendations.