i have an arch NAT router PC which has 3 network adapters present; "external" for my cable modem interface, "internal" for an internal subnet 172.16.0.0/16, and "wifi" which is a separate internal subnet 192.168.192.0/24 open wifi that I recently setup for guests and the like. the open wifi is explicitly barred access to the 172 network with iptables. i currently have a 50mbps down/10mbps up comcast internet connection. i have been limiting the open wifi's speed by setting the NIC designated for it to 10 mbps, just so that all of my bandwidth isn't completely eaten up. this appears to work completely fine; realistic speed is measured to around 8mbps throughput, which I consider fine for basic internet access.
i'm just curious whether this is an appropriate method to restrict bandwidth speed? i've read about something called "qdisc" which could limit speeds within iptables, is this a better way to accomplish this?
Last edited by train_wreck (2012-11-15 03:34:10)
I am not sure if that is an appopriate way to handle the situation, but I would like to second your stance that 8mbps is enough for the gues network. This is still going to be faster than dsl. Just a thought, but I know that normal routers use QoS to gaurantee throuput to certain things. Maybe this could be implemented on your router PC with tc?
bang on the bonce, that's where that qdisc thing came from. yeah this looks like exactly what i would be looking for, thanks. specifically the tbf option
i'd still be curious if the current way i am doing this is particularly "bad" in any way, though.
Last edited by train_wreck (2012-11-14 05:26:55)
Take it or leave it, but networking is my wheel hose.
That sounds like an ideal solution to me. Setting the bit rate of the wireless interface as a method of restricting bandwidth usage is exactly what I would do with that setup.
Last edited by hunterthomson (2012-11-14 08:22:26)
yeah, it seems much simpler to just scale down the speed of the link with just 1 command. i looked into tc, and it seems much more complicated than I would really need here. in this case setting it to 10 actually gives clients a fairly symmetrical connection, as my bandwidth up and down surpass that 10 meg limit.
Luckily you are in the position of having a whole link that you want a hard limit on.
tc is more for traffic control between source and destination of packets going over the same link, or dynamic stuff. However, it will never be as trusted as a link set to a slower bit rate, and can be a pain to manage/T-Shoot.
Over the WAN traffic control is normally done with switching protocols like ATM and MPLS. However, even on large networks clients may be rate limited by the network admin simply setting the speed of their link slower in the configuration then what it can really handle.
Last edited by hunterthomson (2012-11-14 10:29:33)
yeah tc looks fairly complex. i only recently mastered iptables (setting up a third subnet helped me in doing so), so this looks like the best solution for now.
thanks for the info folks