Comments on: Keeping tabs on your bandwidth usage

By: Rudolf Meijering

Rudolf Meijering — Fri, 03 Sep 2010 19:29:08 +0000

Hi Imel,

I have recently setup a very similar network for providing Internet access. I use many of the same applications but don’t quite see the advantage in using a transparent proxy in bridged mode. This would make more sense if we had access to cheap public IP’s in South Africa. With your solution you are just postponing NAT from the server to the ADSL gateway.

Performing the PPPoE connection(s) and NAT from the server has several advantages such as being able to use several PPPoE connections and split local and international traffic (save more more money). But with cheaper uncapped connections being available this is not necessary anymore.

The biggest problem with sharing internet however is users saturating the link with bulk downloads as ISP’s use very large buffers to increase throughput. These however, once full, increases network delay dramatically. In my experience ping times change from 50ms to 1500+ms. This gives a sluggish connection and the appearance that “the internet is slow”. The solution is to cap throughput to just below the maximum level (I found about 5% to work well) in order to keep the buffers empty at all times. Packets are then classified according to amongst other things packet size to determine how interactive the traffic is. Small packets like ping, ssh, telnet and small http traffic gains priority while http downloads, p2p file sharing and ftp get a low priority. Thus even when a user is saturating the link with a file sharing application, another user’s request for an http page would fly through the network server and won’t be hindered by ISP buffers.

Implementing this is as simple as installing wondershaper (sudo apt-get install wondershaper) and specifying the gateway interface and ADSL downlink and uplink speeds in kbps (wondershaper eth1 315 150 for a 384kpbs line). These speeds should be the achieved throughput from an internet speed test minus 5% as the adsl line speed is not accurate.

My network is almost always saturated, but web pages still load quickly and users don’t notice. Let me know if you get around to implementing this.

By: imel

imel — Thu, 04 Mar 2010 08:21:56 +0000

Hi Gerhard, does it have to be someone based in Cape Town?
Maybe you can open up ssh or openvpn access to the box for someone to do the config remotely?

By: Gerhard

Gerhard — Thu, 04 Mar 2010 07:50:26 +0000

Hi, does anyone know of someone in Cape Town who can set up/maintain my Linux proxy currently running Squid?

By: imel

imel — Thu, 25 Feb 2010 11:21:55 +0000

Hi Stephen, I use dansguardian to virus scan traffic but also to filter out illegal movies and mp3 downloads.
There is also a quality issue, as I want all users to get a good connection. If someone downloads a large file (movie) then it takes all the bandwidth and all the other users get a degraded service.
I did look at darkstat but it is a bit too limited in the depth of stats it provides, but agree, it is usefull where a lightweight monitoring solution is required.

By: Stephen

Stephen — Thu, 25 Feb 2010 06:53:57 +0000

If your clients are paying to use the internet, why use dansguardian to filter content? You should have them pay per gb and have them do what they want with it. The more gb’s they use, the more they have to buy from you.

Instead of Ntop, have you had a look at Darkstat yet? I’ve seen that ntop is quite a resource hog.