[Olsr-users] Traffic Shaping, was Re: 0.5.6 Routes disappear...

Eric Malkowski (spam-protected)
Wed Sep 3 22:43:34 CEST 2008

Thanks Bob - I appreciate the info.

After looking at the Wondershaper and it's origins in the routing and 
shaping howto, I think the following will take care of what I'm after:


It's great that it's just a few commands in a script.  All I'm trying to 
do is limit the bandwidth usage for each of my 2.4 ghz subnets on each 
of my Alix nodes in the mesh and then allow one particular subnet (and 
wired network) to have as much bandwidth as they need.  It's so vendors 
can have convenience internet access and the scorekeepers and other more 
important users won't get essentially a DOS from too many surfers 
killing the main backhaul.  Last year they did a small wireless setup (a 
couple of APs I think -- I wasn't there) (not a mesh) w/ everything wide 
open and no bandwidth limits -- it fell apart quickly as hordes of users 
got on.

The mesh w/ multiple internet backhauls will provide redundancy and 
better coverage (more nodes).

I'm going to use hostapd in WPA-PSK mode (too much of a pain to do a PKI 
w/ certificates and such for WPA-enterprise) and give access as needed 
(and possibly use macfiltering to help if vendors start over-sharing the 
key).  The encryption isn't for security -- more to keep "casual" users 
off  (read: wi-fi phones, people in the area w/ laptops).

At the boxes that front the internet connections, it appears it may be 
not be too bad to bandwidth limit by subnet and mask since we'll know 
which subnets we want to "favor" for traffic going to/from the internet.

On the mesh in ad-hoc mode, no services are running  (dns/dhcp) and I've 
got WEP turned on and the secure extension in OLSR.  This way if someone 
cracks the WEP, they can't convince the olsrs w/ a rogue olsr to route 
-- they won't be able to do much.  They could spoof a mac or something 
to cause DOS once through the WEP...  any ideas to add more security to 
the mesh part would be great -- I tried mac filtering but MADWIFI seems 
to only do mac filtering in AP mode, not ad-hoc mode.  I suppose I could 
use iptables to filter by MAC, but I figured having the CPU needing to 
inspect every packet in and out could be taxing on the CPU -- mac 
filtering in AP mode has the atheros chip do that work AFAIK.

Thanks again for the info.


Bob Keyes wrote:
> On Wed, 3 Sep 2008, Eric Malkowski wrote:
>> One other quick question totally off topic -- I may want to limit
>> bandwidth for some of my AP subnets in my setup and even though I've
>> been doing a lot w/ linux / networking etc. over the years I've never
>> had to limit bandwidth.  Can you guys recommend your favorite mechanism
>> the kernel has for doing this (and userspace tools to configure it).
> Look at wondershaper. Traffic shaping / QoS implementations can run 
> from simple to very complex. It's also an area where there are many 
> solutions, each with its camp of adherents.
> The mesh I am building will have video users on it, who need 
> low-latency (not all video users do), so I am going to have to have 
> some way of handling their needs. I'll be working on this once I have 
> a reliable test network.
> -Bob

More information about the Olsr-users mailing list