[Olsr-users] Traffic Shaping, was Re: 0.5.6 Routes disappear...
Wed Sep 3 22:43:34 CEST 2008
Thanks Bob - I appreciate the info.
After looking at the Wondershaper and it's origins in the routing and
shaping howto, I think the following will take care of what I'm after:
It's great that it's just a few commands in a script. All I'm trying to
do is limit the bandwidth usage for each of my 2.4 ghz subnets on each
of my Alix nodes in the mesh and then allow one particular subnet (and
wired network) to have as much bandwidth as they need. It's so vendors
can have convenience internet access and the scorekeepers and other more
important users won't get essentially a DOS from too many surfers
killing the main backhaul. Last year they did a small wireless setup (a
couple of APs I think -- I wasn't there) (not a mesh) w/ everything wide
open and no bandwidth limits -- it fell apart quickly as hordes of users
The mesh w/ multiple internet backhauls will provide redundancy and
better coverage (more nodes).
I'm going to use hostapd in WPA-PSK mode (too much of a pain to do a PKI
w/ certificates and such for WPA-enterprise) and give access as needed
(and possibly use macfiltering to help if vendors start over-sharing the
key). The encryption isn't for security -- more to keep "casual" users
off (read: wi-fi phones, people in the area w/ laptops).
At the boxes that front the internet connections, it appears it may be
not be too bad to bandwidth limit by subnet and mask since we'll know
which subnets we want to "favor" for traffic going to/from the internet.
On the mesh in ad-hoc mode, no services are running (dns/dhcp) and I've
got WEP turned on and the secure extension in OLSR. This way if someone
cracks the WEP, they can't convince the olsrs w/ a rogue olsr to route
-- they won't be able to do much. They could spoof a mac or something
to cause DOS once through the WEP... any ideas to add more security to
the mesh part would be great -- I tried mac filtering but MADWIFI seems
to only do mac filtering in AP mode, not ad-hoc mode. I suppose I could
use iptables to filter by MAC, but I figured having the CPU needing to
inspect every packet in and out could be taxing on the CPU -- mac
filtering in AP mode has the atheros chip do that work AFAIK.
Thanks again for the info.
Bob Keyes wrote:
> On Wed, 3 Sep 2008, Eric Malkowski wrote:
>> One other quick question totally off topic -- I may want to limit
>> bandwidth for some of my AP subnets in my setup and even though I've
>> been doing a lot w/ linux / networking etc. over the years I've never
>> had to limit bandwidth. Can you guys recommend your favorite mechanism
>> the kernel has for doing this (and userspace tools to configure it).
> Look at wondershaper. Traffic shaping / QoS implementations can run
> from simple to very complex. It's also an area where there are many
> solutions, each with its camp of adherents.
> The mesh I am building will have video users on it, who need
> low-latency (not all video users do), so I am going to have to have
> some way of handling their needs. I'll be working on this once I have
> a reliable test network.
More information about the Olsr-users