Managing Wifi/Bandwidth

A

AnotherUser

Limp Gawd
Joined
Oct 7, 2011
Messages
137
Right now, we currently provide open WIFI to our customers, vendors or whomever which sits on a 6meg DSL line. MOST of the time we do fairly well but there are times when 1 or 2 users pretty much take down the whole thing by streaming content off of Amazon or whatever.

We block what we can with OpenDNS so video streaming does not tear us apart except when Amazon video is used, can't seem to block this.

The system is setup different throughout the place deepening on location. In most buildings we have Cisco AP's driving corp and open wifi, others we have Unifi and Linksys so this makes it more challenging. Moving all to Cisco or Unifi is not an option.

What I want to do is limit the bandwidth so one user cannot take down the whole thing. We don't want to spend a lot of money either. Right now the main router is a Cisco 877 device. I have used PFSense and Untangle but I'm not sure how or how well either of these would work, I've never used them for this reason.

We currently handle 150-200 devices, mostly phones/tabs. If I could get some recommendations on how to handle this that would be great.

Thanks
 
150 - 200 devices? All at once? On a 6Mb DSL line?:eek:

Surely you couldn`t have all of those devices connected at once, and expect a 6Mb DSL to hold up?

As far as I can tell with Untangle there are options in there for the most popular content blocking (porn, violence, drugs etc) but you can also specify your own url`s (streaming.amazon.com or whatever) but there are also bits in there for file type blocking too.

May be worth giving a go, but upgrading your 6Mb DSL has gotta be a close 2nd!
 
I went to a college for a year and they had ~ 150 students all sharing a single 2Mb connection. This came in through a 60 KM point-to-point wireless backhaul. It was atrocious and a joke.This was only 3 years ago too so it's not like high speed connections were expensive. You do a ping google.ca -t and you would get only about 8-10% replies.
 
We're using What's up Gold to monitor the line and actually unless one user is just pounding on the line it's not that bad since like I mentioned before, it's mostly phones doing nothing. I don't need any more content blocking/managing, I need QoS or something of the sort.
 
QoS of some sort should be implemented, if anything to give priority to VOIP. Last thing you want is for an emergency call to fail because someone was streaming Lost from Amazon Prime.
When you say Cisco AP's do you mean Cisco AP's or are you referring to Linksys rebranded as Cisco? The consumer level stuff really isn't Cisco. A quick google search brought up this.
http://www.hotspotsystem.com/
It'd might be a good solution for your guest network. One of their youtube videos mention being able to limit bandwidth to wireless users. I'd throttle them down to 1Mbps...maybe even 768k.
 
michaelkahl said:
QoS of some sort should be implemented, if anything to give priority to VOIP. Last thing you want is for an emergency call to fail because someone was streaming Lost from Amazon Prime.
When you say Cisco AP's do you mean Cisco AP's or are you referring to Linksys rebranded as Cisco? The consumer level stuff really isn't Cisco. A quick google search brought up this.
http://www.hotspotsystem.com/
It'd might be a good solution for your guest network. One of their youtube videos mention being able to limit bandwidth to wireless users. I'd throttle them down to 1Mbps...maybe even 768k.
Click to expand...

QoS & VOIP is taken care of at the switch level for the corp network, no VOIP on the guest network.

Edit: Sorry, the Cisco is enterprise grade Cisco equipment, not the Linksys brand.
 
Last edited:
Ideally he'd be using some sort of QOS fair querying. I 'm not sure the 877 device can do this per sub interface, but some of the more powerful routers can.

A $450 Mikrotik router can do this per session.

I also found this discussion:

Re: Weighted Fair-Queuing
"Balin, Son of Fundi" <com> wrote in message
news:bnrnvi$14hve8$news.uni-berlin.de...

Actually there is no speed limit.

However, as a general rule it is not a good choice for links over 2Mb
because
of the high cpu-power needed for high speed links. That's why FWQ is on by
default for links below 2Mbit while FIFO is the default for links 2Mbit and
above.

There are other matters like packet size which affect this. 1,5Mbit of
64-byte
packets loads the cpu much more than 4 Mbit of 1500-byte packets. Using
wfq for that 4 Mbit link is very realistic in many cases whereas it is quite
a heavy
task for the 1,5Mbit link pushing lots of tiny packets.

Queueing is a job requiring per-packet choises. For every packet you make a
selection about which one to send and for every inbound packet you have to
put it into some queue or drop it. Therefore the caused cpu load is related
with
packets per second, not the actual data streem bits/sec. (On some platforms
packet size does couse loading too but for some other reasons related more
to the memory management of the device).

Configuration is simple. Queueing is used when the interface hardware
outbound
queue is full. It is used on the outbound interface only. Software queueing
is never
used for inbound packets.

Inbound packets are always processed sequentally or dropped.

Notice that queueing is done for every PHYSICAL interface only. It is not
done for subinterfaces. So, for example many dot1q vlans on same interface
must use the common queue used for the single physical interface.
--
 
AnotherUser said:
QoS & VOIP is taken care of at the switch level for the corp network, no VOIP on the guest network.

Edit: Sorry, the Cisco is enterprise grade Cisco equipment, not the Linksys brand.
Click to expand...

Do you have a VLAN set aside for the wireless guest network? It's hard to know the right questions to ask without more information.

What router are you using between your network and the DSL hand-off?
Are you utilizing VLAN's?
What type of QoS are you implementing at the switch?
I'll assume that they are simply layer 2 switches with no layer 3 capability?
Are you able to supply model numbers for the following?
Router
Switch
Wireless AP
All other equipment that your traffic passes through before it gets to the DSL connection

If you can do it, some sort of policing at the router interface for your guest wireless would be ideal. We police our wireless down to 2Mbps.

Thanks
 
michaelkahl said:
Do you have a VLAN set aside for the wireless guest network? It's hard to know the right questions to ask without more information.

What router are you using between your network and the DSL hand-off?
Are you utilizing VLAN's?
What type of QoS are you implementing at the switch?
I'll assume that they are simply layer 2 switches with no layer 3 capability?
Are you able to supply model numbers for the following?
Router
Switch
Wireless AP
All other equipment that your traffic passes through before it gets to the DSL connection

If you can do it, some sort of policing at the router interface for your guest wireless would be ideal. We police our wireless down to 2Mbps.

Thanks
Click to expand...
Vlan for the guest network yea. Unsure about the qos, id have to ask the admin. Most layer 2 switches with core being layer 3. I am unsure on models at this time. All traffic is sent over a p2p wireless where it meets up with the router.

Policing the wifi down to anything would be hard with the number of different types of APs. If i had to send traffic to another system to be processed that probably wouldnt be a big deal(think pfsense type thing).

Im mobile, please excuse typos and grammer errors.
 
I used to support a large number of users and employees with a 100mbit line using the Cisco enterprise gear and it worked great. I do recommend it if it is in the budget.

Out at our farm we use Mikrotik for 10-20 sessions, I have a 50mbit down connection we have quite the setup here. We use a backhaul system controller/firewall and ap's. For you the backhaul probally isn't needed, but we use a 450G for the controller/firewall and the 751G's as the access point systems. Each device is less than $100 IIRC.
 
So we started looking into this again and if we look into OpenDNS enterprise for content filtering, they want like $1k a year. I looked at the Meraki series and they also want about the same price for all of their features + content filtering.

If we could get the Meraki box to do what we want for QoS or Traffic Shaping, are there any other cheaper content filters out there?
 
You must log in or register to reply here.
Back
Top