Hi,
Does anyone know of any Shaping appliances to shape customers based on IP, allow for a quota per IP and qos mechanisms like LLQ?, This is should be something that can sit in between two border router's and support a small ISP (20000 customers), also an opensource solution would be great!
Regards,
Bruce
Check out Packeteer. I used to work somewhere about that size and this
was the product we used:
http://www.bluecoat.com/products/packetshaper/
Open source you can do a custom setup with IPTables and iproute2, but it
will take some work to get the same kind of features and management
interface. LARTC is a good reference for this kind of topic:
http://lartc.org/. Also I'm not sure if someone has built this into any
of the firewall specific linux distros yet, so you may want to explore
those a little.
Good luck,
-Scott
Open source you can do a custom setup with IPTables and iproute2, but it
will take some work to get the same kind of features and management
interface. LARTC is a good reference for this kind of topic:
http://lartc.org/. Also I'm not sure if someone has built this into any
of the firewall specific linux distros yet, so you may want to explore
those a little.
The scripts below will set max bandwidth on an interface to 60mbit, and setup a queue to shape a.b.c.d to 3Mbit. Seems to work ok for me. Its used on a physical server to limit bandwidth to a virtual server(s) on the physical server. Should work just as well on a dual-armed router/firewall shaping devices behind it. You would just create more classes (1:11, 1:12, etc) for more clients/ips to shape and you might want to knock the ceiling on the default (1:30) class down to guarantee the bandwidth to the 1:10, 1:11...classes.
tc qdisc add dev eth0 root handle 1: htb default 30
tc class add dev eth0 parent 1: classid 1:1 htb rate 60mbit burst 150k
tc class add dev eth0 parent 1:1 classid 1:10 htb rate 3mbit burst 15k
tc class add dev eth0 parent 1:1 classid 1:30 htb rate 1kbit ceil 60mbit burst 150k
tc qdisc add dev eth0 parent 1:10 handle 10: sfq perturb 10
tc qdisc add dev eth0 parent 1:30 handle 30: sfq perturb 10
## limit a.b.c.d to 3mbit/sec:
U32="tc filter add dev eth0 protocol ip parent 1:0 prio 1 u32"
$U32 match ip src a.b.c.d/32 flowid 1:10
$U32 match ip dst a.b.c.d/32 flowid 1:10
tc -s -d qdisc show dev eth0
tcng - Traffic Control Next Generation (http://tcng.sourceforge.net/)
provides a configuration language that abstracts the gnarliness above.
Chris
Hi,
Thanks for all the comments!, do you know of any web frontends for these
apps? (don't want to go reinventing the wheel) Something that preferably
uses a mysql backend.
Regards,
Bruce Grobler
Yo! Africa - Network Engineer
Cell : 0912364532 Skype: bruce.grobler
Bruce,
Are these broadband customer using PPPoE or L2TP? If so, I suggest looking at the capabilities of your BRAS to do the work.
Per user bandwidth quotas are the nature of the game here in Australia and doing it at the BRAS is the way we do it. RADIUS gives you byte counts and gives you the ability to pass back rate limits etc.
MMC
Bruce,
Are these broadband customer using PPPoE or L2TP? If so, I suggest
looking at the capabilities of your BRAS to do the work.Per user bandwidth quotas are the nature of the game here in Australia
and doing it at the BRAS is the way we do it. RADIUS gives you byte
counts and gives you the ability to pass back rate limits etc.
What you didn't tell him is that the kind of shaping you can do
on the BRAS heavily depends on features used and platform. 
64k policing mostly works everywhere, for example, but isn't
all that crash hot for your clients.
Doing more complicated hierarchical QoS on software platforms is
doable but complicated.
Others take a multi-tiered approach - they'll buy some kit to do
P2P identification/shaping, and per-user hard shaping in case they
go over quota.
Lots of cute stuff.
Adrian
Besides the other solutions listed, you can also take a look at Arbor
(formerly Ellacoya) and Sandvine.
Rubens