3

Given the following:

  • A small, remote office has only a few users and a 1.5 Mbps DSL connection via a ZyXEL 660R.
  • Users experience unacceptable latency and packet loss when even one large file is being downloaded, by any user, causing the downstream bandwidth limit to be reached.
  • Only ISP is available (the local phone company) and there are no cost-feasible options to upgrade bandwidth to this location. (The office location is about 15,000 feet from the DSLAM.)
  • We have flexibility to deploy whatever open-source solution makes the most sense.

What would be the best way to implement traffic shaping such that downloads never consume 100% of the available bandwidth? Can l7-filter or some other application-awareness tool be used to throttle HTTP downloads in a more sophisticated way than by IP address and port number, such that the same user who is downloading a large file via HTTP on port 80 might still be able to access other web resources on port 80, albeit at slower-than-normal data rates? (For example, would it make sense to limit the bandwidth of anything with a MIME type of application/octet-stream?)

Is there a simpler alternative that I'm missing?

Skyhawk
  • 14,149
  • 3
  • 52
  • 95

2 Answers2

2

ClearOS can do host-based bandwidth throttling (instructions for demo here). You can also use the transparent proxy to cache web resources and reduce the amount of redundant bandwidth for common resources (like this one). Unfortunately, I don't think it has a provision for throttling inbound traffic based on MIME type. It can block based on the type of HTTP traffic.

Did I mention it's open source?

Joel E Salas
  • 5,562
  • 15
  • 25
2

pfsense firewall has extensive qos capabilities as well as redundancy and fail over. I've used it and it turbo charged my network.

http://doc.pfsense.org/index.php/Traffic_Shaping_Guide

http://skear.hubpages.com/hub/How-to-Configure-Deep-Packet-Inspection-Using-pfSense

You should be able to support a lot of users with 1.5MB as long as your link is not heavily contended at the remote end. Your line speed might not be able to support faster rates however you remote ISP speeds can be fixed (by changing ISP, or better package).

Also think about adding DSL lines, and bonding them together. Some ISP can support this, and you'll be able to get fault tolerance (to a degree) and faster download upload rates.

The Unix Janitor
  • 2,388
  • 14
  • 13