Here is the basic situation/topology of the network I manage:
- Residential, but we are a co-op, so we have a business-class contract with ISP.
The residents are college students, so there is quite a bit of everything, including P2P (torrenting), gaming, file sharing (internal), as well as crucial needs for the basics like getting to websites for school/homework, email, FTP, etc. Basically, I get bad reviews when members can't have their fun, but then legitimate complaints when someone can't turn in an assignment.
There are at most 31 residents, but we are not always at full capacity. Of course, plenty of residents connect multiple devices (Laptop, Desktop, Mobile) all at once.
The property is spread out over 3 buildings, 2 of which are connected physically, the third is stand-alone but only a few steps from the main two buildings.
Here is the basic layout of the property:
========================== =====================
| | = |Router=
| | = ----- =
| Main House | = Annex =
| (3 stories) | = (2 stories) =
|(first floor is commons |==================== (No commons) =
| area, ie TV Room,etc) | Breeze Way = =
==================================================================
======================
= =
= Cottage =
= (2 Stories) =
= (No Commons) =
======================
The cable comes into a closet in the Annex where it goes from the modem (ISP provided) to the D-Link DIR-625 Wireless router. So from the very start the set up is not ideal, as one of the WAPs is in a closet on the ground floor. C'est la vie.
Then it spreads out like so:
DIR-625 (DHCP Router and
- Netgear 8-port switch (2nd floor Annex)
- Linksys 5-port switch (1st floor Annex)
- Netgear 8-port switch (Cottage)
- D-Link WBR-1310 Wireless Router acting as WAP
- Netgear 16-port switch (Main House)
- D-Link WBR-1310 Wireless Router acting as WAP for Common's Area
- D-Link WBR-1310 Wireless Router acting as WAP for 2nd and 3rd floor
Okay, that's about all the backstory anyone should ever need. Sorry if that was a bit much, but when I try to get advice from friends, they tend to think either "Only 31 people, what's the problem?" or "3 buildings, and you don't have a T1?" etc, etc. It's a fairly simply network in terms of what we need and our small population, but made very complicated by our physical layout.
Oh, and we are paying for 10 down/ 1.5 up, as far as service.
Now, here's the actual question (one of many, I'm sure):
I need a QoS system that is as low maintainance as possible. Not only to make my job easier, but to make it so the next IT officer that gets this fantastic job after me doesn't have to do what I did, which was basically start from scratch.
Ideally, this what I want in terms of QoS:
Bob really wants to play WoW. It's 2pm and no one is home but him. He gets dynamite throughput.
Half an hour later, Joe gets home and his torrenting program immediately starts up. He is a good co-oper, so he has his client capped for uploads, so he and Bob are both getting pretty good bandwidth.
Bob signs out of WoW and goes off to class. Joe's torrents are now going super-fast.
Jill gets home an hour later. She goes to check her email and watches some Hulu. She is in no way aware that Joe is torrenting. Joe notices his torrents are doing pretty good.
Everyone else comes home and each of them are doing a mix of all of the above. Everyone doing basic HTTP stuff or email think "I love our network admin." All of the gamers, file-sharers, and Skype-ers think, "This will be even more awesome when everyone goes to bed!" No one comes by my room with murderous intent. No one is crying to me how the girl down the hall snuck in with scissors to literally cut off their torrents so they could read their homework.
Right now, I have the main router (the DIR-625) set up with its built-in QoS and with the DNS ports set to highest, the HTTP, email, and whatnot set to 2nd highest priority, and with anything higher than 3000 set to lowest priority.
But even so, this doesn't stop the fact that if Joe is torrenting 50GB worth of junk, and Bob is gaming all day, that they are just using MORE of the bandwidth. They get a lower priority, but they basically get all of the router's attention and all of the bandwidth.
I've taken to blocking people if they seem to be using more than 25% of the current network activity, but I'm not even sure the reporting tools I'm using are accurate. And I shouldn't have to do that, or if I should, I really don't understand what QoS does at all.
So, again, here's the real question:
Will a Linux-based router/firewall provide smarter/more customizable QoS than my current setup? I have to get all purchases voted on, so I can't just experiment as much as I want. I have looked at Tomato, Gargoyle, and SmoothWall. But each one makes me nervous.
Smoothwall can do anything, I'm told, but it requires me getting/building a machine and it apparently reveals more information than I'd like to have access to, or anyone who takes over after me, (like who's emailing who). Not to mention I just can't tell if it will meet my specific needs.
Tomato and OpenWRT require getting yet another router, taking the risk of bricking said router (and having to explain the loss to a committee), and still may not give me what I want.
2) If there is no magical QoS that can do Mac/IP based throttling (instead of Port-based), is there any software/router solution that will give me IP based bandwidth usage? All of the screenshots I see are port-based or give traffic usage in terms of packets instead of bits/second. Or only show one IP at a time (which is great when I want to COMPARE usage).
Right now, I have Excel pulling two XML files from the D-Link Router, one for MAC/IP/hostname, one for "current connections" that gives each connection per IP. I then combine all of the data into another sheet that shows number of connections per IP and then does the percentage per IP based on the total. If it's over 25%, I either shut them down for awhile or go and have words. But I'm not even sure if the total number of connections is a good measure of bandwidth usage!
I have tons of other issues, like computers not seeing each other, not being able to share, dropped wifi connections, low internal transfer rates, possibly misconfigured WAPs, just to name a few. But right now the question I get the most stress over is "Why is my internet so slow? Can't you keep people from torrenting?"
Thanks for reading all of this.