----- ====== PPSK with Bandwidth Limits ====== * On all previous pages about PPSK, a very important topic has hardly been addressed. * Once we grant a user access to our network, we need a way to manage the bandwidth they consume. * Both the Captive Portal and the PPPoE server are able to do this and have been developed with this functionality in mind. * Giving someone access to a WiFi network does not automatically allow you to manage their bandwidth. * Although we offer advanced features to change a user's assigned VLAN based on their usage during a certain period of time, we still need the ability to limit the speed of a VLAN. * This is where Smart Queue Management (SQM) comes into play. * With SQM, we can not only limit the bandwidth on an interface to the value we choose, but also manage the queues so that the user has a more pleasant online experience. ====== Options for a MDU deployment ====== * The philosophy of RADIUSdesk is to offer a non-disruptive solution that can co-operate with other vendors. * The following diagram shows a PPSK solution where the customer has chosen to use PFsense for NAT/DHCP and bandwidth limiting: {{:technical:ppsk:mdu_overview_scaled.png?nolink|}} * We also offer the customer the option of using OpenWrt, which implements SQM. * This can then be managed via APdesk. * As OpenWrt can run on different architectures or even on a virtual machine, it offers us even more possibilities:{{:technical:ppsk:arrow_sqm1.png?nolink|}} * Lets take a closer look at SQM on OpenWrt ====== SQM on OpenWrt ====== The following sections are a brief summary of information from this wiki page (https://openwrt.org/docs/guide-user/network/traffic-shaping/sqm) and from our own experiments. ===== Required Packages ===== * To make SQM available in OpenWrt, you need the package **sqm-scripts**. * If you also have Luci on the OpenWrt device, it is recommended to install the additional package **luci-app-sqm**. * This will install the Luci SQM package which is well developed and provides you with an intuitive way to apply SQM to selected interfaces via the Luci web interface. ===== Config File ===== * Essentially, the SQM application in Luci manipulates the UCI-based configuration file **/etc/config/sqm** and starts and stops the SQM service to apply these settings. * Let's take a look at an excerpt from the sqm configuration file: config queue 'br_ex_v104' option interface 'br-ex_v104' option enabled '1' option script 'piece_of_cake.qos' option linklayer 'none' option verbosity '5' option upload '4096' option download '4096' option debug_logging '0' option qdisc 'cake' * Some notes on this snippet: * The queue discipline is CAKE. There are also other options like fq_codel that you can use if performance is an issue. * The upload and download values are in kbps, so this snippet limits the value to 4Mbps (4*1024) * The script to set up the SQM (based on the settings in the /etc/config/sqm file) is called **piece_of_cake.qos**. * The SQM section is applied to the **br-ex_v104** interface, which is actually a bridge. * Let us take a look at the /etc/config/network file to learn more about the br-ex_v104 interface. config device option type 'bridge' option name 'br-ex_v104' option stp '0' list ports 'eth1.104' config interface 'ex_v104' option device 'br-ex_v104' option proto 'static' option ipaddr '10.200.105.1' option netmask '255.255.255.0' * Although the word //interface// is used intuitively in the /etc/config/sqm section, it can also be applied to a //device// such as a bridge. * In our case, the br-ex_104 bridge has one port, eth1.104. This port receives traffic from VLAN 104 on eth1 (e.g. when a user connects to a private PSK and the dynamic VLAN assigned to it is 104) * The data traffic that runs via this bridge is therefore throttled and managed with SQM. Now that we have covered the configuration of SQM, we can take a look at some practical commands under the heading ===== Troubleshooting ===== * To start and stop SQM: #You might first need to stop it before starting it: /etc/init.d/sqm stop SQM: Stopping SQM on br-ex_v104 #Start it /etc/init.d/sqm start SQM: Starting SQM script: piece_of_cake.qos on br-ex_v104, in: 4096 Kbps, out: 4096 Kbps SQM: piece_of_cake.qos was started on br-ex_v104 successfully * SQM creates a matching IFB interface with the convention //ifb4-//. In this way, you can easily determine whether the start was successful. #Real interface ifconfig br-ex_v104 br-ex_v104 Link encap:Ethernet HWaddr 08:00:27:EA:B7:D5 inet addr:10.200.105.1 Bcast:10.200.105.255 Mask:255.255.255.0 inet6 addr: fe80::a00:27ff:feea:b7d5/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:8 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:0 (0.0 B) TX bytes:1088 (1.0 KiB) #Matching IFB ifconfig ifb4br-ex_v104 ifb4br-ex_v104 Link encap:Ethernet HWaddr AA:93:EE:2A:4D:E6 inet6 addr: fe80::a893:eeff:fe2a:4de6/64 Scope:Link UP BROADCAST RUNNING NOARP MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:32 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B * To get stats on SQM, you can use the tc command: tc -s qdisc show dev br-ex_v104 * This brings us to the end of SQM's section in OpenWrt. * In RADIUSdesk we have taken this knowledge and created the SQM Profiles applet, which makes managing SQM in MESHdesk and APdesk a breeze. * There is a special page for SQM Profiles that allows you to apply limits in no time at all.