PPSK with Bandwidth Limits

  • On all previous pages about PPSK, a very important topic has hardly been addressed.
  • Once we grant a user access to our network, we need a way to manage the bandwidth they consume.
  • Both the Captive Portal and the PPPoE server are able to do this and have been developed with this functionality in mind.
  • Giving someone access to a WiFi network does not automatically allow you to manage their bandwidth.
  • Although we offer advanced features to change a user's assigned VLAN based on their usage during a certain period of time, we still need the ability to limit the speed of a VLAN.
  • This is where Smart Queue Management (SQM) comes into play.
  • With SQM, we can not only limit the bandwidth on an interface to the value we choose, but also manage the queues so that the user has a more pleasant online experience.

Options for a MDU deployment

  • The philosophy of RADIUSdesk is to offer a non-disruptive solution that can co-operate with other vendors.
  • The following diagram shows a PPSK solution where the customer has chosen to use PFsense for NAT/DHCP and bandwidth limiting:

  • We also offer the customer the option of using OpenWrt, which implements SQM.
  • This can then be managed via APdesk.
  • As OpenWrt can run on different architectures or even on a virtual machine, it offers us even more possibilities:
  • Lets take a closer look at SQM on OpenWrt

SQM on OpenWrt

The following sections are a brief summary of information from this wiki page (https://openwrt.org/docs/guide-user/network/traffic-shaping/sqm) and from our own experiments.

Required Packages

  • To make SQM available in OpenWrt, you need the package sqm-scripts.
  • If you also have Luci on the OpenWrt device, it is recommended to install the additional package luci-app-sqm.
  • This will install the Luci SQM package which is well developed and provides you with an intuitive way to apply SQM to selected interfaces via the Luci web interface.

Config File

  • Essentially, the SQM application in Luci manipulates the UCI-based configuration file /etc/config/sqm and starts and stops the SQM service to apply these settings.
  • Let's take a look at an excerpt from the sqm configuration file:
config queue 'br_ex_v104'
    option interface 'br-ex_v104'
    option enabled '1'
    option script 'piece_of_cake.qos'
    option linklayer 'none'
    option verbosity '5'
    option upload '4096'
    option download '4096'
    option debug_logging '0'
    option qdisc 'cake'
  • Some notes on this snippet:
    • The queue discipline is CAKE. There are also other options like fq_codel that you can use if performance is an issue.
    • The upload and download values are in kbps, so this snippet limits the value to 4Mbps (4*1024)
    • The script to set up the SQM (based on the settings in the /etc/config/sqm file) is called piece_of_cake.qos.
    • The SQM section is applied to the br-ex_v104 interface, which is actually a bridge.
  • Let us take a look at the /etc/config/network file to learn more about the br-ex_v104 interface.
config device                         
    option type 'bridge'          
    option name 'br-ex_v104'      
    option stp '0'                
    list ports 'eth1.104'         
                                      
config interface 'ex_v104'            
    option device 'br-ex_v104'    
    option proto 'static'         
    option ipaddr '10.200.105.1'  
    option netmask '255.255.255.0'
  • Although the word interface is used intuitively in the /etc/config/sqm section, it can also be applied to a device such as a bridge.
  • In our case, the br-ex_104 bridge has one port, eth1.104. This port receives traffic from VLAN 104 on eth1 (e.g. when a user connects to a private PSK and the dynamic VLAN assigned to it is 104)
  • The data traffic that runs via this bridge is therefore throttled and managed with SQM.

Now that we have covered the configuration of SQM, we can take a look at some practical commands under the heading

Troubleshooting

  • To start and stop SQM:
#You might first need to stop it before starting it:
/etc/init.d/sqm stop
SQM: Stopping SQM on br-ex_v104

#Start it
/etc/init.d/sqm start
SQM: Starting SQM script: piece_of_cake.qos on br-ex_v104, in: 4096 Kbps, out: 4096 Kbps
SQM: piece_of_cake.qos was started on br-ex_v104 successfully
  • SQM creates a matching IFB interface with the convention ifb4-<interface>. In this way, you can easily determine whether the start was successful.
#Real interface
ifconfig br-ex_v104
br-ex_v104 Link encap:Ethernet  HWaddr 08:00:27:EA:B7:D5  
    inet addr:10.200.105.1  Bcast:10.200.105.255  Mask:255.255.255.0
    inet6 addr: fe80::a00:27ff:feea:b7d5/64 Scope:Link
    UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
    RX packets:0 errors:0 dropped:0 overruns:0 frame:0
    TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:1000 
    RX bytes:0 (0.0 B)  TX bytes:1088 (1.0 KiB)
#Matching IFB
ifconfig ifb4br-ex_v104
ifb4br-ex_v104 Link encap:Ethernet  HWaddr AA:93:EE:2A:4D:E6  
    inet6 addr: fe80::a893:eeff:fe2a:4de6/64 Scope:Link
    UP BROADCAST RUNNING NOARP  MTU:1500  Metric:1
    RX packets:0 errors:0 dropped:0 overruns:0 frame:0
    TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:32 
    RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B
  • To get stats on SQM, you can use the tc command:
tc  -s qdisc show dev br-ex_v104
  • This brings us to the end of SQM's section in OpenWrt.
  • In RADIUSdesk we have taken this knowledge and created the SQM Profiles applet, which makes managing SQM in MESHdesk and APdesk a breeze.
  • There is a special page for SQM Profiles that allows you to apply limits in no time at all.
  • technical/ppsk-sqm.txt
  • Last modified: 2024/08/08 10:11
  • by system