Bandwidth Management

I am looking for an alternative bandwidth management device. Something that will give my clients a dedicated bandwidth and a burst upon availability. It should also be able to shape traffic according to port/service type, and give reports of client usage by service/port over time.

Any suggestions?

For bandwidth control, the built-in Moto stuff works great in our opinion. Allows bursting up to the burst allotment and then drops them down to the sustained rate until they’ve let off the throttle. :smiley: We’re nearing 200 clients that have unlimited access to our bandwidth 'till they empty their bucket and we’re only running about 3.0Mb/s. So far I have not had to do anything special about bandwidth use with any of our clients using Moto’s system. See page 86 (7.1.7) in the manual for more info on settings and such.

For historical usage data, NTOP is pretty awesome.
If you’d like to see some samples of our data, PM me. It comes ready to use in CactiEZ if linux is an issue for you.

If you only use moto for bandwidth control, how do you regulate filesharing? or do you?

<crosses fingers, toes and other paired body parts> Haven’t had to do anything yet. We’ve got a little bit of P2P traffic, but none significant so far. I do, however, have a fair amount of experience with the ipp2p iptables filter, so my plan is to implement that on my Linux router if it becomes neccesary.

packet shaper is the best out there…

you can use Mikrotik (can’t handle load)
Linux will do it…

currently evaluating they seem very aggressive…

I had problems with some FHSS gear not handling p2p well. Too many parallel connections, so I started limiting parallel connections and it’s helped out. p2p users on my network seem to be about 4:50 ratio, 4 being heavy to extreme (24/7) p2p users. i’m thinking that is relatively low. =)

i use moto for allocation…no burst.

rjk: I’ve heard you or someone else on this forum mention limiting parallel connections before. Very clever way to limit p2p traffic without blocking it. Do you use an iptables implementation, or something else?

I’ve tested it out a few different ways.

The first way was to implement on a per-customer-basis then i moved over to global filtering on my router.

# cust. destination limiting
# logging
iptables -A FORWARD -p tcp --syn -d -m connlimit --connlimit-above 20 -j LOG --log-prefix "FWREJ: dst-connlimit-tcp " -m limit --limit 3/minute --limit-burst 2
# drop
iptables -A FORWARD -p tcp --syn -d -m connlimit --connlimit-above 20 -j DROP

# cust. source limiting
# logging
iptables -A FORWARD -p tcp --syn -s -m connlimit --connlimit-above 20 -j LOG --log-prefix "FWREJ: src-connlimit-tcp " -m limit --limit 3/minute --limit-burst 2
# drop
iptables -A FORWARD -p tcp --syn -s -m connlimit --connlimit-above 20 -j DROP

then i add “standard” webbased to the beginning of the fw script to always allow basic thinsg such as WWW, SSL, DNS, POP/SMTP, FTP, SSH, TELNET, etc. like

iptables -A FORWARD -p tcp --syn -s --dport 80 -j ACCEPT

I like the global setting better than per-customer basis.

btw, what settings did you have for your bandwidth on your moto units for bursting? i’ve still never really understood fully the differences of MIR/CIR…as per described in the manual.


vj wrote:
packet shaper is the best out there...

I beg to differ. 8) I prefer NetEnforcer. But then again, I've never used packet shaper... :D



We use the following settings:
Sustained up and down: 256Kbps
Up and down burst allocation: 50,000Kbits

The effect is that the user can burst up to max throughput possible until they’ve hit the burst allocation without stopping to allow the token bucket to refill, at which point the throttling kicks in and limits the client to the sustained rate. Once the token bucket has replenished after the heavy traffic has backed off, the throttling is removed and they have the full bandwidth back again. The net effect is that abnormally heavy users are rate limited, and those just web browsing and emailing get the whole pipe. Seems to work very well for us. The manual has a pretty good description and some examples on page 86 (7.1.7).

MikroTik is very easy, complete and cheap…

Yo can limit EVERYTHING…


chipi wrote:
MikroTik is very easy, complete and cheap...

Yo can limit EVERYTHING...


I've put together a few Soekris boxes running Pebble Linux... A couple 4801-60s with 4port ethernet cards to make it 7port "wrouter". I'm loving Soekris & Pebble. Pebble fits on a 64MB CF card, but I usually stick it on a 256MB with some other packages on it. I'm currently developing a web server for the Pebble distribution to make things easier to manage network/hardware wise.


it's very very good

anyone have some contact details for a vendor for packet shaper. The contacts on their website have not responded for days now.

bump :?

packeteers PacketShaper try:

Alejandro Aguila <>,

thanks, but no response as yet…

I really want to buy one of these things, but it seems packeteer don’t wanna sell me one…weird :?

Anyone used one of these?

I want to eventually get the net equalizer… It seems to do everything I need plus more… Looks great for automatically throttling back the people downloading movies, etc…

For now, I’m just using this for access control and basic bandwidth limiting:
Its not the greatest but it quick start… Get a dedicated PC with 2 network cards…Download the free trial and try it. Not bad for starting up cheaply.

check out packetlogic they gave us an online demo… very impressive…