Traffic shaping

What solution are you guys using for traffic shaping ?

Here is my situation:

We have 20 customers on a T1 line.
We have a Squid cache running wich helps ALOT!

Since we have a cache server I don’t cap my SM nor my AP so when a customer do a windowsupdate or something he download at full speed and he is like woooh that’s fast!

When a user download a new linux distro or some huge movie… He takes 80-100% of my T1 bandwidth. So http traffic is slower and everything else is slower until that guy finish his download. Can I fix this with burst allocation ?

If I would like to give priority to certain protocols. P2P lowest, etc…
I’ve looked at NetEnforcer, any others ?


20 customers is not really enough to justify a NetEnforcer or Packeteer shaper.

How well do you know linux, what distro you using, Linux has shaping built into it, you need to prioritise your traffic, give HTTP/mail/etc… higher priority.

What router are you using as your edge router, im sure you will be able to prioritise traffic on the router.

Depending on how many customers you are planning to run on the T1 you may find customers are spoilt when contention gets higher and start to complain.

We were running Squid on FC3 but when we get about 150 connected users it falls over, happened twice. We are now planning to build CentOS 4 box. Anyone else come across this proiblem.

I’ve installed l7 filter and QOS on my linux box (IPCop).

I’m having problems with this however. Sometime I can’t access any webpage on the internet for 2-3 minutes. Now it’s turned OFF until I find out what I did wrong. Any idea ?

I’ve set my rules like mentionned in this page . (

As for the edge router i’m using a Cisco 1605R.
fair-queue is disabled.

M0n0wall based distro pfsense seems interesting (
Any one using it?

Havent used IP Cop but have used Smooth, they are both the same more or less.
But I used it in the capacity of the firewall.

I was looking at some TCP buffering on FC3 and came across the inbuilt QoS in linux, have not tested/tried it but it may or may not work better then say IP COP which runs on its own kernal.

We use packeteer.

we ran into a similar problem as you early on. we bought a T1, and started farming it. We quickly ran into problems with single-user “slammers”. We bought the BAM from Moto. It was ok. But later we began delpoying low cost, non-Moto 2.4GHz solutions for residential customers who could not afford high-priced plans and the very expensive Moto gear. So, we researched… and researched… and came up with an outstanding solution:


Check it out. It’s an amazing piece of software. Now we rate limit every IP address based on their plan. We permit 1Mbit bursting for 60 secs, give them a CIR of 256up/down, and 98% of our users love it. The other 2% are Peer to Peer users looking for constant high speed downloads. Not our choice client for these expensive T1s. We hit 150 users on 1 T1 before we needed to Mux another. This item really works, and the software is less than $100.

If you’ld rather not mess with the install, hardware, and basic config, we sell em for $500, all inclusive. compare that with some other solutions. We also use solid state storage, instead of traditional hard drives. This ensures years of reliable operation.

Mikrotik saved us by helping us to turn faster profits by getting more milage from our T1s.

BTW, we turned off squid due to some odd caching issues. I didn’t really matter after we installed the traffic shaping.


After less than optimum performance with a Nomadix, we ripped it out and did away with any limiting - bad idea. T1 was hammered all the time with AV/Win/Other updates and streams.

We since started limiting at the SM when we install. We have 88 users on a single T1 and it periodically pegs but nothing like it was. It works exceptionally well and I don’t need to buy/maintain any hardware to do it.

Our backend is GreenSoft GBill. When we used this software at another ISP it handled thousands of subs with no problems. Monthly billing was automatic.

We are in contract negotiations for a 15Mbps pipe - that out to clear things up. We plan to start taking some of that T1 business.

we are looking into SkyX from Packeter, anyone with any experience ?