July 27, 2005

Build a diskette-based bandwidth management system

Author: Rohit Girhotra

Many users, despite having a good Net connection, complain about poor surfing and download speeds. While an organization could pay for additional bandwidth, a better option might be to manage the bandwidth they already have. There are numerous bandwidth management software tools available. In this article we will explore managing network bandwidth using the dummynet traffic shaper application running on a diskette-based opearting system called PicoBSD.PicoBSD is based on the FreeBSD distro and is pretty easy to configure. It automatically detects and supports almost all the commonly used network cards. Since it's small enough to fit on a single diskette, it allows you to take advantage of outdated hardware, such as 486 boxes. You can obtain a bootable image of the PicoBSD system, which includes dummynet, from Luigi Rizzo's home page. Download this image and use it to create a diskette using the dd command in Linux or the rawrite application in DOS/Windows as follows:

# dd if=pico.000608.bin of=/dev/fd0


C:\rawrite.exe pico.000608.bin a:\

After this, you just need to configure your system and create pipes and rules to set bandwidth priorities for your network users.

Configuring the system

Take any old machine and make sure it has a diskette drive and two network cards. One network card will connect to your Internet gateway/router, while the other will connect to your internal network. I used two Realtek RTL-8139 NICs, which were detected by the OS and identified as rl0 and rl1 network devices.

Boot the system from the diskette. PicoBSD will automatically detect your network cards and will prompt you to provide an IP address and hostname for one of them. You can skip this step for the time being, as it can be done later on, and just press Enter. Once the OS is up and running, you will see a login prompt. Login as root with "setup" as the password. After logging in, you need to configure your network cards. To do this, first issue the following command to identify the two network cards on the system:

# ifconfig –l

Assign any free IP address available on your internal network to the first NIC (i.e. rl0 in my case) as follows:

# ifconfig rl0 inet netmask

Also ensure that the corresponding network card is actually connected to your internal network.

Next assign a public IP address, provided to you by your ISP, to your second NIC as follows:

# ifconfig rl1 inet netmask

If your ISP uses DHCP to assign IP addresses, you'll need to run dhclient, which is not part of PicoBSD by default, but you can add it. After configuring your network cards you need to edit the /etc/rc.conf file in order to set the gateway for the public network so that internal users can access the public network (Internet). Find the defaultgateway entry in this file and set it equal to the IP address of your Internet router, as provided by your ISP. Next, find the gateway_enable entry and set it to Yes. Save the file and exit the editor. Now, reinitialize the services by issuing the command:

# sh /etc/rc

The system will start functioning as a router and you can use its private IP address as the default gateway address for the clients connected on your internal network.

Creating rules

At this point, you haven't done anything that will help manage your bandwidth. for that, you need to create bandwidth pipes and set rules to control the flow of the various types of packets (TCP, UDP, and ICMP) that are going to pass through the router. To do this we will use dummynet, a traffic shaper and bandwidth manager that permits you to control traffic going through the various network interfaces, by applying bandwidth and queue size limitations, implementing scheduling and queue management policies, and emulating delays and losses. Dummynet is implemented at the kernel level in the networking protocol stack.

A pipe in a dummynet system emulates a link with given bandwidth, propagation delay, queue size, and packet loss rate. In other words, pipes are used to set hard limits on the bandwidth that a flow can use. Whereas queues in the dummynet system determine how different flows share the available bandwidth. The user interface for dummynet is provided by the ipfw utility, used for creating firewall rules and controlling the dummynet traffic shaper in FreeBSD.

Whatever pipes, queues, and rules you create are solely meant to operate on the packets traversing the first interface of the system (i.e. rl0 interface in our case), which is connected to your internal network. Therefore, you need to be extra careful when identifying your network cards.

Plan out the bandwidth requirements of your organization, then allocate bandwidth for various kinds of network traffic accordingly. For instance, suppose you wish to limit the inbound traffic to 250Kbps for each node on your internal network To do this, issue the following commands:

# ipfw add pipe 1 ip from any to
# ipfw pipe 1 config bw 250Kbit/s queue 20 mask dst-ip 0x000000ff

The first command creates a pipe named pipe 1 for all the inbound traffic to your internal network. The second command allocates a bandwidth of 250Kbps to pipe 1 and also creates 20 separate queues. Each of the queues created will correspond to a particular host on the internal network and will get the same bandwidth as defined for the pipe pipe 1. You can create even more queues depending on the number of hosts in your internal network.

If you want all the nodes on your internal network to evenly share a single link, you should do the following instead:

# ipfw add queue 1 ip from any to
# ipfw queue 1 config weight 5 pipe 2 mask dst-ip 0x000000ff
# ipfw pipe 2 config bw 250Kbit/s

The above commands create a pipe named pipe 2 with bandwidth of 250Kbps and attaches and configures a queue named queue 1 to this pipe. Each flow through this single queue, corresponding to a particular node in the internal network, will share the parent pipe's bandwidth evenly with other flows generated by the same queue. Other queues with different weights can also connected to the same pipe.

Validity of the system

To experimentally see the effectiveness of this bandwidth management solution you can test the setup by applying rules on the ICMP packets that traverse your network. Issue the following commands on your bandwidth management box to set the rules:

# ipfw add pipe 2 icmp from any to any
# ipfw pipe 2 config bw 30Kbit/s queue 10

This limits the total ICMP traffic (inbound and outbound) on your network to 30Kbps. Now, from any host on your internal network, ping your Internet router with its public IP. You will notice that the ping response time has increased. This indicates that your bandwidth management box is functioning. You can delete this pipe and bring the ping response time back to normal with the command:

# ipfw delete pipe 2

In this way you can add and delete pipes and rules and throttle the bandwidth in your LAN according to your needs. For a detailed description of using ipfw and creating pipes and rules, refer to its online man page .

One final point to remember is that all the rules that you set are lost when you reboot the system. Therefore, you will have to configure the system from scratch after a reboot. You can save all your configuration commands to a shell file and run it after the system boots, but to do so you need to create a custom version of PicoBSD.

Rohit Girhotra is a 22-year-old engineering graduate from NSIT, New Delhi, and a Linux aficionado.

Click Here!