This guide was originally put together by Mario Crespo, a long-time customer of NetEqualizer, using “best of” material that he found in NetEqualizer Newsletters, as well as our website and blog site. Thanks Mario!

Disclaimer: Advanced Tuning Scripts are for experienced programmers.  If you would like consulting help implementing these tips or other customizations we would be glad to put you in touch with a qualified system integrator.

Index of Advanced Tuning Scripts

Changing Configurations by Time of Day
Connection Limits
Counting Penalties
Creating a script to Block URL’s
Making the GUI accessible via secure HTTPs
Relieve Congestion at an Access Point
Sending Automated Emails from NetEqualizer
Setting a Hard Limit for the entire unit by using TC
Setting Up the NetEqualizer when you have Variable Bandwidth
Speed Log Tool to check your link’s Maximum Bandwidth
Tally Penalties for Certain Users
Tuning ntop on NetEqualizer
Tuning small networks with a small number of infrequent users
URL-based shaping with your NetEqualizer: A How-To Guide
Use a standard SNMP MIB

We often get asked how to count penalties. Although generally you can tell who your abusers are by running the NTOP summary by IP report, here is a quick little script you can run from the Linux shell that will give a running count of penalties for any single IP you wish to monitor.

Counting Penalties

The script counts the number of penalties currently in the log and gives you the top 10 hosts and their count.

Note: Each time your log refreshes every 20 minutes or so, the count will change. However if you are a perl programmer you can modify this script to do a variety of cool things. It is a starting point.

#! /usr/bin/perl -w
# this script is property of APconnections, Lafayette Co
# and may not be used, copied or distributed without permission from APconnections
open (LOGF, “/tmp/arblog”) || die “opening log file “;
$tablesize=0;
@table=(“0″);
@penalty_count=(0);
unless(@ARGV)
{
print “Usage: penalties mm/dd/yy (you must include leading zeros in date)\n”;
exit;
}
while($line=<LOGF>)
{
chomp($line);
if (“$line” eq “” ) { next; }
@foo = split (” “,$line);
if ($foo[0] ne $ARGV[0] ) { next; }
if ( “$foo[2]” eq “PENALTY” && “$foo[3]” eq “IP”)
{
insert($foo[5]);
insert($foo[6]);
}
}
for ($i=0; ($i <10 && $i < $tablesize); $i++)
{
printf ( “Host= %-15s Count=%d\n” ,
$table[$i], $penalty_count[$i] );
}
sub insert {
my($ipx)=@_;
$ip =${ipx};
$match=0;
for ($i =0 ; $i <$tablesize;$i++)
{
if ($table[$i] eq $ip)
{ $match=1;
$penalty_count[$i]++;
if ($i >0 && $penalty_count[$i] >$penalty_count[$i-1])
{
$x = $penalty_count[$i];
$y = $penalty_count[$i-1];
$ip1= $table[$i];
$ip2= $table[$i-1];
$penalty_count[$i-1] = $x;
$penalty_count[$i] = $y;
$table[$i]= $ip2;

$table[$i-1] =$ip1;
}
}
}
if ($match == 0 )
{
$table[$tablesize]=$ip;
$penalty_count[$tablesize]=1;
$tablesize++;
}
}
top

Users often ask us how to configure a NetEqualizer correctly when their upstream provider does not guarantee a fixed amount of bandwidth at all hours of the day?

Setting up the NetEqualizer when you have Variable Bandwidth

There are two options here:

1. If you know when the contention period hits during the day, you can have the NetEqualizer dynamically drop its settings and then return to normal at a pre-set time. Refer to Changing Configurations by Time of Day for details on how to do this.
2. If it happens randomly throughout the day, you will need to set the NetEqualizer to a lower Trunk Setting to account for the worst case all the time. Although not perfectly optimal, this is much better than locking up.

top

Customers sometimes are not sure if they are getting the bandwidth promised by their internet provider. This utility enables customers to check their bandwidth speed, and should be run during the busy hour (aka “peak”).

Speed Log Tool to check your link’s Maximum Bandwidth

Note: This utility was released as part of Software Update 5.0. Please make sure that you are on the 5.0 Release before trying to execute these commands.
All of these are done via the Misc/Run a Command page using the fill in box.
To start up the speedtest logging routine:
nohup /art/speedtest 1 24 1 3600 1>/dev/null 2>&1 &
this will not output anything, just give you a blank page back when its run so don’t do it twice.

Once you do this and wait at least an hour, you will be able to do:
cat /tmp/speedlog

You will see something like:
Bandwidth Speed Test Warning Thu May 5 08:01:56 MDT 2011, expecting a min speed of 102400, peak reached only 46098
This is dependent on what you have set for TRUNK_UP and TRUNK_DOWN. Sometimes it will have a warning and sometimes the message will be different. In this example, maximum bandwidth should have been 102400 and only 46098 was achieved (45% of expected bandwidth). If this test was run during peak hours, either your pipe is not saturated or you would contact your bandwidth provider to find out why you are not able to access all your promised bandwidth.

To stop the process you do:
ps ax
and look for a line like:
20167 ? SN 0:00 /usr/bin/perl -I -w /art/speedtest 1 24 1 3600
then you run the command of:
kill 20167
where 20167 is the process number of the line you found.

If you want to find out if its still running just do the ps ax again and look for it.
top

The two scripts below enhance the NetEqualizer’s connection limits with some intelligence. They track a user’s total connections, and when a certain amount of connections are exceeded, the user is given a connection limit plus a hard limit combination.

Connection Limits

It used to be that connection limits would greatly reduce the amount of bandwidth to a p2p or bittorrent user because we did not see any single connection from a p2p server that would deliver more than 28kbs of data (or it was very rare). However, now we are seeing single bittorrent streams deliver speeds up to a T1 (they are coming from commercial bittorrent sites) and so it is not enough to just limit p2p with a connection limit.

Hence, users at the University of New Brunswick developed the following scripts for their NetEqualizer to combine heavy connection users with additional hard limits.

From the User:

Addonly.pl is something cron to run every 20 minutes and looks for users with excessive connections. It places a hard limit on them and a connection limit on them as long as they are internal IP addresses.

Del.pl is something run every couple of hours. Basically, it looks for IP’s that should no longer be in the restricted bin. At the same time, new ones can still be added in.

The crontabs look like this:

• #### Check connection limits every 20 minutes and place hard limits for high users
• # run this between 7am and 8pm. Clock on neteq behind by 5 hours
• 0,20,40 * * * * /home/root/addonly script > /tmp/addlimit.out 2>/tmp/addlimit.junk
• #clean up the limiting table every 2 hours during this time
• 15 2,4,6,8,10,12,14,16,18,20,22 * * * /home/root/del script > /tmp/limit.out 2>/tmp/limit.junk

All scripts require a file in /home/root called hardlimit.txt to keep track of what is and what is not in the current restricted table. It can be started as a blank file.
top

We’re often asked how to make the NetEqualizer admin secure https. So, here’s the answer…

Making the GUI accessible via secure HTTPs

First, login via SSH or the console directly as root.

Run the following command:

• dpkg-reconfigure stunnel4

Now, edit /etc/default/stunnel4 and set ENABLED to 1.

Next, edit /etc/stunnel/stunnel.conf so it looks like:

cert = /etc/ssl/certs/stunnel.pem

[https]

accept = 443

connect = 80

TIMEOUTclose = 0

And leave everything else alone in there and save it.

Next, run the following commands:

• cd /etc/ssl/certs/
• openssl req -new -x509 -nodes -days 365 -out stunnel.pem -keyout stunnel.pem

Answer the questions as best you can. Put a . where you want to leave it blank.

Finally, run these last few commands:

• chmod 600 stunnel.pem
• dd if=/dev/urandom of=temp_file count=2
• openssl dhparam -rand temp_file 512 >> stunnel.pem
• ln -sf stunnel.pem `openssl x509 -noout -hash < stunnel.pem`.0
• rm temp_file
• /etc/init.d/stunnel4 restart

top

Did you know that some of our users use two configurations and switch them out by time of day?

Changing Configurations by Time of Day

Although it is always best to keep your configuration simple, did you know that you can automatically change bandwidth shaping rules for various times of day?

Assuming you are on the latest NetEqualizer software version you can do all this via the NetEqualizer  GUI by cut and pasting directly from this article.

Here’s an example of how to change the rules at 5:00 pm (1700 hours) and then change them back at 7:00 am (0700 hours) every day.  If you want to adapt it to different times of day, or a different frequency you will need modify this example accordingly:

Assuming your current NetEqualizer config is setup for a daytime configuration, you can save your current NetEqualizer configuration so that it can be put back at a later time and used as the daytime config with:

From the GUI -> Misc/Run a command:

cp /etc/arbdefault.conf /root/daytime.conf

This copies the running config to a new file in roots home directory. The new file is now called daytime.conf.  Next, from the GUI you should change the NetEqualizer settings to how you would want them at night and then save that away with:

From the GUI -> Misc/Run a command:

cp /etc/arbdefault.conf /root/nighttime.conf

This copies the (new) running config to a new file in roots home directory. The new file is now called nighttime.conf.  Now, create a shell script that can be run at 5:01 p.m.

From the GUI -> Misc/Run a command:

touch /root/switchto5pmconfig.sh

Now edit the file switchto5pmconfig.sh by doing:

From the GUI -> Misc/ Edit any text file – the filename:

/root/switchto5pmconfig.sh

And then copy and paste the following four lines into the box:

cp /root/nighttime.conf /etc/arbdefault.conf

/etc/init.d/arbitrate stop

sleep 10

/etc/init.d/arbitrate start

From the GUI -> Post the changes.

Now repeat for the morning configuration:

From the GUI -> Misc/Run a command:

touch /root/switchto7amconfig.sh

Now edit that switchto7amconfig.sh by doing:

From the GUI -> Misc/ Edit any text file – the filename:

/root/switchto7amconfig.sh

And then copy and paste the following four lines:

cp /root/daytime.conf /etc/arbdefault.conf

/etc/init.d/arbitrate stop

sleep 10

/etc/init.d/arbitrate start

From the GUI -> Post the changes.

To make these two shell scripts executable:

From the GUI ->  Misc/Run a command:

chmod +x /root/switchto5pmconfig.sh;chmod +x /root/switchto7amconfig.sh

Next, edit the crontab file in the roots home directory. Since we keep a default one there already just do:

From the GUI -> Misc/Edit any text file –  the  filename:

/root/crontab

And then copy and paste the following two lines which will execute these two files at 5pm (17 hours) and 7:00 am (07 hours):

01 17 * * * /root/switchto5pmconfig.sh

01 07 * * * /root/switchto7amconfig.sh

From the GUI -> Post the changes.

Now to make NetEqualizer start using different configurations at different times of day do:

From the GUI -> Misc/Run a command:

crontab /root/crontab

Then edit the autostart file so that when you reboot these changes will take affect again:

From the GUI -> Misc/Edit autostart – and put this line at the bottom of the file:

crontab /root/crontab

From the GUI -> Post the changes.

Done!

top

Ever want to have the NetEqualizer send e-mails when certain conditions arise? For example, if your NTOP partition is low on disk space? Well, thanks to one of our customers (an operator on the Queen Charlotte Islands, BC who wanted to remain anonymous), we have the following tip. You’ll need to get the binary for this e-mail send client from us, but once you have it, you can follow his simple instructions. Here they are…

Sending Automated Emails from NetEqualizer

You specify the IP number of the smtp server which you want to connect to and it delivers the message (piped or stdin) to that server.

To send an email “job completed”:

echo “job completed” | ./smtpclient -s job-done -fneteqmachine.domain.com -S192.168.1.1 recipeitn@domain.com

Here are the command options:

Usage: smtpclient [options] recipients…

Message header options:

• s, –subject=STR (subject line of message)
• f, –from=ADDR (address of the sender)
• r, –reply-to=ADDR (address of the sender for replies)
• e, –errors-to=ADDR (address to send delivery errors to)
• c, –carbon-copy=ADDR (address to send copy of message to)

Processing options:

• S, –smtp-host=HOST (host where MTA can be contacted via SMTP)
• P, –smtp-port=NUM (port where MTA can be contacted via SMTP)
• M, –mime-encode (use MIME-style translation to quoted-printable)
• L, –use-syslog (log errors to syslog facility instead of stderr)

Giving feedback:

• v, –verbose (enable verbose logging messages)
• V, –version (display version string)
• h, –help (display this page)

top

Many times we are asked to tally PENALTIES for a particular user. Here is a script to do just that:

Tally Penalties for Certain Users

• #!/bin/sh
• count=0
• count2=0
• while read a
• do
• echo $a | grep PENALTY | grep IP > /dev/null
• if [ "$?" = 0 ]
• then
• count=`expr $count + 1`
• echo PENALTY total for IP $1 count = $count
• fi
• done

Save this script off in a file named pencount in the /art directory.

To run this script, log in to the shell:

• cat /tmp/arblog | /art/pencount x.x.x.x

x.x.x.x represents the IP address for which you wish to count penalties.

top

Use a standard SNMP MIB

Did you know you can load the standard SNMP MIB on the NetEqualizer? Here’s how one site suggests you do it: http://www.debianhelp.co.uk/snmp.htm
top

Note: This tip is intended for administrators with advanced Linux training.

Tuning ntop on NetEqualizer

Although rare, there have been instances of running out of room when turning on additional NTOP reporting tools (beyond what comes enable). Below is a script that can be used to ensure that your NetEqualizer flash memory does not overflow.

The following script text should be saved away to a file called runcheckspace.

runcheckspace 90

This will test disk space when over 90 percent full and kill NTOP if it is running.

To run this forever, you can do:

while true
do
checkspace 90
sleep 60
done

This will run every minute. Should you decide to run unsupported extensions to NTOP or other utilities, this script will give you protection against logs filling up disk space.

#! /usr/bin/perl
##save this perl script as checkspace
@foo=`df`;
@ntop=`ps -ef | grep ntop | grep -v grep`; foreach $line (@foo)
{
chomp($line);
@special = split(” “,$line);
if ($special[0] eq “rootfs” ) {
$sum=$special[2]/$special[1] * 100;
if ($sum > $ARGV[0])
{
print “Warning disk space more than $ARGV[0] percent full \n”;
chomp(@ntop);
$line2 = split(@ntop);
foreach $line2 (@ntop)
{
@special2 = split(” “, $line2);
if ( exists $special2[1] )
{
print “line2 $special2[1] \n”;
$result=`kill -9 $special2[1]`;
}
}
}
}
}
top

Do you have congestion at your Access Points? You should know that you can actually relieve congestion at an access point from the head of your network if you own a NetEqualizer.

Relieve Congestion at an Access Point

Here’s how:

• You must know the IP addresses of all of the users sharing the access point.
• Use the NetEqualizer pool feature and create a pool with an up/down bandwidth threshold in accordance with your average throughput of your access point. In reality what we have noticed is that most access points B/G seem to end up putting out about 1.5 megabits, so if in doubt, use this number.
• Once you have created a pool add the IP addresses into the pool.

That’s all you need to do. The NetEqualizer will automatically initiate congestion control when the throughput at the access point approaches 1.5 megabits. The effect of this feature will keep weaker premise nodes from getting locked out.

top

Some customers want to manage how much of a leased line they use. For instance, they have a unit that connects at 10 mbits on the LAN portsbut they want to limit total bandwidth to 5 megabits total so theywill not exceed that. Here’s how.

Setting A Hard Limit For the Entire Unit By Using TC

Use the web GUI and go to the Firewall/Edit Firewall rules file and put in:

• #!/bin/sh
• WAN=”eth0″
• LAN=”eth1″
• # First we have to throttle the total bandwidth of $WAN (10mbps switch) to
• # 640KBps (5 megabits)
• tc qdisc del dev $WAN root handle 10:
• tc qdisc add dev $WAN root handle 10: cbq bandwidth 10mbit avpkt 1000
• tc class add dev $WAN parent 10:0 classid 10:2 cbq bandwidth 10mbit rate 640kbps allot 1514 maxburst 20 avpkt 1000 prio 4 isolated bounded
• tc qdisc add dev $WAN parent 10:2 handle 20: cbq bandwidth 640kbps allot 1514 avpkt 1000
• # Next we have to throttle the total bandwidth of $LAN (10mbps switch) to
• # 640KBps (5 megabits)
• tc qdisc del dev $LAN root handle 11:
• tc qdisc add dev $LAN root handle 11: cbq bandwidth 10mbit avpkt 1000
• tc class add dev $LAN parent 11:0 classid 11:2 cbq bandwidth 10mbit rate 640kbps allot 1514 maxburst 20 avpkt 1000 prio 4 isolated bounded
• tc qdisc add dev $LAN parent 11:2 handle 21: cbq bandwidth 640kbps allot 1514 avpkt 1000

top

The following script can be used with your NetEqualizer to block a set of URL’s of your choosing. Save the script below into a file in the /art directory, we named ours blockstuff.pl. Then create a file with URL’s you wish to block, one per line in the same directory as this perl script. You’ll need a NetEqualizer version 4.0 or higher…

Creating a Script to block URL’s

• #!/usr/bin/perl -w
• #
  $| = 1;
• if(scalar(@ARGV) < 1){
  print “Usage: $0 <file name with urls to block> \n”;
  exit 1;
  }
• open (SPECIAL, “< $ARGV[0]“) || die “opening url file in block stuff problem”;
• while ($line=<SPECIAL> )
  {
  chomp($line);
  print ” blocking $line \n”;
• $search_phrase = $line;
• if ( -e “/usr/bin/nslookup”)
  {
  print ” calling nslookup for $search_phrase \n”;
  $data=`/usr/bin/nslookup $search_phrase`;
  open (LOGF, “>> /tmp/arblog”) || die “opening log file “;
  # uses same log file as NetEq process not sure if this a good idea ?
  print “$data data \n”;
  chomp($data);
  @foo= split(/[\s#]+/, $data);
  $counter=6;
  while ( $counter < @foo)
  {
  $counter= $counter+1;
  if ( exists $foo[$counter] ) {
  if ($foo[$counter] =~ /(\d+)(\.\d+){3}/)
  {
  print ” $foo[$counter] is an IP \n”;
  # ADD_CONFIG CONNECTION x.x.x.x/y val porti direction optional_commenta
  system (“/art/ADD_CONFIG CONNECTION $foo[$counter]/32 1 0 1 $line “);
  print LOGF “putting block on site $search_phrase IP $foo[$counter] \n”;
  }
  else
  {
  print LOGF “problem with version of NS lookup could not find valid IP for $search_phrase \n”;
  }
  }
  }
  }
  else
  { print “need nslookup utility to run this command part of dnslib package debian\n”;
  exit 1;
  }
  }
  # While there’s a URL in our queue which we haven’t looked at …

top

January 2, 2010 — netequalizer

URL-Based Shaping With Your NetEqualizer: A How-To Guide

What is URL-based Shaping?

URL shaping is the ability to specify the URL, normally a popular site such as YouTube or NetFlix, and set up a fixed-rate limit for traffic to that specific URL.

Is URL shaping just a matter of using a reverse lookup on a URL to get the IP address and plugging it into a bandwidth controller?

In the simplest case, yes, but for sites such as YouTube, the URL of http://www.youtube.com will have many associated IP addresses used for downloading actual videos. Shaping exclusively on the base URL would not be effective.

Is URL shaping the same thing as application shaping?

No. Although similar in some ways, there are significant differences:

1. URL shaping is essentially the same as shaping by a known IP address. The trick with URL shaping is to discover IP addresses associated with a well known URL.
2. Application shaping uses Deep Packet Inspection (DPI). URL shaping does not. It does not inspect or open customer data.

How to set up URL-based shaping on your NetEqualizer

The following specifications are necessary:

1. NetEqualizer version 4.0 or later
2. A separate Linux-based client such that the client must access the Internet through the NetEqualizer
3. The Perl source code for client URL shaping (listed below) loaded onto a client
4. You will also need to set up your client so that it has permissions to run RSH (remote Shell) commands on your NetEqualizer without requiring a password to be entered. If you do not do this, your Perl discovery routine will hang. The notes for setting up the RSH permissions are outlined below.

How it works…

Save the Perl source code into a .pl file we suggest urlfinder.pl

Make sure to make this file executable

chmod 777 urlfinder.pl

Run the perl command with the following syntax from the command line, where domain.com will be replaced with the specific URL you wish to shape:

./urlfinder.pl http://www.domain.com pool# downlimit uplimit x.x.x.x y.y.y.y

• Pool# is an unused bandwidth pool on your NetEqualizer unit
• Downlimit is the rate in bytes per second incoming for the URL
• Uplimit is the rate bytes per second outgoing to the Internet for the URL
• x.x.x.x is the IP address of your NetEqualizer
• y.y.y.y is the IP address of the client

The script will attempt an http request using http://www.domain.com. It will then continue to do recursive Web accesses on subsequent links starting on the main domain URL. It will stop when there are no more links to follow or when 150 pages have been accessed. Any foreign IP’s found during the access session will be put into the given bandwidth pool as CLASS B masks, and will immediately be forever shaped until you remove the pool.

Notes:

In our beta testing, the script did well in finding YouTube subnets used for videos. We did not confirm whether the main NetFlix home page URL shares IP subnets with their download sites.

Notes for setting up RSH

Begin Notes

These notes assume you are either logged in on the Client as root or you use sudo -i and are acting as root.

192.168.1.143 is used in the example as the Server (NetEq) IP.

On your Client machine, do:

• ssh-keygen -t rsa -b 4096
• ssh-copy-id -i ~/.ssh/id_rsa.pub root@192.168.1.143
• nano -w /etc/ssh/ssh_config

Make sure that these are as follows:

• RhostsRSAAuthentication yes
• RSAAuthentication yes
• EnableSSHKeysign yes
• HostbasedAuthentication yes

The next line is all one line to the ssh_known_hosts

• scp /etc/ssh/ssh_host_rsa_key.pub root@192.168.1.143:/etc/ssh/ssh_known_hosts

The next line is all one line to the ssh_known_hosts2

• scp /etc/ssh/ssh_host_rsa_key.pub root@192.168.1.143:/etc/ssh/ssh_known_hosts2

Now, find out your HOSTNAME on the Client:

• echo $HOSTNAME

On the Server machine, do:

• nano -w /etc/hosts.equiv
• harry-lin root
• my $HOSTNAME of the Client was harry-lin
• nano -w /etc/ssh/sshd_config

Check the following:

• PermitRootLogin yes
• StrictModes yes
• RSAAuthentication yes
• PubkeyAuthentication yes
• AuthorizedKeysFile %h/.ssh/authorized_keys
• IgnoreRhosts no
• RhostsRSAAuthentication no
• HostbasedAuthentication yes

Now do:

• chown root:root /root

Then:

• /etc/init.d/ssh reload

Now you can try something like this from your Client:

• ssh root@192.168.1.143

If it doesn’t work, then do the following, which gives you details if possible:

• ssh -v root@192.168.1.143

Final Notes: While support for this utility is NOT currently included with your NetEqualizer, we will assist any customers with a current Network Software Subscription for up to one hour. For additional support, consulting fees may apply.
top

NetEqualizer Tuning Guide for Small Networks with a Small Number of Infrequent Users

December 22, 2010 — netequalizer

If you are working with a network that has a small number of infrequent users on a small network (10Mbps or less), here are some tuning recommendations that will help you to optimize your network use.  These recommendations came out of a discussion with one of our customers.   Their environment is a 40 person company on a 10Mbps pipe (normal amount of users on a small network), and then converts over at night to a network with only one user.

The following recommendations will help to alleviate the situation where a small network with a small number of infrequent users has a user get knocked down to a less than 1Mbps with a PENALTY while there is more than enough bandwidth to sustain their download at a higher rate.

Summary of Recommendations (listed in priority order):

1) (best option) Put a hard limit somewhere below RATIO (typically 85%) on each IP address on the network.  So, for a 10Mbps network with RATIO = 85%, your hard limits should be below 8.5Mbps for each IP address.

2) Put a “day configuration” and a “night configuration” in place.  The process to do this is described in the Changing Configurations by Time of Day section of this guide.

3) Change the PENALTY unit sensitivity, to make the penalty less restrictive.

4) Raise the value of HOGMIN from 12,000 bytes/second anywhere up to 128,000 bytes/second.

The philosophy behind each is described in detail in the following sections.

1) Adding Hard Limits on each IP address

We recommend putting Hard Limits on each IP address.  Hard Limits will keep any one user from consuming the entire network bandwidth.  If you prefer not to have Hard Limits on all IP addresses, you can set the Hard Limit only for the infrequent users.

For example, on a 10Mbps network, you can put a Hard Limit of 4-5Mbps on every user, which will prevent any one user from tripping equalizing, but will allow all of them to sustain a 5 Mbps download on your lightly loaded network.

If a user starts a large download, it will consume network bandwidth up until the network reaches a point of congestion (at 85% with RATIO set to 85).   Once that point is reached, equalizing will kick in and start penalizing the traffic.  In cases where the network has a normal number of users on it, this works very well to provide fairness across the available bandwidth.

When the one network user spikes the entire network to above 85% congested, a Penalty kicks in.  The result of the penalty is that the file download gets throttled back to 500kbs or maybe less – almost instantly.  Once the penalty is removed, the file download will again consume all the network bandwidth until another penalty is applied. This cycle repeats itself every few seconds until the download completes.

On a system with more than one user, and typically one that is very busy with 100′s of users or 1000′s, the pipe is usually always near capacity, so penalties being applied are not as dramatic, and ensure that all other users do not experience “lockup”.

2) Change your Configuration by Time of Day

You can also change your NetEqualizer to use two separate configuration files, so that you can apply different rules at various times of day – for example, rules for “off-hours” (typically nighttime) versus another set for “on-hours” (typically daytime).    This would be beneficial if you want to open up the amount of bandwidth available per user at night.  For example, you could set your off-hours hard limits to 8 Mbps, and lower your on-hours hard limits to 4Mbps.

Note that it is still important to keep your hard limits below RATIO, so that you do not trigger equalizing based on one data flow.

3) Change the PENALTY unit sensitivity, to make the penalty less restrictive

Networks much larger than 45 megabits may require a PENALTY UNIT resolution smaller than 100ths of seconds. In the NetEqualizer Web GUI, the smallest penalty that can be applied to an IP Packet is 1/100 of a second. If you are finding that a default PENALTY of 1 is putting too much latency on your connections then you can adjust the PENALTY unit to 1/1000 of second with the following command:

From the Web GUI Main Menu, Click on ->Miscellaneous->Run a Command

Type in: /bridge/bridge-utils/brctl/brctl rembrain my 99999

Note: For this change to persist you will need to put it in the /art/autostart file.

4)  Raise the value of HOGMIN, anywhere up to 128,000 bytes/sec

HOGMIN is used to determine what traffic should be penalized on a congested network.  One way to get traffic to not be penalized, then, is to raised the value of HOGMIN (default is 12,000 bytes per second).  For a lightly-loaded network you could consider HOGMIN = 50,000 bytes/sec and may even go as high as 128,000 bytes/sec.

Taken as a whole, this is how our four recommendations would work in the example we have described…

Hmm… I have a 10 megabit pipe and I have 40 users during the day and 1 user at night.  No user should be able to take the whole pipe all day, but I want my 1 user to get more bandwidth at night.

• I’ll create two configuration files: one with 4Mbps hard limits on all my users during the day (4 megabits is relatively fast service for the average and nobody would complain) and another with 8Mbps hard limits for my night user(s).
• In addition, I would like the penalty to be less harsh at night, so I’ll change the PENALTY=1/1000 of a second in my night configuration file.
• I also would like HOGMIN to be raised at night.  I will set it to 50,000 in my night configuration file.

During the day, when every once in a while we get 2 or 3 users downloading at once, it will no longer kill the entire pipe.  And during the night, my user can download larger files without being restricted.  So, with 4Mbps/8Mbps restrictions plus Equalizing, I get the best of both worlds – pretty fast downloads when the pipe is empty and I am protected against peak time crashes! People get fast downloads and if there is a peak I am protected from system gridlock.   Now there is nothing anybody can do to crash the system at random times.
top