Users often run bandwidth intensive applications - peer-to-peer applications, video, etc. Do you monitor and/or cap per-user bandwidth?
SnapOverflow
Users often run bandwidth intensive applications - peer-to-peer applications, video, etc. Do you monitor and/or cap per-user bandwidth?
I use the QoS of Tomato firmware on my LinkSys WRT54GL router. It can detect all types of traffic, p2p, video, audio, etc and classify it, giving it bandwidth restrictions and packet priority. I believe you can actually set it per IP Address as well. There is also great bandwidth monitoring by day/week/month.
You could also try DD-WRT as it's very similar, but I really prefer Tomato's UI.
There are some other 3rd party firmwares, but I have only used these two.
Per user as in username authenticated connection eg. PPPOE , it should be possible via BSD dummynet pipe bw configuration.
Per user as in one ip per user, it is possible with linux QoS tool tc with HTB. With layer-7 filtering, application level identification of traffic consumer is also possible.
Per-user monitoring is fairly straightforward depending on your network environment and how you handle DHCP leases, authentication, etc. SFlow or NetFlow tools can generally get you what you need.
Per-user bandwidth capping or shaping is another matter entirely, as you need a way to dynamically map "user" to an IP address, MAC address, or switch port, decide based on past stats what their limits should be, then classify that traffic with QoS markings, and finally program multiple network devices with QoS rules to handle those markings.
What sort of networking devices and scale are we talking about here? Most hardware-based routers and switches will have a limited number of QoS queues available. Software-based devices are a lot more flexible, but can handle at most a few million packets per second on high-end x86 hardware. This is about 1% of the packets-per-second that can be handled by higher-end hardware-based routers and switches.
Finally, note that you cannot shape traffic coming in to your network from the Internet without setting up QoS and coordinating all of this complexity with your service providers. You can just drop incoming packets in the hopes that the sender will back off and send more slowly, but there are no guarantees that will happen, and it will negatively impact streaming and gaming applications.