L3 routing with throttling

One of the best aspects of ubiquiti hardware is that it tends to come with full linux root access. I've used this in the past to snoop packets traversing an access point in order to reverse engineer a WiFi LED protocol. But even before providing this unprecedented level of access, ubiquiti builds great platforms with incredible value.

I love the edgemax platform because it's incredibly versatile. At the heart of edgemax is a fork of vyatta core maintained by ubiquiti. vyatta was an incredible platform, and still is, but vyatta was bought by brocade and the community aspect has all but vanished.

So, anyway, with the primer done let's look at today's problem:

In this scenario, we have an edgemax router providing internet connectivity to three distinct LANs. Consider the following:

  • internet is a 100M circuit
  • LAN-1 provides general internet access
  • LAN-2 provides voice service
  • LAN-3 is a limited use LAN with low bandwidth demand

Our problem is how to ensure the general internet demand generated on LAN-1 does not impair the voice service demand of LAN-2. To accomplish this goal, we need to reserve bandwidth space within the internet circuit by restricting the bandwidth utilization of LAN-1. We can solve this with edgemax!

In this scenario, the edgemax is providing layer3 routing between two public subnets. Multiple interfaces are bridged to increase the layer1 capacity of one of the subnets. And, finally, the bandwidth of one interface is capped at 80M symmetrically; because the ISP circuit is 100M, this reserves 20M of bandwidth to be shared by the other bridged interfaces.

 interfaces {
     bridge br1 {
         #This bridge expands the physical port capacity
         #of our "internal" public subnet. address info
         #goes here, making it available to all ports 
         #that are members of the bridge.
     }
     ethernet eth0 {
         #This is our uplink port which connects to the ISP.
         #"external" public subnet address info goes here.
     }
     ethernet eth1 {
         bridge-group {
             bridge br1
         }
     }
     ethernet eth2 {
         bridge-group {
             bridge br1
         }
         traffic-policy {
             in limiter
             out rcontrol
         }
     }
     ethernet eth3 {
         bridge-group {
             bridge br1
         }
     }
     ethernet eth4 {
         bridge-group {
             bridge br1
         }
     }
 }
 traffic-policy {
     limiter limiter {
         default {
             bandwidth 80mbit
         }
     }
     rate-control rcontrol {
         bandwidth 80mbit
     }
 }