Post in category: Hardware

Monitoring and limiting traffic in the local network on a router with OpenWrt

1 May 2021, 20:36 BST

22 March 2025, 16:15 GMT

5 min.

Contents

As the number of users increases, it is time to introduce speed limits in the network.

While I do not need this on my home router, in corporate use, it is worth knowing who and how much is using the connection and, if necessary, introducing appropriate restrictions.

First, you need to find out who, and then how much.

So let’s start with the tools to monitor our connection.

Monitoring

Depending on how much information we need, we can install two packages from the router: luci-app-vnstat2 or luci-app-nlbwmon.

luci-app-vnstat2

opkg update
opkg install luci-app-vnstat2

After installing the package, you will see an additional option in the menu Status > VnStat Traffic Monitor

By default, the application will be configured to monitor traffic in our local network (br-lan) and the basic Internet connection (eth1.2). If not, go to the Configuration tab and in Monitor interfaces select what we want to monitor.

In the main section VnStat Graphs we have several methods of presenting the collected data.

Summary display we receive information in the form of data and graphs, how much data we have collected today, yesterday, this month and in the previous month.

Top 10 display will show us the 10 busiest days in our network. Of course, we have to allow our router to collect them, so we won’t see everything at once.

Hourly traffic will show us the load for the last 24 hours. Similarly, Daily traffic translated into days and Monthly traffic months.

We will not receive any information about who has stressed our connection. This package will mainly serve us to analyze how much we use our connection.

luci-app-nlbwmon

opkg update
opkg install luci-app-nlbwmon

This package gives us insight into even more information.

We have a dedicated Bandwidth Monitor menu (or Services > Bandwidth Monitor) with extensive configuration options (Configuration) and the ability to save data collected over time (Backup), as well as restore it. Particularly useful in the case of firmware update on the router.

In the Display tab we will get a preview of how individual users in our network loaded our connection (Traffic Distribution).

Including the division into protocols of individual applications (Application Protocols)

If communication in our network takes place via both IPv4 and IPv6, the IPv6 tab will show us how traffic is divided depending on the communication method.

What’s more, in the Export tab we can save the collected data in several formats, allowing for their later analysis in external programs.

There is nothing against installing both packages and deciding which one is better in the next few days. A lot of users notice that nlbwmon skips some traffic, which is why its statistics are lower than vnstat.

Of course, it should be noted that in vnstat we can set which interfaces are to be monitored by it (by default our main Internet connection and local network). In the case of nlbwmon, the interface responsible for the local network is monitored by default (however, this also includes transfer from WireGuard clients, if we have it installed according to my other post).

Overall, everything is fine, but I still feel there’s something missing here.

So I would like to know what the current usage of the internet connection is. At a given moment, at what speed a given user is downloading something. This is especially important in the next step, where we will want to limit what some people do.

OpenWrt theoretically has a built-in monitoring system (Status > Realtime Graphs).

In addition to the graphical charts, we have the Realtime Rate tab, which should show live current bandwidth usage by individual IP addresses. I say should because we personally get the message “Collecting data…” and nothing more.

Fortunately, to fill the above gap, we can use an additional package luci-wrtbwmon. Thanks to it, we will get an additional Usage tab in the Network section, which will display what Realtime Rate should, i.e. the use of our connection by individual devices in the network.

The installation of the above package (and the basic package wrtbwmon) is described here and is performed from the terminal level of our router.

Before you do that, please read the update at the very end of the post.

Once we have gathered information about who we need to impose restrictions on, it is time to implement them.

Limitations

opkg update
opkg install luci-app-nft-qos

For this purpose we will use the luci-app-nft-qos package.

After installing it we will get the Qos over Nftables option in the Services menu.

In the Limit Rate tab we can impose limits on individual users, while in Traffic Priority we can set which traffic in our network should have priority over others. This is especially important in an environment where we have several VoIP phones connected to the network. We would not like to have a situation where a conversation is delayed while someone on the network starts downloading a large file.

After enabling (Enable Traffic Priority) and accepting the changes, additional options will appear, in which we can specify what is important for us, in our network. For example, the SIP/VoIP protocol on port 5060, so that it has priority over HTTP(80)/HTTPS(443) traffic.

After clicking Limit Enable in the Limit Rate tab, we will immediately get several options to configure.

First, we need to decide how our transfer will be managed (Limit type). Whether in a static way (Static) or dynamically (Dynamic)

Further on, we can exclude individual users (here it is recommended to assign fixed IP addresses to users in the network so that they can be better managed: Network > DHCP and DNS > Static Leases).

Here you need to pay attention to the units. Megabit/s is not the same as Megabyte/s. A 100Mbps (100 Megabit/s) connection is ~12.5MB/s (Megabyte/s). Google, when asked appropriately, can convert one unit to another directly from the search engine field.

In the case of static bandwidth management, we will receive additional options that we can assign to identified users, leaving all others with the default options (Default Rate).

Personally, with a 100/100 work connection, each unidentified user gets 5/5 while those who are identified have different limits available.

I am missing something in between, and I will look for it and write if I find it. Namely, I would like to have the option of a lower limit for users when there is a high demand, but when the network is quiet, to dynamically assign the entire available transfer. It is a bit silly to impose a 5Mbps limit on a user when no one else is using the internet in the network.

We’ll see, maybe I’ll find something better.

If you care about monitoring other parameters from routers in addition to transfer monitoring, the luci-app-statistics package will be indispensable for you. This package, together with the list of modules opkg list | grep collectd-mod will significantly expand the capabilities of our device.

Update

As I mentioned at the beginning, where Status > Realtime Graphs > Rate was not doing its job as it only displayed the message “Collecting data…”.

Well, installing the luci-app-nft-qos package allows us to magically add this functionality and in the Rate tab we will see our live data.

If we do not see any of the above options after logging in, let’s log out and log in to our router via SSH and execute the command rm /tmp/luci-indexcache* to empty the cache.

Removing this package completely loses this tab. It seems that at some point in my work with OpenWrt, something belonging to the above package was installed but did not work properly, which is why my Rate tab displayed the message “Collecting data…”. Now everything works and there is no need to manually install external packages.

Regards.