I am networking and Linux expert with multiple years of experience. I have deploy many projects like that one.
I would suggest you to use Mikrotik device because it’s the best ratio of quality and price on the market. I can tell you exactly which model to choose based on your traffic requirement. Also, by using some models of Mikrotik device, we have a choice to implement failover in case of hardware failure (device can use electrical realy to switch the circuit always on if case of hardware failure).
This device will enable you to: preform a QoS service, deep packet inspection, intercept traffic (remote delivery of specified ACL traffic in PCAP format to network destination), monitor the bandwidth via graphs and ipflow for example. I can configure that device for you. I could also show you how to manage this device programmatically via API or SNMP through network (in order to start some actions on it).
UPDATE: I have sucessfully tested my solution in LAB. I am sending you short report: [login to view URL]