Bart Smaalders
2009-May-12 21:04 UTC
[crossbow-discuss] Controlling outbound bandwidth utilization by port
Among other things, I run an http server on my home DSL line (6M/768kbit). The content includes several large image galleries, and when certain crawlers hit our server w/ multiple large image uploads, we end up with large ping time delays - sufficient to disrupt the kids'' on-line gaming. Attempts to control this with robots.txt has not be very successful; Solaris IPQoS appears quite complex to set up and the modem''s IPQoS features just crash the modem when configured. How can I use crossbow to limit the _outbound_ bandwidth utilization of port 80-sourced traffic? Do I need to place the Apache server in a zone? Thanks - - Bart -- Bart Smaalders Solaris Kernel Performance barts at cyber.eng.sun.com http://blogs.sun.com/barts "You will contribute more with mercurial than with thunderbird."
Kais Belgaied
2009-May-12 21:55 UTC
[crossbow-discuss] Controlling outbound bandwidth utilization by port
On 05/12/09 14:04, Bart Smaalders wrote:> Among other things, I run an http server on my home DSL line > (6M/768kbit). The content includes several large image > galleries, and when certain crawlers hit our server w/ > multiple large image uploads, we end up with large > ping time delays - sufficient to disrupt the kids'' > on-line gaming. Attempts to control this with robots.txt > has not be very successful; Solaris IPQoS appears quite complex > to set up and the modem''s IPQoS features just crash > the modem when configured. > > How can I use crossbow to limit the _outbound_ bandwidth > utilization of port 80-sourced traffic? Do I need to place > the Apache server in a zone?try flowadm add-flow -l <your interface name> -a transport=tcp,local_port=80 http_flow then flowadm set-flowprop -p maxbw=3Mbps http_flow (to set the max bandwidth to 3 Mbps_) and/or flowadm set-flowprop -p priority=low http_flow (to make all processing for traffic matching that flow be at the lowest priority. Kais.> > Thanks - > > - Bart > > >
Bart Smaalders
2009-May-12 23:03 UTC
[crossbow-discuss] Controlling outbound bandwidth utilization by port
Kais Belgaied wrote:> On 05/12/09 14:04, Bart Smaalders wrote: >> Among other things, I run an http server on my home DSL line >> (6M/768kbit). The content includes several large image >> galleries, and when certain crawlers hit our server w/ >> multiple large image uploads, we end up with large >> ping time delays - sufficient to disrupt the kids'' >> on-line gaming. Attempts to control this with robots.txt >> has not be very successful; Solaris IPQoS appears quite complex >> to set up and the modem''s IPQoS features just crash >> the modem when configured. >> >> How can I use crossbow to limit the _outbound_ bandwidth >> utilization of port 80-sourced traffic? Do I need to place >> the Apache server in a zone? > > try flowadm add-flow -l <your interface name> -a > transport=tcp,local_port=80 http_flow > then flowadm set-flowprop -p maxbw=3Mbps http_flow (to set the max > bandwidth to 3 Mbps_) > and/or flowadm set-flowprop -p priority=low http_flow (to make all > processing for traffic matching that > flow be at the lowest priority.On my work desktop: # flowadm set-flowprop -p maxbw=500K http_flow flowadm: warning: cannot set flow property ''maxbw'' on ''http_flow'': minimum value for maxbw is 1.2M Hmmmm. Is this a function of line speed, or is the minimum limit one can set really 1.2Mbits? - Bart -- Bart Smaalders Solaris Kernel Performance barts at cyber.eng.sun.com http://blogs.sun.com/barts "You will contribute more with mercurial than with thunderbird."
Kais Belgaied
2009-May-12 23:45 UTC
[crossbow-discuss] Controlling outbound bandwidth utilization by port
On 05/12/09 16:03, Bart Smaalders wrote:> > On my work desktop: > > # flowadm set-flowprop -p maxbw=500K http_flow > flowadm: warning: cannot set flow property ''maxbw'' on ''http_flow'': > minimum value for maxbw is 1.2M > > Hmmmm. Is this a function of line speed, or is the minimum limit > one can set really 1.2Mbits?yep. 1 MTU (1500 bytes) ethernet packet per tick or 1.2 Mbps is the lowest limit currently supported, The plan is to overcome this limitation in Crossbow-II Kais.> > - Bart > >
Bart Smaalders
2009-May-13 19:02 UTC
[crossbow-discuss] Controlling outbound bandwidth utilization by port
Bart Smaalders wrote:> Among other things, I run an http server on my home DSL line > (6M/768kbit). The content includes several large image > galleries, and when certain crawlers hit our server w/ > multiple large image uploads, we end up with large > ping time delays - sufficient to disrupt the kids'' > on-line gaming. Attempts to control this with robots.txt > has not be very successful; Solaris IPQoS appears quite complex > to set up and the modem''s IPQoS features just crash > the modem when configured. > > How can I use crossbow to limit the _outbound_ bandwidth > utilization of port 80-sourced traffic? Do I need to place > the Apache server in a zone? > > Thanks - > > - Bart > > >After discovering that I couldn''t turn down the bandwidth enough with the current crossbow design, out of desperation I revisited the IPQoS configuration issues. Upon reading the following blog entry: http://www.darkaslight.com/blog/entry/27-Limiting-Bandwidth-for-Solaris-Zones and the IPQoS administration guide http://docs.sun.com/app/docs/doc/816-4094 I cons''d up a IPQoS config file which appears to do the right thing (at least it greatly improves the lag issues we''ve been having): # Mandatory version number fmt_version 1.0 #This config file attempts to limit upload bandwidth #used by Apache. action { module ipgpc name ipgpc.classify params { global_stats TRUE } class { name web1 next_action cap enable_stats FALSE } filter { name httpout sport 80 #locally generated traffic only direction LOCAL_OUT # only on external interface if_name rge0 class web1 } } action { module tokenmt name cap params { committed_rate 524288 committed_burst 524288 peak_burst 524288 red_action_name drop green_action_name continue yellow_action_name continue global_stats TRUE } } Enable with # ipqosconf -a ipqos.conf I''m sure more tweaking is needed, but this is a start. W/ multiple recursive wgets running from sun, I could still access my home server via ssl w/o too much lag. My son also reported acceptable ping times and no dropped packets, unlike the situation w/o this in place. - Bart -- Bart Smaalders Solaris Kernel Performance barts at cyber.eng.sun.com http://blogs.sun.com/barts "You will contribute more with mercurial than with thunderbird."