Josh Chamas
2002-Sep-17 18:02 UTC
Throttling or policing incoming bandwidth to my linux server
Hey,
Does anyone have an idea on how to police incoming bandwidth
to my server/workstation, in addition to outgoing. I have
a rule set like this so far that does well to limit my
outbound traffic, but what could I add to this that would
limit my inbound traffic to $LIMIT as well, ideally both
inbound & outbound sharing the same $LIMIT say 200kbit.
LIMIT=200kbit
HOSTIP=NNN.NNN.NNN.NNN
start () {
tc qdisc add dev eth1 root handle 1: cbq avpkt 1000 bandwidth 10mbit
tc class add dev eth1 parent 1: classid 1:1 cbq rate $LIMIT allot 1500 prio
5 bounded isolated
tc filter add dev eth1 parent 1: protocol ip prio 16 u32 match ip src
$HOSTIP flowid 1:1
tc qdisc add dev eth1 parent 1:1 sfq perturb 10
}
The reason I want this is to be able to limit my bandwidth
to what I pay for at my colocation facility, & I only have
one server/host machine there, no router.
I have read the docs about policing bandwidth with little
help, and it seems that when I try to reference the ingress
rules, I get a kernel error, maybe its not compiled into my
stock 7.2 redhat by default? It sounded like ingress rules
might be related to policing, if so I am out of luck.
The FreeBSD dummynet/ipfw implementation seem to handle this
just fine out of the box, so I suspect this functionality
is lurking in the tc rules, but have not found any online
docs that seem to know how to clearly do it.
Thanks for any clarification you might have on this.
Regards,
Josh
________________________________________________________________
Josh Chamas, Founder phone:925-552-0128
Chamas Enterprises Inc. http://www.chamas.com
NodeWorks Link Checking http://www.nodeworks.com
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Stef Coene
2002-Sep-17 18:53 UTC
Re: Throttling or policing incoming bandwidth to my linux server
On Tuesday 17 September 2002 20:02, Josh Chamas wrote:> Does anyone have an idea on how to police incoming bandwidth > to my server/workstation, in addition to outgoing. I have > a rule set like this so far that does well to limit my > outbound traffic, but what could I add to this that would > limit my inbound traffic to $LIMIT as well, ideally both > inbound & outbound sharing the same $LIMIT say 200kbit.If you create a imq devce (you need to patch kernel + iptables for this), you can redirect incomint and outgoing to this device so you can make sure IN + OUT < 200kbit.> LIMIT=200kbit > HOSTIP=NNN.NNN.NNN.NNN > > start () { > tc qdisc add dev eth1 root handle 1: cbq avpkt 1000 bandwidth 10mbit > tc class add dev eth1 parent 1: classid 1:1 cbq rate $LIMIT allot 1500 > prio 5 bounded isolated tc filter add dev eth1 parent 1: protocol ip prio > 16 u32 match ip src $HOSTIP flowid 1:1 tc qdisc add dev eth1 parent 1:1 sfq > perturb 10 > } > > The reason I want this is to be able to limit my bandwidth > to what I pay for at my colocation facility, & I only have > one server/host machine there, no router. > > I have read the docs about policing bandwidth with little > help, and it seems that when I try to reference the ingress > rules, I get a kernel error, maybe its not compiled into my > stock 7.2 redhat by default? It sounded like ingress rules > might be related to policing, if so I am out of luck.You also need tc with ingress support. Why not compile your own kernel ? And I don''t use RH, so I don''t know if there kernels support ingress.> The FreeBSD dummynet/ipfw implementation seem to handle this > just fine out of the box, so I suspect this functionality > is lurking in the tc rules, but have not found any online > docs that seem to know how to clearly do it.It is, ingress + policer is the answer. Stef -- stef.coene@docum.org "Using Linux as bandwidth manager" http://www.docum.org/ #lartc @ irc.oftc.net _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/