From owner-freebsd-questions@FreeBSD.ORG  Tue Mar 16 18:12:34 2010
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 31B991065675
	for <freebsd-questions@freebsd.org>;
	Tue, 16 Mar 2010 18:12:34 +0000 (UTC)
	(envelope-from erik@barragry.com)
Received: from cork.barragry.com (cork.barragry.com [72.232.202.93])
	by mx1.freebsd.org (Postfix) with ESMTP id 15B8C8FC26
	for <freebsd-questions@freebsd.org>;
	Tue, 16 Mar 2010 18:12:33 +0000 (UTC)
Received: by cork.barragry.com (Postfix, from userid 1006)
	id 4F82B1D7DE4; Tue, 16 Mar 2010 13:12:33 -0500 (CDT)
Date: Tue, 16 Mar 2010 13:12:33 -0500
From: Erik Osterholm <freebsd-lists-erik@erikosterholm.org>
To: FreeBSD <freebsd-questions@freebsd.org>
Message-ID: <20100316181233.GA28264@barragry.com>
References: <f84c38581003131244p215e5dbci35705b0087c5f466@mail.gmail.com>
	<44634xpv38.fsf@be-well.ilk.org>
	<d36406631003160213s639b4942w84fbb1fab6bedbd3@mail.gmail.com>
	<448w9s49ek.fsf@be-well.ilk.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <448w9s49ek.fsf@be-well.ilk.org>
User-Agent: Mutt/1.5.20 (2009-06-14)
Subject: Re: limit bandwidth on sftp
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 16 Mar 2010 18:12:34 -0000

On Tue, Mar 16, 2010 at 10:40:35AM -0400, Lowell Gilbert wrote:
> krad <kraduk@googlemail.com> writes:
> 
> > On 15 March 2010 13:34, Lowell Gilbert <
> > freebsd-questions-local@be-well.ilk.org> wrote:
> >
> >> Tsu-Fan Cheng <tfcheng@gmail.com> writes:
> >>
> >> >    I need to limit my sftp session bandwidth to 20K, can someone show me
> >> how
> >> > to do it? thank you!
> >>
> >> There's no simple way to do that.
> >>
> >> scp has such a capability, though; maybe using that is your easiest option?
> >
> > You could limit port 22 with pf, ipfw etc. This would slow all you ssh
> > traffic rather than just sftp which may or may not work for you. If you are
> > clever with your rule sets you could guarantee bw for certain hosts so they
> > dont loose a functional ssh session and/or you could bw limit it by source
> > ip, rather than a global limit for port 22.
> 
> Aside from having to configure it, the downside of this approach is that
> it involves dropping some traffic and waiting for the retransmit, so it
> will be less efficient than a bandwidth limit in the application
> itself.  TCP's dynamic window resizing (especially with Selective
> ACKnowledgements) should keep the firewall from having to drop too many
> packets, but changing conditions on the network can keep that from
> working as well as you'd like.  If using this technique, make sure the
> other side supports SACK, preferably for multiple segments.

For what it's worth, I think most implementations of sftp/scp do not
set the PUSH flag when transmitting data.  This, combined with ACK
prioritization, could allow you to shape sftp without affecting
interactive SSH sessions.

Erik