From owner-freebsd-pf@FreeBSD.ORG Tue Apr 24 15:48:28 2007 Return-Path: X-Original-To: freebsd-pf@freebsd.org Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 9FFFD16A400 for ; Tue, 24 Apr 2007 15:48:28 +0000 (UTC) (envelope-from volker@vwsoft.com) Received: from frontmail.ipactive.de (frontmail.maindns.de [85.214.95.103]) by mx1.freebsd.org (Postfix) with ESMTP id 3CA2513C459 for ; Tue, 24 Apr 2007 15:48:28 +0000 (UTC) (envelope-from volker@vwsoft.com) Received: from mail.vtec.ipme.de (Q7c22.q.ppp-pool.de [89.53.124.34]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by frontmail.ipactive.de (Postfix) with ESMTP id 47376128829 for ; Tue, 24 Apr 2007 17:48:22 +0200 (CEST) Received: from cesar.sz.vwsoft.com (cesar.sz.vwsoft.com [192.168.16.3]) by mail.vtec.ipme.de (Postfix) with ESMTP id C22C03F4E8; Tue, 24 Apr 2007 17:47:54 +0200 (CEST) Message-ID: <462E26B0.9060509@vwsoft.com> Date: Tue, 24 Apr 2007 17:48:00 +0200 From: Volker User-Agent: Thunderbird 2.0.0.0 (X11/20070420) MIME-Version: 1.0 To: Andrei Manescu References: <002101c785ec$0dd557d0$5501a8c0@ivorde> In-Reply-To: <002101c785ec$0dd557d0$5501a8c0@ivorde> X-Enigmail-Version: 0.95.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-VWSoft-MailScanner: Found to be clean X-MailScanner-From: volker@vwsoft.com X-ipactive-MailScanner-Information: Please contact the ISP for more information X-ipactive-MailScanner: Found to be clean X-ipactive-MailScanner-From: volker@vwsoft.com Cc: freebsd-pf@freebsd.org Subject: Re: bandwidth limiting per ip with PF and ALTQ X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 24 Apr 2007 15:48:28 -0000 On 12/23/-58 20:59, Andrei Manescu wrote: > Hello > > > Has anyone any idea on how to limit upload traffic per incoming connection or per IP address (host) for a web or ftp server, or from any specific port on the server using PF and ALTQ ?? > > I want that any web client for my server to be able to download from me (via http) with maximum xxx kbps and, if available, to borrow bandwidth. > > I want to avoid situations in which 2 or 3 clients download something from the server and all the other clients browse the web pages very hard. > > Or is it better to use apache mod_cband ?? > > Thank you in advance. > > I wish you a very nice day. > Andrei. > Andrei, there's no way to tell another client something like "hey, you're talking too fast to me, please slow down a bit". You can control bandwidth for packets leaving your host but not arriving (just to avoid the term upstream as it depends from the point of view what upstream traffic really is). If your host is serving content to clients, you should be able to serve all clients in a reasonable fair way by using queuing. But you can't do that per client or per connection. For a http server (or mail or whatever public service) queuing is one of the very first things to setup when going into production as you probably don't want all http clients eat up all your bandwidth and the machine will be unable to serve anything else. You need to create one queue (for example) for your http server and assign all traffic to your http server into that queue. Having a queue with a guaranteed bandwidth for every connection (client) would require the creation of "dynamic queues" on the fly. I'm not aware of such possibility. HTH Volker