From owner-freebsd-questions@FreeBSD.ORG Wed Apr 2 17:49:23 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 1125C106564A for ; Wed, 2 Apr 2008 17:49:23 +0000 (UTC) (envelope-from keramida@ceid.upatras.gr) Received: from igloo.linux.gr (igloo.linux.gr [62.1.205.36]) by mx1.freebsd.org (Postfix) with ESMTP id 562608FC1B for ; Wed, 2 Apr 2008 17:49:21 +0000 (UTC) (envelope-from keramida@ceid.upatras.gr) Received: from kobe.laptop (vader.bytemobile-rio.ondsl.gr [83.235.57.37]) (authenticated bits=128) by igloo.linux.gr (8.14.2/8.14.2/Debian-3) with ESMTP id m32Hj9dU015391 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Wed, 2 Apr 2008 20:45:31 +0300 Received: from kobe.laptop (kobe.laptop [127.0.0.1]) by kobe.laptop (8.14.2/8.14.2) with ESMTP id m32Hj2YX002762; Wed, 2 Apr 2008 20:45:02 +0300 (EEST) (envelope-from keramida@ceid.upatras.gr) Received: (from keramida@localhost) by kobe.laptop (8.14.2/8.14.2/Submit) id m32HitHd002757; Wed, 2 Apr 2008 20:44:55 +0300 (EEST) (envelope-from keramida@ceid.upatras.gr) From: Giorgos Keramidas To: Wojciech Puchar References: <20080402112947.E2278@wojtek.tensor.gdynia.pl> Date: Wed, 02 Apr 2008 20:44:55 +0300 In-Reply-To: <20080402112947.E2278@wojtek.tensor.gdynia.pl> (Wojciech Puchar's message of "Wed, 2 Apr 2008 11:30:44 +0200 (CEST)") Message-ID: <87iqz0kv6w.fsf@kobe.laptop> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/23.0.60 (berkeley-unix) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-MailScanner-ID: m32Hj9dU015391 X-Hellug-MailScanner: Found to be clean X-Hellug-MailScanner-SpamCheck: not spam, SpamAssassin (not cached, score=-3.97, required 5, autolearn=not spam, ALL_TRUSTED -1.80, AWL 0.43, BAYES_00 -2.60) X-Hellug-MailScanner-From: keramida@ceid.upatras.gr X-Spam-Status: No Cc: freebsd@top-consulting.net, freebsd-questions@freebsd.org, Ted Mittelstaedt Subject: Re: FreeBSD Traffic Shaping X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 02 Apr 2008 17:49:23 -0000 On Wed, 2 Apr 2008 11:30:44 +0200 (CEST), Wojciech Puchar wrote: >> The vast majority of people out there have asymmetrical bandwidth >> limiting needs - that is, they have a pipe to the Internet and have a >> lot more data coming from the Internet to them, than data going from >> them to the Internet. Their desire is to somehow make it so that >> certain kinds of incoming data meeting certain criteria are limited. >> Their problem is that since they don't have control of the end >> sending the data to them, they can't do this. > > but you ROUGHLY can do this with ipfw. > by limiting at your end - the other end will slow down. Unless the sending endpoint just ignores your limited incoming pipe characteristics and keeps flooding you with DNS or ICMP requests, until you scream for help. > but of course in case of say ping flood or similar things you can't Bingo. That's precisely one of the things Ted meant, when he wrote that `it cannot be done properly, unless you have dedicated T1 circuits whose endpoints *are* under your control' :-)