From owner-freebsd-questions@FreeBSD.ORG  Tue Mar 16 14:40:38 2010
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 6C0FA106566B
	for <freebsd-questions@freebsd.org>;
	Tue, 16 Mar 2010 14:40:38 +0000 (UTC)
	(envelope-from freebsd-questions-local@be-well.ilk.org)
Received: from mail1.sea5.speakeasy.net (mail1.sea5.speakeasy.net
	[69.17.117.3]) by mx1.freebsd.org (Postfix) with ESMTP id 4515E8FC13
	for <freebsd-questions@freebsd.org>;
	Tue, 16 Mar 2010 14:40:37 +0000 (UTC)
Received: (qmail 22846 invoked from network); 16 Mar 2010 14:40:37 -0000
Received: from dsl092-078-145.bos1.dsl.speakeasy.net (HELO be-well.ilk.org)
	([66.92.78.145])
	(envelope-sender <freebsd-questions-local@be-well.ilk.org>)
	by mail1.sea5.speakeasy.net (qmail-ldap-1.03) with SMTP
	for <freebsd-questions@freebsd.org>; 16 Mar 2010 14:40:37 -0000
Received: by be-well.ilk.org (Postfix, from userid 1147)
	id A5F2C50889; Tue, 16 Mar 2010 10:40:35 -0400 (EDT)
From: Lowell Gilbert <freebsd-questions-local@be-well.ilk.org>
To: FreeBSD <freebsd-questions@freebsd.org>, Tsu-Fan Cheng <tfcheng@gmail.com>
References: <f84c38581003131244p215e5dbci35705b0087c5f466@mail.gmail.com>
	<44634xpv38.fsf@be-well.ilk.org>
	<d36406631003160213s639b4942w84fbb1fab6bedbd3@mail.gmail.com>
Date: Tue, 16 Mar 2010 10:40:35 -0400
In-Reply-To: <d36406631003160213s639b4942w84fbb1fab6bedbd3@mail.gmail.com>
	(krad's message of "Tue, 16 Mar 2010 09:13:47 +0000")
Message-ID: <448w9s49ek.fsf@be-well.ilk.org>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/23.1 (berkeley-unix)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Cc: 
Subject: Re: limit bandwidth on sftp
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: FreeBSD <freebsd-questions@freebsd.org>
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 16 Mar 2010 14:40:38 -0000

krad <kraduk@googlemail.com> writes:

> On 15 March 2010 13:34, Lowell Gilbert <
> freebsd-questions-local@be-well.ilk.org> wrote:
>
>> Tsu-Fan Cheng <tfcheng@gmail.com> writes:
>>
>> >    I need to limit my sftp session bandwidth to 20K, can someone show me
>> how
>> > to do it? thank you!
>>
>> There's no simple way to do that.
>>
>> scp has such a capability, though; maybe using that is your easiest option?
>
> You could limit port 22 with pf, ipfw etc. This would slow all you ssh
> traffic rather than just sftp which may or may not work for you. If you are
> clever with your rule sets you could guarantee bw for certain hosts so they
> dont loose a functional ssh session and/or you could bw limit it by source
> ip, rather than a global limit for port 22.

Aside from having to configure it, the downside of this approach is that
it involves dropping some traffic and waiting for the retransmit, so it
will be less efficient than a bandwidth limit in the application
itself.  TCP's dynamic window resizing (especially with Selective
ACKnowledgements) should keep the firewall from having to drop too many
packets, but changing conditions on the network can keep that from
working as well as you'd like.  If using this technique, make sure the
other side supports SACK, preferably for multiple segments.

-- 
Lowell Gilbert, embedded/networking software engineer, Boston area
		http://be-well.ilk.org/~lowell/