Date: Thu, 3 Jan 2013 09:29:37 +0100 From: Luigi Rizzo <rizzo@iet.unipi.it> To: Sami Halabi <sodynet1@gmail.com> Cc: freebsd-ipfw <freebsd-ipfw@freebsd.org> Subject: Re: Limit Session Bandwidth Message-ID: <20130103082937.GB54360@onelab2.iet.unipi.it> In-Reply-To: <CAEW%2BogbGVYLiuPesyR5qTcjhMVFvbzU-yYX8CRbJ_Hs3C6RpMQ@mail.gmail.com> References: <CAEW%2BogbGVYLiuPesyR5qTcjhMVFvbzU-yYX8CRbJ_Hs3C6RpMQ@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Jan 03, 2013 at 09:19:05AM +0200, Sami Halabi wrote: > Hi, > I wan t to configure bandwidth limits in the folowing scenario: > limit a specific IP to ,say 10MB, but also limit each Session to, say 1MB. > > so max concurrent sessions of that same IP can with full bandwidth would be > 10, each 1MB, this however doesn't limit the whole number of sessions, so > there can be 20 sessions of 0.5MB. > > I didn't see option like that in the man pages, any ideas? you can do this with a first per-flow pipe that limits the individual bandwidth, and then passing the traffic to a scheduler (or another pipe) with an aggregate limit of 10Mbit/s Something like this # reinject packets into firewall after they come out from a pipe sysctl net.inet.ip.fw.one_pass=0 # configure the pipe that applies the 1 Mbit/s cap to each flow ipfw pipe 123 config bw 1Mbit/s mask all # configure the second pipe with the global cap ipfw pipe 456 config bw 10Mbit/s # configure a scheduler that drives the second pipe ipfw sched 789 config mask all pipe 123 # pass outgoing packets to the first pipe ipfw add 100 pipe 123 out # and then to the scheduler ipfw add 110 queue 789 out # and then accept ipfw add 120 allow ip from any to any # # pipe 123 scheduler # +---------+ +-------+ # --->| +----------->| | # +---------+ | | pipe 456 # one per flow | |+---------+ # . . . | || |+-----> # | |+---------+ # +---------+ | | # --->| +----------->| | # +---------+ +-------+ cheers luigi
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20130103082937.GB54360>