Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 3 Jan 2013 09:29:37 +0100
From:      Luigi Rizzo <rizzo@iet.unipi.it>
To:        Sami Halabi <sodynet1@gmail.com>
Cc:        freebsd-ipfw <freebsd-ipfw@freebsd.org>
Subject:   Re: Limit Session Bandwidth
Message-ID:  <20130103082937.GB54360@onelab2.iet.unipi.it>
In-Reply-To: <CAEW%2BogbGVYLiuPesyR5qTcjhMVFvbzU-yYX8CRbJ_Hs3C6RpMQ@mail.gmail.com>
References:  <CAEW%2BogbGVYLiuPesyR5qTcjhMVFvbzU-yYX8CRbJ_Hs3C6RpMQ@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Thu, Jan 03, 2013 at 09:19:05AM +0200, Sami Halabi wrote:
> Hi,
> I wan t to configure bandwidth limits in the folowing scenario:
> limit a specific IP to ,say 10MB, but also limit each Session to, say 1MB.
> 
> so max concurrent sessions of that same IP can with full bandwidth would be
> 10, each 1MB, this however doesn't limit the whole number of sessions, so
> there can be 20 sessions of 0.5MB.
> 
> I didn't see option like that in the man pages, any ideas?

you can do this with a first per-flow pipe that limits
the individual bandwidth, and then passing the traffic
to a scheduler (or another pipe) with an aggregate
limit of 10Mbit/s

Something like this

	# reinject packets into firewall after they come out from a pipe
	sysctl net.inet.ip.fw.one_pass=0

	# configure the pipe that applies the 1 Mbit/s cap to each flow
	ipfw pipe 123 config bw 1Mbit/s mask all

	# configure the second pipe with the global cap
	ipfw pipe 456 config bw 10Mbit/s

	# configure a scheduler that drives the second pipe
	ipfw sched 789 config mask all pipe 123

	# pass outgoing packets to the first pipe
	ipfw add 100 pipe 123 out

	# and then to the scheduler
	ipfw add 110 queue 789 out

	# and then accept
	ipfw add 120 allow ip from any to any

#
#              pipe 123              scheduler
#             +---------+            +-------+
#         --->|         +----------->|       |
#             +---------+            |       |  pipe 456
#              one per flow          |       |+---------+
#                . .  .              |       ||         |+----->
#                                    |       |+---------+
#             +---------+            |       |
#         --->|         +----------->|       |
#             +---------+            +-------+

cheers
luigi

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20130103082937.GB54360>