| View previous topic :: View next topic |
| Author |
Message |
chovy
Guru
Joined: 03 Dec 2004
Posts: 453
|
 Posted: Sun Jun 05, 2005 5:28 am Post subject: Bandwidth limiting? |
 |
|
I have a chance to put a colo gentoo 3U rack server in a hosting provider for $50/month. But he says anything over 512kb/sec will incur charges.
So, how can I ensure that my bandwidht doesn't go over that rate? Possibly capping it at 450bps or so.
I use about 50gb/month with my current hosting provider, I'm at a loss as to how to translate that to how many kpbs i use.
Anyway, I want to stop serving requests if I get any slashdot effects from sites.
Suggestions are welcome!
_________________
Woof, Woof! Add "[solved]" to the title! Woof, Woof! |
|
| Back to top |
|
 |
jpjacobs
n00b
Joined: 02 Nov 2004
Posts: 10
|
| Posted: Sun Jun 05, 2005 8:36 am Post subject: |
|
|
| in kernel config you have some option 'traffic shaper' , maybe that's what you're llooking for (never used it though) |
|
| Back to top |
|
|
bigfunkymo
Apprentice
Joined: 23 Jan 2004
Posts: 237
|
| Posted: Sun Jun 05, 2005 11:51 am Post subject: |
|
|
This is the script I use on my home cable internet (4Mbit down / 384 Kbit up) and I fire it off from /etc/conf.d/local.start. Been using it a long long time. If it isn't the WonderShaper script, it's heavily based on it 
| Code: | # Start of traffic shaper
#!/bin/bash
# The Ultimate Setup For Your Internet Connection At Home
#
#
# Set the following values to somewhat less than your actual download
# and uplink speed. In kilobits
DOWNLINK=3000
UPLINK=350
DEV=eth0
# clean existing down- and uplink qdiscs, hide errors
tc qdisc del dev $DEV root 2> /dev/null > /dev/null
tc qdisc del dev $DEV ingress 2> /dev/null > /dev/null
###### uplink
# install root HTB, point default traffic to 1:20:
tc qdisc add dev $DEV root handle 1: htb default 20
# shape everything at $UPLINK speed - this prevents huge queues in your
# DSL modem which destroy latency:
tc class add dev $DEV parent 1: classid 1:1 htb rate ${UPLINK}kbit burst 6k
# high prio class 1:10:
tc class add dev $DEV parent 1:1 classid 1:10 htb rate ${UPLINK}kbit \
burst 6k prio 1
# bulk & default class 1:20 - gets slightly less traffic,
# and a lower priority:
tc class add dev $DEV parent 1:1 classid 1:20 htb rate $[9*$UPLINK/10]kbit \
burst 6k prio 2
# both get Stochastic Fairness:
tc qdisc add dev $DEV parent 1:10 handle 10: sfq perturb 10
tc qdisc add dev $DEV parent 1:20 handle 20: sfq perturb 10
# TOS Minimum Delay (ssh, NOT scp) in 1:10:
tc filter add dev $DEV parent 1:0 protocol ip prio 10 u32 \
match ip tos 0x10 0xff flowid 1:10 \
# ICMP (ip protocol 1) in the interactive class 1:10 so we
# can do measurements & impress our friends:
tc filter add dev $DEV parent 1:0 protocol ip prio 10 u32 \
match ip protocol 1 0xff flowid 1:10
# To speed up downloads while an upload is going on, put ACK packets in
# the interactive class:
tc filter add dev $DEV parent 1: protocol ip prio 10 u32 \
match ip protocol 6 0xff \
match u8 0x05 0x0f at 0 \
match u16 0x0000 0xffc0 at 2 \
match u8 0x10 0xff at 33 \
flowid 1:10
# rest is 'non-interactive' ie 'bulk' and ends up in 1:20
########## downlink #############
# slow downloads down to somewhat less than the real speed to prevent
# queuing at our ISP. Tune to see how high you can set it.
# ISPs tend to have *huge* queues to make sure big downloads are fast
#
# attach ingress policer:
tc qdisc add dev $DEV handle ffff: ingress
# filter *everything* to it (0.0.0.0/0), drop everything that's
# coming in too fast:
tc filter add dev $DEV parent ffff: protocol ip prio 50 u32 \
match ip src 0.0.0.0/0 police rate ${DOWNLINK}kbit burst 10k drop flowid :1 |
It limits both the upstream and downstream bandwidth. A problem you may encounter is it doesn't TRULY limit the downstream bandwidth, it just drops packets that come in faster than a set rate. Assuming that everyone connecting to your server is using proper TCP/IP software, senders will self adjust to a lower rate. You may still find yourself being charged for bandwidth, but this should help mitigate that some.
Another great feature of this script is you can give certain traffic higher priority (like interactive traffic such as SSH). You can use packet mangling to set the differentiated services flag to 16 with iptables and this script does the rest. Shorewall makes this really exceedingly easy, just edit /etc/shorewall/tos. If you're already using Shorewall, you'll probably want to take the ssh lines out of /etc/shorewall/tos. Ssh already sets this flag for interactive traffic and turns it off for scp file transfers. You probably don't want your scp traffic getting higher priority just because it uses the same port as ssh.
I use this /etc/shorewall/tos on my home router to help speed up my games and VoIP traffic when my roommates are downloading stuff or doing bittorrent. I have the same file (minus the Guildwars and CoH lines) on my VoIP server. Technically, my home router only needs the teamspeak/ventrilo lines with the destination port and my voip server only needs the source port lines... but I digress, it was easier this way. Setting the game traffic's flag on the downstream wouldn't do any good because my internal interfaces are not policed for QoS--it is just unnecessary with less than 10 computers on 100mbit ethernet. Although, a thought just occurred to me: That may actually increase my performance on a wireless network to do so. Thats a really good idea now that I think about it. I think I'll add the lines for traffic from that port and then add another shaper script (with appropriate speed settings, of course) for my internal interfaces!
Anyway... heres my /etc/shorewall/tos file. Notice I removed the default ssh lines. | Code: | #SOURCE DEST PROTOCOL SOURCE PORTS DEST PORTS TOS
# Teamspeak
all all udp 8767 - 16
all all udp - 8767 16
# Ventrilo
all all tcp 3784 - 16
all all tcp - 3784 16
# GuildWars
all all tcp - 6112 16
# City of Heroes
all all udp - 7011 16
# FTP control
all all tcp - ftp 16
all all tcp ftp - 16
# FTP Data
all all tcp ftp-data - 8
all all tcp - ftp-data 8
#LAST LINE -- Add your entries above -- DO NOT REMOVE |
It really is this code here that makes all the work I put into my homebuilt router worth the hassle. My router is my pride and joy ^_^
Hope this helps out.
Erik
_________________
[No package... Grabbing a set.] |
|
| Back to top |
|
|
bigfunkymo
Apprentice
Joined: 23 Jan 2004
Posts: 237
|
| Posted: Sun Jun 05, 2005 12:39 pm Post subject: |
|
|
[full of BS I am in the early morning]
_________________
[No package... Grabbing a set.] |
|
| Back to top |
|
|
chovy
Guru
Joined: 03 Dec 2004
Posts: 453
|
| Posted: Mon Jun 06, 2005 6:38 am Post subject: |
|
|
Thanks, i will definitely look into traffic shaper when the time comes. So it sounds like I should put a firewall on the server too.
_________________
Woof, Woof! Add "[solved]" to the title! Woof, Woof! |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Networking & Security
