Doubt in linux quota management

Doubt in linux quota management

[Arunsundar]

Hi All,

I am new to Traffic control module.
I have a requirement to do Quota management on Ingress and Egress 
traffic based on 5 tuple information.

For example, if 100MB is allocated for a flow/connection in both 
direction, then I have to count Ingress and Egress traffic packets for 
that connection and if it exceeds 100MB then i have to take certain action.

As per my understanding, with TC module we can calculate on Ingress and 
Egress separately. Is there any other way or any other module, where we 
can do quota management effectively in linux.

Thanks in advance.

-- 
Regards,
Arunsundar.

AW: Doubt in linux quota management

[Stefan Bauer]

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #1: Type: text/plain; charset="utf-8-sig", Size: 1046 bytes --]

Just my 5 cent:

i would use the quota module with iptables.

# iptables -A INPUT -p tcp --dport 80 -m quota --quota 52428800 -j ACCEPT 
# iptables -A INPUT -p tcp --dport 80 -j DROP 
# iptables --list 
Chain INPUT (policy ACCEPT) 
target     prot opt source               destination          
ACCEPT     tcp  --  anywhere             anywhere           tcp dpt:http <dpt:http> quota: 52428800 bytes 
DROP       tcp  --  anywhere             anywhere           tcp dpt:http <dpt:http>

Source: http://www.netfilter.org/documentation/HOWTO/de/netfilter-extensions-HOWTO-3.html

Additonally i would monitor the rules with some monitoring systems like zabbix. You can trigger a script with zabbix if a special event occurs.
Furthermore you could also just monitor the counters in iptables with a plain iptables rule without any quota support.

Stefan
--
To unsubscribe from this list: send the line "unsubscribe lartc" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html