using iptables to speed limit connections

Linux Netfilter discussions
 help / color / mirror / Atom feed

* using iptables to speed limit connections
@ 2011-10-26 11:28 J Webster
  2011-10-26 13:20 ` Jon Lewis
  0 siblings, 1 reply; 4+ messages in thread
From: J Webster @ 2011-10-26 11:28 UTC (permalink / raw)
  To: netfilter

Is there any easy way to speed limit connections on a VPN to 2 Mbps?
My server is 100Mbps but I have connections on a VPN of 10.8.0.0. so 
need to limit the outbound connection from 10.8.0.0 to 2 Mbps.
I tried reading the stuff on leaf but the tutorial doesn't seem very 
straightforward and there is not much information on this on the net.

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: using iptables to speed limit connections
  2011-10-26 11:28 using iptables to speed limit connections J Webster
@ 2011-10-26 13:20 ` Jon Lewis
  2011-10-26 13:44   ` J Webster
  0 siblings, 1 reply; 4+ messages in thread
From: Jon Lewis @ 2011-10-26 13:20 UTC (permalink / raw)
  To: J Webster; +Cc: netfilter

On Wed, 26 Oct 2011, J Webster wrote:

> Is there any easy way to speed limit connections on a VPN to 2 Mbps?
> My server is 100Mbps but I have connections on a VPN of 10.8.0.0. so need to 
> limit the outbound connection from 10.8.0.0 to 2 Mbps.
> I tried reading the stuff on leaf but the tutorial doesn't seem very 
> straightforward and there is not much information on this on the net.

You probably should have a look at http://lartc.org/howto/lartc.qdisc.html

----------------------------------------------------------------------
  Jon Lewis, MCP :)           |  I route
  Senior Network Engineer     |  therefore you are
  Atlantic Net                |
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: using iptables to speed limit connections
  2011-10-26 13:20 ` Jon Lewis
@ 2011-10-26 13:44   ` J Webster
  2011-10-26 15:58     ` Andrew Beverley
  0 siblings, 1 reply; 4+ messages in thread
From: J Webster @ 2011-10-26 13:44 UTC (permalink / raw)
  To: Jon Lewis, netfilter

The problem is not so much limiting the overall connection but limiting 
the connection of each individual vpn user to 2Mbps.
So, there is 100Mbps to share between 10 users, they should each get 2, 
giving a use of 20Mbps.
Also, I wasn't sure from those pages whether this should be applied to 
each IP on the VPN network 10.8.0.0/24 or every IP with outgoing packets 
but that would then limit the server to 2 Mbps.

On 26/10/2011 14:20, Jon Lewis wrote:
> On Wed, 26 Oct 2011, J Webster wrote:
>
>> Is there any easy way to speed limit connections on a VPN to 2 Mbps?
>> My server is 100Mbps but I have connections on a VPN of 10.8.0.0. so 
>> need to limit the outbound connection from 10.8.0.0 to 2 Mbps.
>> I tried reading the stuff on leaf but the tutorial doesn't seem very 
>> straightforward and there is not much information on this on the net.
>
> You probably should have a look at 
> http://lartc.org/howto/lartc.qdisc.html
>
> ----------------------------------------------------------------------
>  Jon Lewis, MCP :)           |  I route
>  Senior Network Engineer     |  therefore you are
>  Atlantic Net                |
> _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: using iptables to speed limit connections
  2011-10-26 13:44   ` J Webster
@ 2011-10-26 15:58     ` Andrew Beverley
  0 siblings, 0 replies; 4+ messages in thread
From: Andrew Beverley @ 2011-10-26 15:58 UTC (permalink / raw)
  To: J Webster; +Cc: Jon Lewis, netfilter

On Wed, 2011-10-26 at 14:44 +0100, J Webster wrote:
> On 26/10/2011 14:20, Jon Lewis wrote:
> > On Wed, 26 Oct 2011, J Webster wrote:
> >
> >> Is there any easy way to speed limit connections on a VPN to 2 Mbps?

Not really any easy way that I am aware of...

> >> My server is 100Mbps but I have connections on a VPN of 10.8.0.0. so 
> >> need to limit the outbound connection from 10.8.0.0 to 2 Mbps.
> >> I tried reading the stuff on leaf but the tutorial doesn't seem very 
> >> straightforward and there is not much information on this on the net.

Agreed.

> >
> > You probably should have a look at 
> > http://lartc.org/howto/lartc.qdisc.html

<Top posting fixed>

> The problem is not so much limiting the overall connection but limiting 
> the connection of each individual vpn user to 2Mbps.
> So, there is 100Mbps to share between 10 users, they should each get 2, 
> giving a use of 20Mbps.

In which case you'll need a classful qdisc. HTB is probably a good place
to start. You'll need a leaf class for each user, and you'll need to add
a filter for each one, probably by IP address from what you've already
said (or you can do using a netfilter mark using flowid)

> Also, I wasn't sure from those pages whether this should be applied to 
> each IP on the VPN network 10.8.0.0/24 or every IP with outgoing packets 
> but that would then limit the server to 2 Mbps.

If I'm reading correctly, I suggest you'll need one HTB qdisc on your
outbound interface, with a leaf class for each IP on the VPN network.

I've found these pages very helpful:

http://www.opalsoft.net/qos/DS.htm

See how you get on, and if you need more help then please shout.

Andy



^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2011-10-26 15:58 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2011-10-26 11:28 using iptables to speed limit connections J Webster
2011-10-26 13:20 ` Jon Lewis
2011-10-26 13:44   ` J Webster
2011-10-26 15:58     ` Andrew Beverley

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox