Limit Session Bandwidth
Luigi Rizzo
rizzo at iet.unipi.it
Thu Jan 3 08:30:34 UTC 2013
On Thu, Jan 03, 2013 at 09:19:05AM +0200, Sami Halabi wrote:
> Hi,
> I wan t to configure bandwidth limits in the folowing scenario:
> limit a specific IP to ,say 10MB, but also limit each Session to, say 1MB.
>
> so max concurrent sessions of that same IP can with full bandwidth would be
> 10, each 1MB, this however doesn't limit the whole number of sessions, so
> there can be 20 sessions of 0.5MB.
>
> I didn't see option like that in the man pages, any ideas?
you can do this with a first per-flow pipe that limits
the individual bandwidth, and then passing the traffic
to a scheduler (or another pipe) with an aggregate
limit of 10Mbit/s
Something like this
# reinject packets into firewall after they come out from a pipe
sysctl net.inet.ip.fw.one_pass=0
# configure the pipe that applies the 1 Mbit/s cap to each flow
ipfw pipe 123 config bw 1Mbit/s mask all
# configure the second pipe with the global cap
ipfw pipe 456 config bw 10Mbit/s
# configure a scheduler that drives the second pipe
ipfw sched 789 config mask all pipe 123
# pass outgoing packets to the first pipe
ipfw add 100 pipe 123 out
# and then to the scheduler
ipfw add 110 queue 789 out
# and then accept
ipfw add 120 allow ip from any to any
#
# pipe 123 scheduler
# +---------+ +-------+
# --->| +----------->| |
# +---------+ | | pipe 456
# one per flow | |+---------+
# . . . | || |+----->
# | |+---------+
# +---------+ | |
# --->| +----------->| |
# +---------+ +-------+
cheers
luigi
More information about the freebsd-ipfw
mailing list