Dear Simon I believe that in the first place we may need to understand the implementation on the TCP session. TCP framework is built in such a way so as the various applications developed (SMTP, POP, and HTTP) can use the features u r talking about essentially session, connection. They are very much controlled by the low level system programs (kernel/modules) and eventually highly complicated to bring to the command level interface like Tc. All in all, I believe that it may not be easy to control those parameters from a command line interpreter like TC unless we all share a big design but it would be great! Isn't it? Thanks & Regards Krishna Guda Message: 9 Date: Fri, 10 Sep 2004 11:57:41 +1200 To: lartc@xxxxxxxxxxxxxxx From: Simon Byrnand <simon@xxxxxxxxxxx> Subject: Limiting speed of individual TCP sessions ? Hi All, Does anyone know of a way to limit the speed of *individual* TCP sessions, but without placing any overall bandwidth limits, and without requiring an explicit QoS entry for every ip address the machine is communicating with ? The scenario is a mailserver - say you want to limit individual TCP sessions (pop3, smtp etc) to no more than 512Kbit so that an individual session can't hog your bandwidth, but you don't want to place a maximum limit on the TOTAL traffic. Also it's impossible to set up normal per-ip address QoS classes, because there are potentially an almost infinite number of possible ip addresses that might try to connect to the server. Any ideas ? Regards, Simon --__--__-- Message: 10 From: Andreas Klauer <Andreas.Klauer@xxxxxxxxxxxxxx> To: lartc@xxxxxxxxxxxxxxx Subject: Re: Limiting speed of individual TCP sessions ? Date: Fri, 10 Sep 2004 02:34:06 +0200 On Friday 10 September 2004 01:57, Simon Byrnand wrote: > The scenario is a mailserver - say you want to limit individual TCP > sessions (pop3, smtp etc) to no more than 512Kbit so that an individual > session can't hog your bandwidth, but you don't want to place a maximum > limit on the TOTAL traffic. It's not quite clear to me what you want to do. Either you don't want to limit bandwidth and just make sure that one connection cannot choke the other - I'd use SFQ or similar for that, some kind of scheduler that makes sure that every connection gets it's turn. Or you want to limit traffic one way or another, then you have to put it into a traffic limiting QoS class. All connections together, of course. How to impose a bandwidth limit on a PER CONNECTION basis is quite a frequently asked question on this list, and I don't remember seeing any good answer for that one yet. But I don't even think that it's a good approach of shaping at all. You'd have to add another class for each connection, and no one can guarantee that summed together, these connections don't exceed the total bandwidth of your line. As long as you can open as many connections as you like, you can torpedize such a shaping setup easily. Especially if you don't know your users... users are intelligent and evil. As soon as they notice that some types of connections get better bandwidth than others, they'll start tunneling their data transfers... Andreas _______________________________________________ LARTC mailing list / LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
