[Pan-users] Bandwidth throttling recipe. [linux 2.4]

[Eric Ortega]

I was tired of PAN chewing up all of my available bandwidth whenever I
went on a downloading spree.  The quality-of-service aspects of the linux
kernel can be a wee intimidating though, and I never set aside the time
to slog through the 185 page HOWTO for these kinds of things until last
night.  It turns out it wasn't that bad at all.  It should be even less
bad with the following tips.



Here's a recipe for fellow PAN users and anyone else that wants to limit
the amount of traffic that comes _into_ their computer from a certain IP:


  recompile your 2.4 kernel and enable at least [1]:  
  
    (menuconfig)
    Networking Options-->
      QoS and/or fair queueing-->
        QoS and/or fair queueing
        Ingress Qdisc
        QoS support
        U32 classifier
        Traffic Policing


  Rebuild and started running your new kernel.
  
  Now make sure you have the 'iproute' package installed on your system.
  For Debian this can be handled with:

    apt-get install iproute



  As root, we will now do this:

    create a new incoming traffic filter
    tell that filter that we want to limit the rate from a given IP
      to a certain amount



  These are the commands for my machine which has incoming traffic on
  the first ethernet card and wants to have reduced download capability
  from news.easynews.com (140.99.99.130):

    tc qdisc add dev eth0 handle ffff: ingress

    tc filter add dev eth0 parent ffff: protocol ip prio 50 u32 match ip \
      src 140.99.99.130 police rate 300kbit burst 15k drop flowid :1


  To generalize:

    tc qdisc add dev YOUR_ETHERNET_CARD_DEVICE_NAME_HERE \
      handle ffff: ingress

    tc filter add dev YOUR_ETHERNET_BLAH_BLAH parent ffff: protocol \
      ip prio 50 u32 match ip src YOUR_NEWSSERVER_IP_HERE police rate \
      THE_MAX_SPEED_YOU_WANT burst 15k drop flowid :1

    tc filter add dev YOUR_ETHERNET_BLAH_BLAH parent ffff: protocol \
      ip prio 50 u32 match ip src ANOTHER_NEWSSERVER_IP_HERE police rate \
      THE_MAX_SPEED_YOU_WANT burst 15k drop flowid :1

   

So, that's it.  If you screw up and want to erase the record:

   tc qdisc del dev eth0 ingress



Here's what I have in my crontab:

  0 1 * * * /root/easynews_rate_limiting/limit_easynews_rate_nighttime
  0 5 * * * /root/easynews_rate_limiting/limit_easynews_rate_daytime


And those files are:

  limit_easynews_rate_nighttime:
  #!/bin/sh
  tc qdisc del dev eth0 ingress
  tc qdisc add dev eth0 handle ffff: ingress
  tc filter add dev eth0 parent ffff: protocol ip prio 50 u32 match ip src \
  140.99.99.130 police rate 700kbit burst 15k drop flowid :1

  limit_easynews_rate_daytime:
  #!/bin/sh
  tc qdisc del dev eth0 ingress
  tc qdisc add dev eth0 handle ffff: ingress
  tc filter add dev eth0 parent ffff: protocol ip prio 50 u32 match ip src \
  140.99.99.130 police rate 300kbit burst 15k drop flowid :1
 

So, from 1-5 in the morning I download at pretty much full speed as there 
are few users on my machines.  During the daylight hours I limit, though.





[1]  Now, these are the kernel options which I _know_ must be enabled.
     There are probably more, but I don't know which ones, exactly, need to
     be enabled.  The reason for this is that I went through and enabled
     a pile of things _before_ I got to these ones and I don't want to go 
     back and test the necessity of other options to get this to work.
   
     If it looks like QoS and/or traffic shaping and/or packet mangling,
     just enable it if you're having problems.