limit network bandwith for an ip
Solution 1
after some days i do it
i use it for openvpn over freeradius
tc qdisc del dev br0 root
tc qdisc add dev br0 root handle 1: htb
tc class add dev br0 parent 1: classid 1:1 htb rate "LineBandwidth"kbit
tc class add dev br0 parent 1:1 classid 1:10 htb rate "MinUserBand"kbit ceil "MaxUserBand"kbit prio 2 #----- bandwidth and classid
tc filter add dev br0 parent 1:0 prio 2 protocol ip handle 10 fw flowid 1:10 #----- MarkID1 and classId
iptables -t mangle -A POSTROUTING -d "RealUserIP" -j MARK --set-mark 10 #----- RealIP and markID1
tc qdisc add dev br0 ingress
tc filter add dev br0 parent ffff: protocol ip handle 50 fw police rate "MinUserBand"kbit mtu 12k burst 10k drop #----- BandWidth and MarkID2
iptables -t mangle -A PREROUTING -s "RealUserIP" -j MARK --set-mark 50 #----- RealIP and MarkID2
Solution 2
In order to limit bandwidth of individual IP addresses, I have been TC with HTB. Here are some useful links:
- Homepage: http://luxik.cdi.cz/~devik/qos/htb/
- User Guide: http://luxik.cdi.cz/~devik/qos/htb/manual/userg.htm
- tcng is a relatively easy way to describe traffic control structures: http://www.faqs.org/docs/Linux-HOWTO/Traffic-Control-tcng-HTB-HOWTO.html
As a simple example, in order to limit bandwidth of individual IP addresses stored in CLIENT_IP shell variable, with limitations like the following:
- device name = eth0
- total bandwidth available/allowed for the device = 1000kbps up to 1500kbps
- default bandwidth (for clients that do not fall into our filters) = 1kbps up to 2kbps
- bandwidth of CLIENT_IP = 100kbps
- Maximum bandwidth of CLIENT_IP (if there is more bandwidth available) = 200kbps
Commands below would suffice:
tc qdisc add dev eth0 root handle 1: htb default 10
tc class add dev eth0 parent 1: classid 1:1 htb rate 1000kbps ceil 1500kbps
tc class add dev eth0 parent 1:1 classid 1:10 htb rate 1kbps ceil 2kbps
tc class add dev eth0 parent 1:1 classid 1:11 htb rate 100kbps ceil 200kbps
tc filter add dev eth0 protocol ip parent 1:0 prio 1 u32 match ip src ${CLIENT_IP} flowid 1:11
Solution 3
Semi-related to your question, limiting a client's bandwidth is not likely the best solution, as it has to be on a client-by-client basis. You may want to specify the maximum amount of bandwidth that any single client can consume, rather than specify by ip address.
Your best bet is going to be QoS, and specifying different priorities for services by type of traffic.
As far as I know, you can't use tc-tbf for a specific IP address.
If you're simply trying to improve performance, look at this article.
http://lists.debian.org/debian-firewall/2005/07/msg00088.html
Related videos on Youtube
Dipesh Rana
Updated on September 17, 2022Comments
-
Dipesh Rana over 1 year
for a traffic management app i should limit bandwidth for clients ip addresses that for each ip there are different limit
how can use tc-tbf for specific ip address
or is any other solution?
-
Balachander Ganesan almost 6 yearsThe most simple way of doing it is: tldp.org/HOWTO/Adv-Routing-HOWTO/lartc.ratelimit.single.html
-
-
mivk about 8 yearsThat's for limiting connection attempts. The question is about limiting the bandwidth, so this article is irrelevant here.