Hey,

I have a linux router. I want to throttle the amount of bandwidth sent from the external interface to the internal interface for specific hosts that are hogging bandwidth. However I'd like to identify these hosts dynamically instead of entering them in manually.

For example -- I'd like to use iptables to set a mark on local hosts that have exceeded a certain KB/s rate, and then have tc apply the filter to those specific hosts only (so that packets to this local host would be dropped over a certain rate, say 350Kbps). Then the mark would expire after a certain amount of time, etc.

I would think that this is a rather common thing, but I can't find any good examples. Can someone point me in the right direction?

Thanks!

It's anything but the common thing. This is holly grail for any ISP Administrator. Very complicated as far as I know.

I've done this in the past but, I had to statically add the ip addresses of those users I want to throtle.

Statically yes, but for dynamical bandwidth control, and/or dynamic control based on control of the number of packets (p2p uses large number of very small packets witch is all a large problem for ISP) you need expensive software.

You can not achieve this using tc and/or iptables. The marking and limiting yes, but the rest is out of bounds.
You need to listen to the traffic whit a script or any other software, when it exceeds, mark the IP with iptables, limit it with tc, and then you can have a bash script running from crontab, to remove the IP from the iptables mark and remove that from tc.

But I don't understand what would you gain with dynamic adding of limitations. Everytime the user will exceed his limit, you'll run tc and limit him. So where is the point?