LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Server (https://www.linuxquestions.org/questions/linux-server-73/)
-   -   Bandwidth limiting per user? (https://www.linuxquestions.org/questions/linux-server-73/bandwidth-limiting-per-user-828874/)

BigS 08-27-2010 02:21 PM
Bandwidth limiting per user?
 
Hi!
I'm glad I came on this forum!
I have a question the answer is very important to me.
So: On the VPS / Dedicated Server Linux wich 3 users created. How can I limit bandwidth each in a separate? For example first user speed 1 MB. 5 MB second and third 10 MB. Expect some clear answers. Regards, Silviu!

estabroo 08-27-2010 07:29 PM
one way would be to use iptables owner module to mark the packets and then use tc to do traffic shaping based on the firewall marking (example below using an htb, this occurs on the outgoing device)

iptables -t mangle -N HTB_OUT
iptables -t mangle -I POSTROUTING -j HTB_OUT
iptables -t mangle -A HTB_OUT -j MARK --set-mark 30
iptables -t mangle -A HTB_OUT -m owner --uid-owner uid1 -j MARK --set-mark 10
iptables -t mangle -A HTB_OUT -m owner --uid-owner uid2 -j MARK --set-mark 20

/sbin/tc qdisc replace dev eth0 root handle 1: htb default 30
/sbin/tc class replace dev eth0 parent 1: classid 1:1 htb rate 10Mbit burst 5k
/sbin/tc class replace dev eth0 parent 1:1 classid 1:10 htb rate 10Mbit ceil 10Mbit burst 5k
/sbin/tc class replace dev eth0 parent 1:1 classid 1:20 htb rate 5Mbit ceil 5Mbit burst 5k
/sbin/tc class replace dev eth0 parent 1:1 classid 1:30 htb rate 1Mbit ceil 1Mbit burst 5k
/sbin/tc qdisc replace dev eth0 parent 1:10 handle 10: sfq perturb 10
/sbin/tc qdisc replace dev eth0 parent 1:20 handle 20: sfq perturb 10
/sbin/tc qdisc replace dev eth0 parent 1:30 handle 30: sfq perturb 10

/sbin/tc filter add dev eth0 parent 1:0 prio 0 protocol ip handle 10 fw flowid 1:10
/sbin/tc filter add dev eth0 parent 1:0 prio 0 protocol ip handle 20 fw flowid 1:20
/sbin/tc filter add dev eth0 parent 1:0 prio 0 protocol ip handle 30 fw flowid 1:30

BigS 08-28-2010 07:20 AM
Can you explain a bit better? More specifically, it's about what the user wanted to do here: http://www.linuxquestions.org/questi...x-user-744365/

estabroo 08-28-2010 09:07 AM
What exactly do you want to know?

HTB is a traffic shaper in tc that lets you assign bandwidth in classes, I like it in general because it allows you to set up classes that use a small amount but can go larger if other classes aren't using there bandwidth, but get scaled back if it isn't available. In your case you seem to be looking to just cap them.

The htb I outlined above has 3 classes a 10Mbit class, 5Mbit class and a 1Mbit class with no resource sharing (ceiling is the same as rate).

Things get sent to the various classes by the firewall marking
/sbin/tc filter add dev eth0 parent 1:0 prio 0 protocol ip handle 10 fw flowid 1:10

The iptable mangle rule is what is doing the actual marking based on user id
iptables -t mangle -A HTB_OUT -m owner --uid-owner uid1 -j MARK --set-mark 10

So anything sent by user with uid of uid1 will have their packets marked as 10, which tc will put into flowid 1:10 which has a 10Mbit capacity

BigS 08-29-2010 01:34 PM
It give me the error:
http://i36.tinypic.com/33u972g.png

Please, give me your messenger ID to talk.Thanks!

estabroo 08-30-2010 07:54 AM
Wow that is a bizarre error, I'd guess you need to re-install or install a newer iptables, cause I'm thinking yours doesn't have MARK or it was compiled against a different kernel's header files. Sorry no messenger ID.


All times are GMT -5. The time now is 02:16 AM.