Switches, Hubs, and Modems
cancel
Showing results for 
Search instead for 
Did you mean: 

Bandwidth Limitation

Ali VARGONEN
Advisor

Bandwidth Limitation

Does any of you use HP switches (ethernet) to control and limit the usage of an IP address or a Switch Port.

Lile 1024 kbit, or 512kbit dedicated ports for the servers, limited on the switch.
Digital World
1 REPLY
Karsten Breivik_1
Frequent Advisor

Re: Bandwidth Limitation

The terms you may be looking for are "traffic control", "packet mangling", etc.

However, I guess trying to do traffic control on the switches would limit your traffic control to IP layer 2 which in my opinion may only have limited usability.

I suggest you have a look at tc, the linux alternative which apparantly was derived from the cisco way of packet filtering in the routers. It has been part of the kernel since 2.4 and let you control traffic based on IP, port number, etc. The home page is

http://lartc.org/

For a less involved and more to the point example, have a look at the examples at

http://www.knowplace.org/pages/howtos/traffic_shaping_with_linux/examples.php

For the theory, google for the principles of Hierarchical Token Bucket (HTB). This is very cool.

It is very easy to come by: Get an old PC, pop in two network cards. Install a linux firewall with kernel above 2.4 - IPCop from ipcop.org is a 50MB CD ISO and works fine. Access the command line and utilise the tc command. I tried the stuff and never looked back. Just for fun, I support some 20 users on a firewall running a PII 400 Mhz and the processor load averages at well less than 1%, sharing a 4MB line and every user pretty much feel like they have the line to themselves.

--------

If you get impressed and want to take it to the next level of really-really advanced, have a look at the even higher level filtering where the filter also looks beyond the ports and into the content of each packet, you may also be interested in the developments in L7 application layer filtering.

http://l7-filter.sourceforge.net/

This info is from the site: L7-filter is a classifier for Linux's Netfilter that identifies packets based on application layer data. It can classify packets as Kazaa, HTTP, Jabber, Citrix, Bittorrent, FTP, Gnucleus, eDonkey2000, etc., regardless of port. It complements existing classifiers that match on IP address, port numbers and so on.

Our intent is for l7-filter to be used in conjunction with Linux QoS to do bandwith arbitration ("packet shaping") or traffic accounting.

poi