I'm looking for some suggestions on limiting network throughput on a per-client-host basis from a server host. Essentially, I have one large host running various TCP-based services such as FTP proxy (Delegate), HTTP proxy (Squid) and an NNTP (DNews) server, and I need to limit the total bandwidth used by individual arbitrary client machines which will be connecting to this server. Put another way, any particular client machine (with a unique IP address) should not be allowed to exceed xx kbps from the server once all its open TCP sessions are added together. I'm not concerned about the datarate from the client TO the server. I'm only concerned about TCP at this stage. I'm thinking along the lines of having one of the several shaping or QoS facilities available in place, and running a script that monitors the list of clients currently connected (by looking at the currently open sockets, for e.g.) and manipulating the rules controlling the shaping facility in use accordingly on a continuing basis. Current bandwidth-control options I'm aware of are: (1) Kernel 2.2.x QoS (2) Kernel 2.2.x traffic shaping (3) vtun (4) ET Inc's b/w manager (5) application-level control (3) was ruled out early on because of it's obvious tunneled nature - not suitable for limiting individual client hosts on the network. (2) is controlled via local interfaces, so I'd need a virtual interface for each currently-connected client. I'm only starting to look into (1) - documentation seems scarce and QoS techniques and teminology is a very unknown field to me. (4) seems like a reasonable idea though I wouldn't mind the flexibility of using something free. The fact that it requires 2.2.x isn't a problem for me. (5) doesn't appear to be an option since I don't know of standard control systems supported by all of the server applications involved, especially something which will co-operate between the different server programs as required. Any suggestions very much welcomed. Regards ------------------------------------------------------------------------- Louis Mandelstam # man 8 consulting email: [EMAIL PROTECTED] System administration contracting Mobile: +27-83-289-0310 'whois LM497' for current contact info ---------------------[ Penguin Cloning Specialist ]---------------------- - To unsubscribe from this list: send the line "unsubscribe linux-net" in the body of a message to [EMAIL PROTECTED]
