Limiting bandwidth per user (unknown IP)

Limiting bandwidth per user (unknown IP)

[Jérôme Féneau]

Hello LARTC community,

I have a project where I want to limit bandwidth per user connection. For
instance all users that will be connecting to my HTTP server will be
provided 256 Kbps.

I know how to do it from known IP addresses by marking and allocating each
IP to its own QoS class (actually they all have the same, ie 256 Kbps).
This involves to create a lot of lines (one by IP) in iptables and tc.

The tricky thing - from my point of view - is to be able to dynamically
allocate each user (you don't know his IP in advance) to his QoS class from
iptables and tc (reminder : all users must be allocated the same bandwidth).

I would sincerely appreciate your help on this.

Regards

Jérôme

Re: Limiting bandwidth per user (unknown IP)

[Yucong Sun]

What HTTP server you are using?  nginx support per-conenction
hashlimit pretty good.

On Sat, Nov 14, 2015 at 8:09 PM, Jérôme Féneau <feneau@gmail.com> wrote:
> Hello LARTC community,
>
> I have a project where I want to limit bandwidth per user connection. For
> instance all users that will be connecting to my HTTP server will be
> provided 256 Kbps.
>
> I know how to do it from known IP addresses by marking and allocating each
> IP to its own QoS class (actually they all have the same, ie 256 Kbps).
> This involves to create a lot of lines (one by IP) in iptables and tc.
>
> The tricky thing - from my point of view - is to be able to dynamically
> allocate each user (you don't know his IP in advance) to his QoS class from
> iptables and tc (reminder : all users must be allocated the same bandwidth).
>
> I would sincerely appreciate your help on this.
>
> Regards
>
> Jérôme
> --
> To unsubscribe from this list: send the line "unsubscribe lartc" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: Limiting bandwidth per user (unknown IP)

[Jérôme Féneau]

Hi Yucong,

HTTP server actually is not the first application that end-users
reach, but Varnish. And behind Varnish I have a NGINX web server.

Regards

Jérôme

2015-11-14 15:48 GMT+01:00 Yucong Sun <sunyucong@gmail.com>:
> What HTTP server you are using?  nginx support per-conenction hashlimit
> pretty good.
>
> On Sat, Nov 14, 2015 at 8:09 PM, Jérôme Féneau <feneau@gmail.com> wrote:
>>
>> Hello LARTC community,
>>
>> I have a project where I want to limit bandwidth per user connection. For
>> instance all users that will be connecting to my HTTP server will be
>> provided 256 Kbps.
>>
>> I know how to do it from known IP addresses by marking and allocating each
>> IP to its own QoS class (actually they all have the same, ie 256 Kbps).
>> This involves to create a lot of lines (one by IP) in iptables and tc.
>>
>> The tricky thing - from my point of view - is to be able to dynamically
>> allocate each user (you don't know his IP in advance) to his QoS class
>> from
>> iptables and tc (reminder : all users must be allocated the same
>> bandwidth).
>>
>> I would sincerely appreciate your help on this.
>>
>> Regards
>>
>> Jérôme
>> --
>> To unsubscribe from this list: send the line "unsubscribe lartc" in
>> the body of a message to majordomo@vger.kernel.org
>> More majordomo info at  http://vger.kernel.org/majordomo-info.html
>
>



-- 
Jérôme Féneau
06 67 31 46 07
Skypeid : jfeneau92

Re: Limiting bandwidth per user (unknown IP)

[Jérôme Féneau]

Hello LARTC community,

finally any idea how to implement traffic shhaping with netfilter and
tc with unknown IP addresses and the same class of traffic for all ?

Regards

Jérôme

2015-11-14 17:46 GMT+01:00 Jérôme Féneau <feneau@gmail.com>:
> Hi Yucong,
>
> HTTP server actually is not the first application that end-users
> reach, but Varnish. And behind Varnish I have a NGINX web server.
>
> Regards
>
> Jérôme
>
> 2015-11-14 15:48 GMT+01:00 Yucong Sun <sunyucong@gmail.com>:
>> What HTTP server you are using?  nginx support per-conenction hashlimit
>> pretty good.
>>
>> On Sat, Nov 14, 2015 at 8:09 PM, Jérôme Féneau <feneau@gmail.com> wrote:
>>>
>>> Hello LARTC community,
>>>
>>> I have a project where I want to limit bandwidth per user connection. For
>>> instance all users that will be connecting to my HTTP server will be
>>> provided 256 Kbps.
>>>
>>> I know how to do it from known IP addresses by marking and allocating each
>>> IP to its own QoS class (actually they all have the same, ie 256 Kbps).
>>> This involves to create a lot of lines (one by IP) in iptables and tc.
>>>
>>> The tricky thing - from my point of view - is to be able to dynamically
>>> allocate each user (you don't know his IP in advance) to his QoS class
>>> from
>>> iptables and tc (reminder : all users must be allocated the same
>>> bandwidth).
>>>
>>> I would sincerely appreciate your help on this.
>>>
>>> Regards
>>>
>>> Jérôme
>>> --
>>> To unsubscribe from this list: send the line "unsubscribe lartc" in
>>> the body of a message to majordomo@vger.kernel.org
>>> More majordomo info at  http://vger.kernel.org/majordomo-info.html
>>
>>
>
>
>
> --
> Jérôme Féneau
> 06 67 31 46 07
> Skypeid : jfeneau92



-- 
Jérôme Féneau
06 67 31 46 07
Skypeid : jfeneau92

Re: Limiting bandwidth per user (unknown IP)

[Vitaly Repin]

Hello,

I had  a little bit more complicated task but I think you can take
some useful ideas from there:
http://www.spinics.net/lists/lartc/msg23254.html

2015-11-17 10:55 GMT+02:00 Jérôme Féneau <feneau@gmail.com>:
>
> Hello LARTC community,
>
> finally any idea how to implement traffic shhaping with netfilter and
> tc with unknown IP addresses and the same class of traffic for all ?
>
> Regards
>
> Jérôme
>
> 2015-11-14 17:46 GMT+01:00 Jérôme Féneau <feneau@gmail.com>:
> > Hi Yucong,
> >
> > HTTP server actually is not the first application that end-users
> > reach, but Varnish. And behind Varnish I have a NGINX web server.
> >
> > Regards
> >
> > Jérôme
> >
> > 2015-11-14 15:48 GMT+01:00 Yucong Sun <sunyucong@gmail.com>:
> >> What HTTP server you are using?  nginx support per-conenction hashlimit
> >> pretty good.
> >>
> >> On Sat, Nov 14, 2015 at 8:09 PM, Jérôme Féneau <feneau@gmail.com> wrote:
> >>>
> >>> Hello LARTC community,
> >>>
> >>> I have a project where I want to limit bandwidth per user connection. For
> >>> instance all users that will be connecting to my HTTP server will be
> >>> provided 256 Kbps.
> >>>
> >>> I know how to do it from known IP addresses by marking and allocating each
> >>> IP to its own QoS class (actually they all have the same, ie 256 Kbps).
> >>> This involves to create a lot of lines (one by IP) in iptables and tc.
> >>>
> >>> The tricky thing - from my point of view - is to be able to dynamically
> >>> allocate each user (you don't know his IP in advance) to his QoS class
> >>> from
> >>> iptables and tc (reminder : all users must be allocated the same
> >>> bandwidth).
> >>>
> >>> I would sincerely appreciate your help on this.
> >>>
> >>> Regards
> >>>
> >>> Jérôme
> >>> --
> >>> To unsubscribe from this list: send the line "unsubscribe lartc" in
> >>> the body of a message to majordomo@vger.kernel.org
> >>> More majordomo info at  http://vger.kernel.org/majordomo-info.html

-- 
WBR & WBW, Vitaly

Re: Limiting bandwidth per user (unknown IP)

[Jérôme Féneau]

Hi Vitaly,

thanks for your inputs. Did you finally find a solution for your problem ?

There are interesting things in your answer, here is what I noticed :

"My current idea is to store mark in the shared memory and increment it

with every new client."

It could be a good solution but how do you achieve this ?

And how do you accordingly create the relevant rules in tc ?

Regards

Jérôme

2015-11-17 10:13 GMT+01:00 Vitaly Repin <vitaly_repin@fsfe.org>:
> Hello,
>
> I had  a little bit more complicated task but I think you can take
> some useful ideas from there:
> http://www.spinics.net/lists/lartc/msg23254.html
>
> 2015-11-17 10:55 GMT+02:00 Jérôme Féneau <feneau@gmail.com>:
>>
>> Hello LARTC community,
>>
>> finally any idea how to implement traffic shhaping with netfilter and
>> tc with unknown IP addresses and the same class of traffic for all ?
>>
>> Regards
>>
>> Jérôme
>>
>> 2015-11-14 17:46 GMT+01:00 Jérôme Féneau <feneau@gmail.com>:
>> > Hi Yucong,
>> >
>> > HTTP server actually is not the first application that end-users
>> > reach, but Varnish. And behind Varnish I have a NGINX web server.
>> >
>> > Regards
>> >
>> > Jérôme
>> >
>> > 2015-11-14 15:48 GMT+01:00 Yucong Sun <sunyucong@gmail.com>:
>> >> What HTTP server you are using?  nginx support per-conenction hashlimit
>> >> pretty good.
>> >>
>> >> On Sat, Nov 14, 2015 at 8:09 PM, Jérôme Féneau <feneau@gmail.com> wrote:
>> >>>
>> >>> Hello LARTC community,
>> >>>
>> >>> I have a project where I want to limit bandwidth per user connection. For
>> >>> instance all users that will be connecting to my HTTP server will be
>> >>> provided 256 Kbps.
>> >>>
>> >>> I know how to do it from known IP addresses by marking and allocating each
>> >>> IP to its own QoS class (actually they all have the same, ie 256 Kbps).
>> >>> This involves to create a lot of lines (one by IP) in iptables and tc.
>> >>>
>> >>> The tricky thing - from my point of view - is to be able to dynamically
>> >>> allocate each user (you don't know his IP in advance) to his QoS class
>> >>> from
>> >>> iptables and tc (reminder : all users must be allocated the same
>> >>> bandwidth).
>> >>>
>> >>> I would sincerely appreciate your help on this.
>> >>>
>> >>> Regards
>> >>>
>> >>> Jérôme
>> >>> --
>> >>> To unsubscribe from this list: send the line "unsubscribe lartc" in
>> >>> the body of a message to majordomo@vger.kernel.org
>> >>> More majordomo info at  http://vger.kernel.org/majordomo-info.html
>
> --
> WBR & WBW, Vitaly



-- 
Jérôme Féneau
06 67 31 46 07
Skypeid : jfeneau92

Re: Limiting bandwidth per user (unknown IP)

[Horace]

I think you can use tc divisor command to solve the problem?

Regards,
Horace Ng

----- Original Message -----
From: "Jérôme Féneau" <feneau@gmail.com>
To: "Vitaly Repin" <vitaly_repin@fsfe.org>
Cc: "lartc" <lartc@vger.kernel.org>
Sent: Tuesday, November 17, 2015 5:58:24 PM
Subject: Re: Limiting bandwidth per user (unknown IP)

Hi Vitaly,

thanks for your inputs. Did you finally find a solution for your problem ?

There are interesting things in your answer, here is what I noticed :

"My current idea is to store mark in the shared memory and increment it

with every new client."

It could be a good solution but how do you achieve this ?

And how do you accordingly create the relevant rules in tc ?

Regards

Jérôme

2015-11-17 10:13 GMT+01:00 Vitaly Repin <vitaly_repin@fsfe.org>:
> Hello,
>
> I had  a little bit more complicated task but I think you can take
> some useful ideas from there:
> http://www.spinics.net/lists/lartc/msg23254.html
>
> 2015-11-17 10:55 GMT+02:00 Jérôme Féneau <feneau@gmail.com>:
>>
>> Hello LARTC community,
>>
>> finally any idea how to implement traffic shhaping with netfilter and
>> tc with unknown IP addresses and the same class of traffic for all ?
>>
>> Regards
>>
>> Jérôme
>>
>> 2015-11-14 17:46 GMT+01:00 Jérôme Féneau <feneau@gmail.com>:
>> > Hi Yucong,
>> >
>> > HTTP server actually is not the first application that end-users
>> > reach, but Varnish. And behind Varnish I have a NGINX web server.
>> >
>> > Regards
>> >
>> > Jérôme
>> >
>> > 2015-11-14 15:48 GMT+01:00 Yucong Sun <sunyucong@gmail.com>:
>> >> What HTTP server you are using?  nginx support per-conenction hashlimit
>> >> pretty good.
>> >>
>> >> On Sat, Nov 14, 2015 at 8:09 PM, Jérôme Féneau <feneau@gmail.com> wrote:
>> >>>
>> >>> Hello LARTC community,
>> >>>
>> >>> I have a project where I want to limit bandwidth per user connection. For
>> >>> instance all users that will be connecting to my HTTP server will be
>> >>> provided 256 Kbps.
>> >>>
>> >>> I know how to do it from known IP addresses by marking and allocating each
>> >>> IP to its own QoS class (actually they all have the same, ie 256 Kbps).
>> >>> This involves to create a lot of lines (one by IP) in iptables and tc.
>> >>>
>> >>> The tricky thing - from my point of view - is to be able to dynamically
>> >>> allocate each user (you don't know his IP in advance) to his QoS class
>> >>> from
>> >>> iptables and tc (reminder : all users must be allocated the same
>> >>> bandwidth).
>> >>>
>> >>> I would sincerely appreciate your help on this.
>> >>>
>> >>> Regards
>> >>>
>> >>> Jérôme
>> >>> --
>> >>> To unsubscribe from this list: send the line "unsubscribe lartc" in
>> >>> the body of a message to majordomo@vger.kernel.org
>> >>> More majordomo info at  http://vger.kernel.org/majordomo-info.html
>
> --
> WBR & WBW, Vitaly



-- 
Jérôme Féneau
06 67 31 46 07
Skypeid : jfeneau92
--
To unsubscribe from this list: send the line "unsubscribe lartc" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: Limiting bandwidth per user (unknown IP)

[Vitaly Repin]

Hello,

Yes, I have solved the problem.  Unfortunatelly I do not recall all
the details now.  But yes - I had to use shared memory

I have created two scripts:

tc-control.pl:
  --init             Initialize IPC
  --destroy      Destroy IPC
  --stat           Print statistics
  --up IP         UP connection. Set the traffic shaping rules for
IPv4 address IP
  --down IP     DOWN connection. Unset the traffic shaping rules for
IPv4 address IP
  --help          Get this help and exit


tc-control.sh:

   tc-control --help
   tc-control --init
   tc-control --add <class1 id> <class2 id> <ip>
   tc-control --del <class1 id> <class2 id> <ip>


The first script is called when new connection goes UP or DOWN. The
second one is called from the first one to add or remove specific
classes.

When I was looking for alternatives I have also found this project:
https://en.wikipedia.org/wiki/Shorewall
Their web site is not responding at the moment hence I can't send you
exact link to their docs but they have something interesting about
traffic shaping per IP also.


2015-11-17 11:58 GMT+02:00 Jérôme Féneau <feneau@gmail.com>:
> Hi Vitaly,
>
> thanks for your inputs. Did you finally find a solution for your problem ?
>
> There are interesting things in your answer, here is what I noticed :
>
> "My current idea is to store mark in the shared memory and increment it
>
> with every new client."
>
> It could be a good solution but how do you achieve this ?
>
> And how do you accordingly create the relevant rules in tc ?
>
> Regards
>
> Jérôme
>
> 2015-11-17 10:13 GMT+01:00 Vitaly Repin <vitaly_repin@fsfe.org>:
>> Hello,
>>
>> I had  a little bit more complicated task but I think you can take
>> some useful ideas from there:
>> http://www.spinics.net/lists/lartc/msg23254.html
>>
>> 2015-11-17 10:55 GMT+02:00 Jérôme Féneau <feneau@gmail.com>:
>>>
>>> Hello LARTC community,
>>>
>>> finally any idea how to implement traffic shhaping with netfilter and
>>> tc with unknown IP addresses and the same class of traffic for all ?
>>>
>>> Regards
>>>
>>> Jérôme
>>>
>>> 2015-11-14 17:46 GMT+01:00 Jérôme Féneau <feneau@gmail.com>:
>>> > Hi Yucong,
>>> >
>>> > HTTP server actually is not the first application that end-users
>>> > reach, but Varnish. And behind Varnish I have a NGINX web server.
>>> >
>>> > Regards
>>> >
>>> > Jérôme
>>> >
>>> > 2015-11-14 15:48 GMT+01:00 Yucong Sun <sunyucong@gmail.com>:
>>> >> What HTTP server you are using?  nginx support per-conenction hashlimit
>>> >> pretty good.
>>> >>
>>> >> On Sat, Nov 14, 2015 at 8:09 PM, Jérôme Féneau <feneau@gmail.com> wrote:
>>> >>>
>>> >>> Hello LARTC community,
>>> >>>
>>> >>> I have a project where I want to limit bandwidth per user connection. For
>>> >>> instance all users that will be connecting to my HTTP server will be
>>> >>> provided 256 Kbps.
>>> >>>
>>> >>> I know how to do it from known IP addresses by marking and allocating each
>>> >>> IP to its own QoS class (actually they all have the same, ie 256 Kbps).
>>> >>> This involves to create a lot of lines (one by IP) in iptables and tc.
>>> >>>
>>> >>> The tricky thing - from my point of view - is to be able to dynamically
>>> >>> allocate each user (you don't know his IP in advance) to his QoS class
>>> >>> from
>>> >>> iptables and tc (reminder : all users must be allocated the same
>>> >>> bandwidth).
>>> >>>
>>> >>> I would sincerely appreciate your help on this.
>>> >>>
>>> >>> Regards
>>> >>>
>>> >>> Jérôme
>>> >>> --
>>> >>> To unsubscribe from this list: send the line "unsubscribe lartc" in
>>> >>> the body of a message to majordomo@vger.kernel.org
>>> >>> More majordomo info at  http://vger.kernel.org/majordomo-info.html
>>
>> --
>> WBR & WBW, Vitaly
>
>
>
> --
> Jérôme Féneau
> 06 67 31 46 07
> Skypeid : jfeneau92



-- 
WBR & WBW, Vitaly

Re: Limiting bandwidth per user (unknown IP)

[Jérôme Féneau]

Hi Vitaly,

seems very interesting, can you share working links as the ones you
sent are down ?

Regards

Jérôme

2015-11-18 7:14 GMT+01:00 Vitaly Repin <vitaly_repin@fsfe.org>:
> Hello,
>
> Yes, I have solved the problem.  Unfortunatelly I do not recall all
> the details now.  But yes - I had to use shared memory
>
> I have created two scripts:
>
> tc-control.pl:
>   --init             Initialize IPC
>   --destroy      Destroy IPC
>   --stat           Print statistics
>   --up IP         UP connection. Set the traffic shaping rules for
> IPv4 address IP
>   --down IP     DOWN connection. Unset the traffic shaping rules for
> IPv4 address IP
>   --help          Get this help and exit
>
>
> tc-control.sh:
>
>    tc-control --help
>    tc-control --init
>    tc-control --add <class1 id> <class2 id> <ip>
>    tc-control --del <class1 id> <class2 id> <ip>
>
>
> The first script is called when new connection goes UP or DOWN. The
> second one is called from the first one to add or remove specific
> classes.
>
> When I was looking for alternatives I have also found this project:
> https://en.wikipedia.org/wiki/Shorewall
> Their web site is not responding at the moment hence I can't send you
> exact link to their docs but they have something interesting about
> traffic shaping per IP also.
>
>
> 2015-11-17 11:58 GMT+02:00 Jérôme Féneau <feneau@gmail.com>:
>> Hi Vitaly,
>>
>> thanks for your inputs. Did you finally find a solution for your problem ?
>>
>> There are interesting things in your answer, here is what I noticed :
>>
>> "My current idea is to store mark in the shared memory and increment it
>>
>> with every new client."
>>
>> It could be a good solution but how do you achieve this ?
>>
>> And how do you accordingly create the relevant rules in tc ?
>>
>> Regards
>>
>> Jérôme
>>
>> 2015-11-17 10:13 GMT+01:00 Vitaly Repin <vitaly_repin@fsfe.org>:
>>> Hello,
>>>
>>> I had  a little bit more complicated task but I think you can take
>>> some useful ideas from there:
>>> http://www.spinics.net/lists/lartc/msg23254.html
>>>
>>> 2015-11-17 10:55 GMT+02:00 Jérôme Féneau <feneau@gmail.com>:
>>>>
>>>> Hello LARTC community,
>>>>
>>>> finally any idea how to implement traffic shhaping with netfilter and
>>>> tc with unknown IP addresses and the same class of traffic for all ?
>>>>
>>>> Regards
>>>>
>>>> Jérôme
>>>>
>>>> 2015-11-14 17:46 GMT+01:00 Jérôme Féneau <feneau@gmail.com>:
>>>> > Hi Yucong,
>>>> >
>>>> > HTTP server actually is not the first application that end-users
>>>> > reach, but Varnish. And behind Varnish I have a NGINX web server.
>>>> >
>>>> > Regards
>>>> >
>>>> > Jérôme
>>>> >
>>>> > 2015-11-14 15:48 GMT+01:00 Yucong Sun <sunyucong@gmail.com>:
>>>> >> What HTTP server you are using?  nginx support per-conenction hashlimit
>>>> >> pretty good.
>>>> >>
>>>> >> On Sat, Nov 14, 2015 at 8:09 PM, Jérôme Féneau <feneau@gmail.com> wrote:
>>>> >>>
>>>> >>> Hello LARTC community,
>>>> >>>
>>>> >>> I have a project where I want to limit bandwidth per user connection. For
>>>> >>> instance all users that will be connecting to my HTTP server will be
>>>> >>> provided 256 Kbps.
>>>> >>>
>>>> >>> I know how to do it from known IP addresses by marking and allocating each
>>>> >>> IP to its own QoS class (actually they all have the same, ie 256 Kbps).
>>>> >>> This involves to create a lot of lines (one by IP) in iptables and tc.
>>>> >>>
>>>> >>> The tricky thing - from my point of view - is to be able to dynamically
>>>> >>> allocate each user (you don't know his IP in advance) to his QoS class
>>>> >>> from
>>>> >>> iptables and tc (reminder : all users must be allocated the same
>>>> >>> bandwidth).
>>>> >>>
>>>> >>> I would sincerely appreciate your help on this.
>>>> >>>
>>>> >>> Regards
>>>> >>>
>>>> >>> Jérôme
>>>> >>> --
>>>> >>> To unsubscribe from this list: send the line "unsubscribe lartc" in
>>>> >>> the body of a message to majordomo@vger.kernel.org
>>>> >>> More majordomo info at  http://vger.kernel.org/majordomo-info.html
>>>
>>> --
>>> WBR & WBW, Vitaly
>>
>>
>>
>> --
>> Jérôme Féneau
>> 06 67 31 46 07
>> Skypeid : jfeneau92
>
>
>
> --
> WBR & WBW, Vitaly



-- 
Jérôme Féneau
06 67 31 46 07
Skypeid : jfeneau92