# Limiting network rates with tc ?

## doublehp

After several failures, i come to ask my trivial question in here: imagine, host A, with interface eth0, ip IP, and gateway G.

I want to limit the network traffic over internet for this machine, to upload U, and download D.

The script will be run on A, not on G. A have to limit itself all alone.

It does not matter if restriction also affect local network. It would be better if LAN was left at full speed, but, for now, i don't really mind if the script limits the whole interface, internet including local traffic.

Issue: A has several IPs, due to alias.

Issue: I would like the script to affect all protocols: IPv4 + IPv6

A=192.168.0.20 + 192.168.0.120

G=192.168.0.1

D=300kB/s, that should be 3mbps in tc's language

U=80kB/s ... 800kbps

My problem is that, after trying 3 different scripts, script i found only affect upload, not download.

The NIC is connected to a 100mb switch, but may be 1Gb capable ... not sure. If it matters.

Thanks for help.

----------

## Hu

That behavior is expected.  As noted in lartc, you cannot directly affect the rate at which other machines send traffic to you.  You can try to discourage them by limiting the rate at which you acknowledge traffic, either by delaying outbound ACKs or by policing incoming traffic so that the remote host decides it is flooding you.

----------

## frostschutz

Limiting incoming rate should still work, although in the end it doesn't mean that you're getting sent slower, it just means you're dropping the packets you don't want to accept.

So for a congested internet link it does not immediately help because the packet was already received at the time you drop it. It may help in the long run if the other side decides to send things slower... although that's a big if especially in a P2P scenario where new connections are created all the time.

----------

## doublehp

I Congestion would only happen with UTP. TCP expects ACKs, soall TCP connections should get limited.

I just need an average limitation, let say, over 10s, or even 1mn is enough.

Don't tell me that in 2010, after 40 years of computing and networking, at a time the international network is so old we are planing to change it ... we still can not limit incoming rate ! I trust the host, no security matter ! And you are telling me, if I want to limite incoming, i need to configure a second computer as gateway, that will limit it's own outgoing traffic to this box ?

----------

## frostschutz

 *Quote:*   

> And you are telling me, if I want to limite incoming, i need to configure a second computer as gateway, that will limit it's own outgoing traffic to this box?

 

Doesn't matter how you do it, it'll be suboptimal as long as it's not your ISP imposing the incoming limit. Technically there is no difference between a gateway that shapes outgoing (really incoming) traffic or your own machine doing the same with incoming (if you ignore that tc doesn't let you add qdiscs to incoming as easily as outgoing). If the limit is not ISP side, either way the packets will be dropped after they've been received and already used your bandwidth...

----------

## Hu

 *doublehp wrote:*   

> I Congestion would only happen with UTP. TCP expects ACKs, soall TCP connections should get limited.

 Congestion will occur, at least briefly, with all protocols.  TCP will eventually back off if the traffic is not acknowledged in a timely manner.  However, as frostschutz already warned you, this may not be sufficient in scenarios where TCP connections are created and destroyed rapidly.

As to your point about this being a major omission in the protocol stack, could you explain what you hope to accomplish by this?  Very often, when someone finds a "missing feature" like this, it is because the problem is better solved in some other way.

----------

## doublehp

THIS machine is one of my many servers. It often performs BW consuming tasks. I want to limit it to 80% of my connection.

I could easily limit outgoing upload with tc, but i want to also limit incoming/download.

I just want this server to not saturate my connexion in any circumstancies.

I don't have hand over my modem/router.

I don't have hand over the usual peer server.

I never use short connexions. I use long connexions to transfer heavy data, over various layers; but i can't apply restrictions at other layer, because they can "move" with time (configuration could change).

----------

