Bandwidth control

The bandwidth control mechanisms inside Proftpd have changed dramatically during the 1.2.0 development and release cycle. The original 'Bandwidth' directive has been removed and replaced with a nubmer of 'Rate*' directives. These only work on a per session basis with no scope for limiting on a VirtualHost basis or a netblock basis. This functionality is planned for the 1.3.x development branch.

Example 14-2. Simple throttling config

Bandwidth                       81920

is replaced with something like

RateReadBPS                     81920
RateReadFreeBytes               5120
RateReadHardBPS                 on

To achieve a total limit on a per virtual basis a mix of RateReadBPS and MaxClients is needed. ie RateReadBPS x MaxClients = Total Bandwidth allocation. There is no way (at the moment) to specify that virtual server xyz has a maximum total bandwidth of 200K/s that it can use between all connections.

Per-virtual, per-user and global limits are currently in the "to be coded" pile and are being penciled in for the 1.3.x development series. There is some work in providing for a shared communication system between servers before this can happen.

Limiting the total usage by a VirtualHost

How can i achieve bandwidth restriction to depend on current user. one should have 1000 bytes per second write, the other 100bytesps for example. RateWriteBPS is global, isn't it ?

I have a delimma that I need opinions and ideas on. At K-State our Internet1 bandwidth is getting pretty hefty. They are trying cut back on resources until they can get a grip on the napster problem we're having. One of the things that they wanted done to my public mirror server (see sig) was rate limiting. I don't terribly mind it but I don't want to do it to Internet2 Universities and other participants. My possible solution was to send all Internet1 users to one hostname, and all Internet2 users to a Virtualhost. The Internet1 would have standard rate limiting features (could someone give me an opinion on numbers for this please? I haven't used it before) and the Interet2 virtualhost would be unlimited. That's a reasonable idea. I'm trying to get a list of IP blocks for all groups on Internet2 from the 'Net2 people themselves. Then I thought of another thing. Can it be done within the same host? Could I do a allow, deny for both groups within the same host--one of them gets the good speeds, the other gets limited? How? Would it be better to create an internet2 user on my system that 'Net2 people could login in with and then have it check to see if they really are 'Net2 people (according to the IP block)? I'm having trouble deciding what to try and/or which to use. Any thoughts or advice? LinuxPPC 2000 will be coming out this weekend and will be hosted by me. I need to get something in place before that happens.

Example 14-3. Rate limiting

<Anonymous ~ftp>
    # ...etc....
        RateWriteBPS                    16384           # all writes at max 16K/s
        <Directory slow>
                RateReadBPS             1024            # 1K/s max
                RateReadFreeBytes       64000           # less than 64KB at full speed
                RateReadHardBPS         on              # after 64KB xfer _forced_ down to 1K/s
        </Directory>
        <Directory pub/win95>
                RateReadBPS             8192            # 8K/s max
                RateReadFreeBytes       256000          # until 256KB files at full speed, then 8K/s
        </Directory>
</Anonymous>

And a comment: if the normal cases one should not use "RateReadHardBPS on", it is cruel to the users. :)

I'm currently running 1.2.0pre10 in inetd mode, and the RateReadBPS directive works well for users who are individually defined within my proftpd.conf. However, I would like to restrict total outgoing FTP bandwidth, and it looks like this should be possible with RateReadBPS. >From section 6.16 of the FAQ:

"To achieve a total limit on a per virtual basis a mix of RateReadBPS and MaxClients is needed. ie RateReadBPS x MaxClients = Total Bandwidth allocation. There is no way (at the moment) to specify that virtual server xyz has a maximum total bandwidth of 200K/s that it can use between all connections."

A section of my proftpd.conf might look like this: <Global> MaxClients 6 RateReadBPS 10000 </Global> It looks like total bandwidth should be limited to ~60 KB/s (after restarting inetd). However, this is not the case. Any suggestions?

On Mon, Feb 28, 2000 at 05:22:12PM -0500, dboyles@r75h121.res.gatech.edu wrote: > "To achieve a total limit on a per virtual basis a mix of RateReadBPS and > MaxClients is needed. ie RateReadBPS x MaxClients = Total > Bandwidth allocation. There is no way (at the moment) to specify that > virtual server xyz has a maximum total bandwidth of 200K/s > that it can use between all connections." > > A section of my proftpd.conf might look like this: > > <Global> > MaxClients 6 > RateReadBPS 10000 > </Global> > > It looks like total bandwidth should be limited to ~60 KB/s (after > restarting inetd). However, this is not the case. Any suggestions? inetd (with or without tcpd) may be the problem. Try running proftpd in standalone mode as a single daemon.

Hi, I'm having a problem getting the RateReadBPS limit to work. I've = put it in the 'global', in the 'directory' and in the body. No matter = where I put it, it doesn't seem to work. Can someone please give me an = example, or something? This is not an anon site, and my users all have = different logins, but go to the same dir tree, where they are jailed.

Thanx!! ServerType inetd DisplayConnect /home/ftp/.ftpmess=20 DefaultServer on maxclients 22 "Sorry, max number of users has been = reached" maxclientsperhost 1 "Sorry, only 1 connection per user is = allowed" Group ftp User ftp AllowStoreRestart on ExtendedLog /var/log/ftp.log all=20 LogFormat default "%h %l %u %t \"%r\" %s %b" Umask 0000 TimeoutNoTransfer 600 TimeoutIdle 600 TimeoutStalled 600 AccessGrantMsg "User access granted for %u." <Global> <Limit LOGIN> AllowGroup ftp </Limit> DefaultRoot /home/ftp </Global> <Directory /*> AllowOverwrite off </Directory>

I'm having a problem getting the RateReadBPS limit to work. I've = put it in the 'global', in the 'directory' and in the body. No matter = where I put it, it doesn't seem to work. Can someone please give me an = example, or something? This is not an anon site, and my users all have = different logins, but go to the same dir tree, where they are jailed.

Thanx!! ServerType inetd DisplayConnect /home/ftp/.ftpmess=20 DefaultServer on maxclients 22 "Sorry, max number of users has been = reached" maxclientsperhost 1 "Sorry, only 1 connection per user is = allowed" Group ftp User ftp AllowStoreRestart on ExtendedLog /var/log/ftp.log all=20 LogFormat default "%h %l %u %t \"%r\" %s %b" Umask 0000 TimeoutNoTransfer 600 TimeoutIdle 600 TimeoutStalled 600 AccessGrantMsg "User access granted for %u." <Global> <Limit LOGIN> AllowGroup ftp </Limit> DefaultRoot /home/ftp </Global> <Directory /*> AllowOverwrite off </Directory>

"Doesn't work" simply means that proftpd acts as if there were no RateReadBPS lines in the config file. To say in other words: the download xfer rate is the speed of the LAN independently of the login type (user or anonymous) and of the number behind the RateReadBPS directive. A very intersting thing: the download time is very high when running the proftpd with the "-n -d 5" switches. In this case the download xfer rate is constant: 0.71 kBytes/sec, and it's independent of the RateReadBPS setting, and the download is performed in the following way: one block is transmitted, then there is a 5-minute-wait-state, then the rest of the file is transmitted at the speed of the LAN, instead of waiting smaller amounts of time between blocks of transfers.

# This is a basic ProFTPD configuration file (rename it to=20 # 'proftpd.conf' for actual use. It establishes a single server # and a single anonymous login. It assumes that you have a user/group # "nobody" and "ftp" for normal operation and anon. ServerName "ProFTPD Default Installation" ServerType inetd DefaultServer on # Port 21 is the standard FTP port. Port 21 # Umask 022 is a good standard umask to prevent new dirs and files # from being group and world writable. Umask 022 # To prevent DoS attacks, set the maximum number of child processes # to 30. If you need to allow more than 30 concurrent connections # at once, simply increase this value. Note that this ONLY works # in standalone mode, in inetd mode you should use an inetd server # that allows you to limit maximum number of processes per service # (such as xinetd) MaxInstances 32 MaxClientsPerHost 1 "The client number trying to connect from the same ho= st is limited to 1!" TimeoutStalled 600 # Set the user and group that the server normally runs at. User nobody Group nobody AuthUserFile /etc/passwd # Normally, we want files to be overwriteable. <Directory /*> AllowOverwrite on </Directory> # A basic anonymous configuration, no upload directories. <Anonymous ~ftp> User ftp Group ftp # We want clients to be able to login with "anonymous" as well as "ftp" UserAlias anonymous ftp # Limit the maximum number of anonymous logins MaxClients 4 RateReadBPS 8192 # We want 'welcome.msg' displayed at login, and '.message' displayed # in each newly chdired directory. DisplayLogin welcome.msg DisplayFirstChdir .message # Limit WRITE everywhere in the anonymous choot <Limit WRITE> DenyAll </Limit> </Anonymous>

I'm using RateReadBPS on a Redhat 6.0 system with pre10 RPMs and it works fine. I have kernel 2.2.14. here is a snippet of my config file that limits anonymous users to 12000 kbs: <Anonymous /somefilepath/somedir > User ftp Group ftp UserAlias anonymous ftp RateReadBPS 12000 RequireValidShell off MaxClients 15 <Limit LOGIN> AllowAll </Limit> <Limit WRITE> DenyAll </Limit> </Anonymous>

Does this limit each seperate anonymous user to 12000bytes D/L or all anonymous users as a whole?

> But I really think you should consider other points ( security for example > ), and upgrade AS SOON AS POSSIBLE. > > pre10 has MANY advantages over pre1, including built-in bandwidth > control, as you desire.

The reason i didnt uprgrade yet is the following: I am a very newbie to linux. I have SuSE 6.0 installed with very little packages selected (Almost only network things, because i only want to use the P100/16MB Ram as a FTP-Server in text mode without graphics) My problem is, that i'm not able to install proftp-opre10. I know that i have to install it with RPM. I downloaded core and inetd RPMs, but if want to install them, i get the following dependencies:

> But I really think you should consider other points ( security for example > ), and upgrade AS SOON AS POSSIBLE. > > pre10 has MANY advantages over pre1, including built-in bandwidth > control, as you desire.

The reason i didnt uprgrade yet is the following: I am a very newbie to linux. I have SuSE 6.0 installed with very little packages selected (Almost only network things, because i only want to use the P100/16MB Ram as a FTP-Server in text mode without graphics)

My problem is, that i'm not able to install proftp-opre10. I know that i have to install it with RPM. I downloaded core and inetd RPMs, but if want to install them, i get the following dependencies: pam >= 0.59 fileutils libpam.so.0 libc.so.6 (GLIBC_2.0) # I installed libc, didnt help libc.so.6 (GLIBC_2.1) libcrypt.so.1 (GLIBC_2.0) Yast installs the packages without any error messages, but then the programs wont run. Does anyone of you have mercy and tell me where i can find those packages ? Very big thanks in advance, Schinken

Рейтинг@Mail.ru