Limit new connections

  • Good morning, Mrs.

    Has anyone done or knows how to limit any and all connection at a specific speed?

    Example: I have a web server that is accessed via NAT on port 443. Each connection, depending on the procedure done, uses 100Kb, 500Kb, 2Mb, 5Mb ... Is there any way to limit any new connection at a maximum speed of 1Mbps?

    I know that if I create several rules, put IP in each source, create in traffic shaper and add in Advanced In / Out Pipe the speed I want, it will work ... But I have many different IPs connecting and most are not fixed. .. Does anyone know how I can do this bandwidth control?

    My problem is that I have 10Mb and there are times that only 2 clients (monitored via iftop and are always different) reach 10Mb and the next requests are slow / timeout depending on the time they are requesting data.

  • Slow requests and timeouts are due to bufferbloat, not "saturation". You don't need to limit the bandwidth of the connections, you just need to make sure your link doesn't have a backlog of packets.

    Try enabling FairQ shaper on your WAN, then set the Default queue to use Codel. This is very easy to do and may be good enough. Once 2.4.4 is released, look into fq_Codel.

    There is hope for a near perfect turn-key shaping called "cake". One of the main features is near perfect bandwidth distribution and latency isolation among different IP addresses. But don't hold your breath. They've been near release for a few years now. A few 11th hour features caused a bunch of regressions and they've been trying to fix the issues since.

  • LAYER 8 Global Moderator

    Or don't serve up connections to the public internet on such a small pipe - 10mbps.. Fine if your wanting to watch paint dry I guess ;)

  • LAYER 8 Netgate

    Limiting at the web server itself might also be possible.

Log in to reply