Home / server / Questions / 809457
Accepted
Martin Fjordvald
Asked: 2016-10-17 22:45:47 +0800 CST

FreeBSD bandwidth throttling per IP

  • 772

I have a public HTTP server running FreeBSD.

Nginx allows me to limit throughput per connection, but I don't want to limit each IP to only 1 connection so I need a solution to limit per IP. Nginx cannot do that for me and the 3rd party modules to do it are no longer maintained.

With nginx not being an option I figure something OS level should be able to handle it, but all the other questions and answers all seem to assume I know the IPs I want to traffic shape from. Since my server is a public HTTP server I don't want to traffic shape for a specific set of IPs but rather for every IP, and grouped by the IP.

Is there any way FreeBSD can possible limit throughput per IP for all IPs?

On a side note, my backup solution is Varnish which does seem to support this scenario but would be an extra piece of software to support.

freebsd

1 Answers

  1. Best Answer

    Actually there is. It's called dynamic queues if you need prioretization, or dynamic pipes is you need shaping, both implemented in DUMMYNET. It's possible to combine these two to make a real CBQ-coniguration.

    A brief example on dynamic pipes from man 8 ipfw:

    A more sophisticated example is limiting the outbound traffic on a net with per-host limits, rather than per-network limits:

    ipfw add pipe 1 ip from 192.168.2.0/24 to any out
ipfw add pipe 2 ip from any to 192.168.2.0/24 in
ipfw pipe 1 config mask src-ip 0x000000ff bw 200Kbit/s queue 20Kbytes
ipfw pipe 2 config mask dst-ip 0x000000ff bw 200Kbit/s queue 20Kbytes

    I think you could also enable HTTP/2 in nginx, thus diminishing the number of connections that is used by each HTTP/2-capable client.

    • 1