Re: limit bandwidth on sftp

[Erik Osterholm]

On Tue, Mar 16, 2010 at 10:40:35AM -0400, Lowell Gilbert wrote:
> krad  writes:
> 
> > On 15 March 2010 13:34, Lowell Gilbert <
> > freebsd-questions-lo...@be-well.ilk.org> wrote:
> >
> >> Tsu-Fan Cheng  writes:
> >>
> >> >I need to limit my sftp session bandwidth to 20K, can someone show me
> >> how
> >> > to do it? thank you!
> >>
> >> There's no simple way to do that.
> >>
> >> scp has such a capability, though; maybe using that is your easiest option?
> >
> > You could limit port 22 with pf, ipfw etc. This would slow all you ssh
> > traffic rather than just sftp which may or may not work for you. If you are
> > clever with your rule sets you could guarantee bw for certain hosts so they
> > dont loose a functional ssh session and/or you could bw limit it by source
> > ip, rather than a global limit for port 22.
> 
> Aside from having to configure it, the downside of this approach is that
> it involves dropping some traffic and waiting for the retransmit, so it
> will be less efficient than a bandwidth limit in the application
> itself.  TCP's dynamic window resizing (especially with Selective
> ACKnowledgements) should keep the firewall from having to drop too many
> packets, but changing conditions on the network can keep that from
> working as well as you'd like.  If using this technique, make sure the
> other side supports SACK, preferably for multiple segments.

For what it's worth, I think most implementations of sftp/scp do not
set the PUSH flag when transmitting data.  This, combined with ACK
prioritization, could allow you to shape sftp without affecting
interactive SSH sessions.

Erik
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: limit bandwidth on sftp

[Lowell Gilbert]

krad  writes:

> On 15 March 2010 13:34, Lowell Gilbert <
> freebsd-questions-lo...@be-well.ilk.org> wrote:
>
>> Tsu-Fan Cheng  writes:
>>
>> >I need to limit my sftp session bandwidth to 20K, can someone show me
>> how
>> > to do it? thank you!
>>
>> There's no simple way to do that.
>>
>> scp has such a capability, though; maybe using that is your easiest option?
>
> You could limit port 22 with pf, ipfw etc. This would slow all you ssh
> traffic rather than just sftp which may or may not work for you. If you are
> clever with your rule sets you could guarantee bw for certain hosts so they
> dont loose a functional ssh session and/or you could bw limit it by source
> ip, rather than a global limit for port 22.

Aside from having to configure it, the downside of this approach is that
it involves dropping some traffic and waiting for the retransmit, so it
will be less efficient than a bandwidth limit in the application
itself.  TCP's dynamic window resizing (especially with Selective
ACKnowledgements) should keep the firewall from having to drop too many
packets, but changing conditions on the network can keep that from
working as well as you'd like.  If using this technique, make sure the
other side supports SACK, preferably for multiple segments.

-- 
Lowell Gilbert, embedded/networking software engineer, Boston area
http://be-well.ilk.org/~lowell/
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: limit bandwidth on sftp

[krad]

On 15 March 2010 13:34, Lowell Gilbert <
freebsd-questions-lo...@be-well.ilk.org> wrote:

> Tsu-Fan Cheng  writes:
>
> >I need to limit my sftp session bandwidth to 20K, can someone show me
> how
> > to do it? thank you!
>
> There's no simple way to do that.
>
> scp has such a capability, though; maybe using that is your easiest option?
>
> --
> Lowell Gilbert, embedded/networking software engineer, Boston area
>
> http://be-well.ilk.org/~lowell/
> ___
> freebsd-questions@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "
> freebsd-questions-unsubscr...@freebsd.org"
>


You could limit port 22 with pf, ipfw etc. This would slow all you ssh
traffic rather than just sftp which may or may not work for you. If you are
clever with your rule sets you could guarantee bw for certain hosts so they
dont loose a functional ssh session and/or you could bw limit it by source
ip, rather than a global limit for port 22.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: limit bandwidth on sftp

[Lowell Gilbert]

Tsu-Fan Cheng  writes:

>I need to limit my sftp session bandwidth to 20K, can someone show me how
> to do it? thank you!

There's no simple way to do that.  

scp has such a capability, though; maybe using that is your easiest option?

-- 
Lowell Gilbert, embedded/networking software engineer, Boston area
http://be-well.ilk.org/~lowell/
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

limit bandwidth on sftp

[Tsu-Fan Cheng]

Hi,

   I need to limit my sftp session bandwidth to 20K, can someone show me how
to do it? thank you!

TFC
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"