On Tue, Mar 16, 2010 at 10:40:35AM -0400, Lowell Gilbert wrote: > krad <kra...@googlemail.com> writes: > > > On 15 March 2010 13:34, Lowell Gilbert < > > freebsd-questions-lo...@be-well.ilk.org> wrote: > > > >> Tsu-Fan Cheng <tfch...@gmail.com> writes: > >> > >> > I need to limit my sftp session bandwidth to 20K, can someone show me > >> how > >> > to do it? thank you! > >> > >> There's no simple way to do that. > >> > >> scp has such a capability, though; maybe using that is your easiest option? > > > > You could limit port 22 with pf, ipfw etc. This would slow all you ssh > > traffic rather than just sftp which may or may not work for you. If you are > > clever with your rule sets you could guarantee bw for certain hosts so they > > dont loose a functional ssh session and/or you could bw limit it by source > > ip, rather than a global limit for port 22. > > Aside from having to configure it, the downside of this approach is that > it involves dropping some traffic and waiting for the retransmit, so it > will be less efficient than a bandwidth limit in the application > itself. TCP's dynamic window resizing (especially with Selective > ACKnowledgements) should keep the firewall from having to drop too many > packets, but changing conditions on the network can keep that from > working as well as you'd like. If using this technique, make sure the > other side supports SACK, preferably for multiple segments.
For what it's worth, I think most implementations of sftp/scp do not set the PUSH flag when transmitting data. This, combined with ACK prioritization, could allow you to shape sftp without affecting interactive SSH sessions. Erik _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
