Hi,
I am having a problem where ftp traffic is flooding the ethernet interface
and other processes on the recipient machine can't get their traffic on the
network. I was thinking of lowering the priority on inetd on the recipient
machine, but I wanted to know if I can limit ftp transfer rate on the
server. There is a tunable for ethernet called pace_size. Is this the way to
limit traffic?
Thanks,
JS
|
|
0
|
|
|
|
Reply
|
 John
|
4/28/2005 1:39:50 AM |
|
"John Smith" <john_smith274@microsoft.com> writes:
> Hi,
>
> I am having a problem where ftp traffic is flooding the ethernet interface
> and other processes on the recipient machine can't get their traffic on the
> network. I was thinking of lowering the priority on inetd on the recipient
> machine, but I wanted to know if I can limit ftp transfer rate on the
> server. There is a tunable for ethernet called pace_size. Is this the way to
> limit traffic?
You might try configuring ipqos to condition the ftp transfers- it works
pretty well for tcp traffic. You can condition the both transmit and
receive traffic flows. At first glance it seems wasteful to discard at
the receiver, but what you're trying to do is drop traffic such that the
TCP sender slows down until the traffic is no longer dropped- so it
doesn't really matter where you do it.
Lowering the task priority won't buy you much, it doesn't take much cpu
time to saturate a typical lan drop and anyhow you'd need other tasks on
machine competing for cpu time. If the machine is otherwise more or
less idle, the ftp client or daemon will get all the cpu time it wants
anyhow.
docs.sun.com documents ipqos, man ipqos is also available.
Gregm
|
|
|
0
|
|
|
|
Reply
|
Greg
|
4/28/2005 2:48:24 AM
|
|
John Smith wrote:
> Hi,
>
> I am having a problem where ftp traffic is flooding the ethernet interface
> and other processes on the recipient machine can't get their traffic on the
> network. I was thinking of lowering the priority on inetd on the recipient
> machine, but I wanted to know if I can limit ftp transfer rate on the
> server. There is a tunable for ethernet called pace_size. Is this the way to
> limit traffic?
>
Try a different ftp server.
proftpd
ncftpd
vsftpd
all do bandwidth limiting.
regards,
Mark
|
|
|
0
|
|
|
|
Reply
|
Mark
|
4/28/2005 9:34:20 AM
|
|
In article <m3d5sfaa6f.fsf@athena.pienet>,
Greg Menke <gregm-news@toadmail.com> writes:
> "John Smith" <john_smith274@microsoft.com> writes:
>> Hi,
>>
>> I am having a problem where ftp traffic is flooding the ethernet interface
>> and other processes on the recipient machine can't get their traffic on the
>> network. I was thinking of lowering the priority on inetd on the recipient
>> machine, but I wanted to know if I can limit ftp transfer rate on the
>> server. There is a tunable for ethernet called pace_size. Is this the way to
>> limit traffic?
>
> You might try configuring ipqos to condition the ftp transfers- it works
> pretty well for tcp traffic. You can condition the both transmit and
> receive traffic flows. At first glance it seems wasteful to discard at
> the receiver, but what you're trying to do is drop traffic such that the
> TCP sender slows down until the traffic is no longer dropped- so it
> doesn't really matter where you do it.
This is harder than you might imagine because ftp data transfers
are not on fixed port numbers, which can make writing a rule to
identify that particular traffic flow (as distinct from anything
else) rather difficult.
--
Andrew Gabriel
|
|
|
0
|
|
|
|
Reply
|
andrew
|
4/28/2005 12:16:08 PM
|
|
andrew@cucumber.demon.co.uk (Andrew Gabriel) writes:
> In article <m3d5sfaa6f.fsf@athena.pienet>,
> Greg Menke <gregm-news@toadmail.com> writes:
> > "John Smith" <john_smith274@microsoft.com> writes:
> >> Hi,
> >>
> >> I am having a problem where ftp traffic is flooding the ethernet interface
> >> and other processes on the recipient machine can't get their traffic on the
> >> network. I was thinking of lowering the priority on inetd on the recipient
> >> machine, but I wanted to know if I can limit ftp transfer rate on the
> >> server. There is a tunable for ethernet called pace_size. Is this the way to
> >> limit traffic?
> >
> > You might try configuring ipqos to condition the ftp transfers- it works
> > pretty well for tcp traffic. You can condition the both transmit and
> > receive traffic flows. At first glance it seems wasteful to discard at
> > the receiver, but what you're trying to do is drop traffic such that the
> > TCP sender slows down until the traffic is no longer dropped- so it
> > doesn't really matter where you do it.
>
> This is harder than you might imagine because ftp data transfers
> are not on fixed port numbers, which can make writing a rule to
> identify that particular traffic flow (as distinct from anything
> else) rather difficult.
Isn't one end of the data transfer going to be on tcp port 20? Now with
rpc stuff I agree, trying to keep ipf from snarfing up rpc/nfs traffic
that is shouldn't is a PITA.
Gregm
|
|
|
0
|
|
|
|
Reply
|
Greg
|
4/28/2005 3:54:39 PM
|
|
In article <m3fyxa522o.fsf@athena.pienet>,
Greg Menke <gregm-news@toadmail.com> writes:
> andrew@cucumber.demon.co.uk (Andrew Gabriel) writes:
>
>> In article <m3d5sfaa6f.fsf@athena.pienet>,
>> Greg Menke <gregm-news@toadmail.com> writes:
>> > You might try configuring ipqos to condition the ftp transfers- it works
>> > pretty well for tcp traffic. You can condition the both transmit and
>> > receive traffic flows. At first glance it seems wasteful to discard at
>> > the receiver, but what you're trying to do is drop traffic such that the
>> > TCP sender slows down until the traffic is no longer dropped- so it
>> > doesn't really matter where you do it.
>>
>> This is harder than you might imagine because ftp data transfers
>> are not on fixed port numbers, which can make writing a rule to
>> identify that particular traffic flow (as distinct from anything
>> else) rather difficult.
>
> Isn't one end of the data transfer going to be on tcp port 20? Now with
All current clients would normally use PORT or PASV commands
(or more recent replacements), which override the use of port 20.
If you do drop back to using port 20, then you can't transfer a
second file without waiting for the 2MSL TCP timer to expire (or
using a different transfer mode which allows data connection reuse,
but this isn't normal, and I doubt if current implementation even
support it any more).
> rpc stuff I agree, trying to keep ipf from snarfing up rpc/nfs traffic
> that is shouldn't is a PITA.
To properly handle ftp data connections in this IPQoS architecture,
you need a state machine spying on the control connection and
setting up appropriate temporary filters to catch the data
connections for their duration.
--
Andrew Gabriel
|
|
|
0
|
|
|
|
Reply
|
andrew
|
4/28/2005 5:12:22 PM
|
|
|
5 Replies
391 Views
(page loaded in 0.545 seconds)
Similiar Articles: Limit on ftp file sizes - comp.unix.solarisOutbound traffic can obviously be limited (size and ... to limit FTP Traffic - comp.unix.solaris How to limit FTP ... This is my /etc/ntp.comf file: restrict default ... Traffic Shaping HOW-TO? - comp.dcom.sys.ciscoTraffic Shaping HOW-TO? - comp.dcom.sys.cisco where the end user suffers stuttering and application ... How to limit FTP Traffic - comp.unix.solaris To properly ... How to capture Skype traffic on my PC? - comp.os.ms-windows ...How to limit FTP Traffic - comp.unix.solaris... connection and setting up appropriate temporary filters to catch the ... traffic-shaping limit ftp traffic - Velocity ... How to restrict outbound connections ? - comp.unix.solaris ...Hi all, I want to restrict all ... the maximum simultaneous FTP connections a ... How to restrict ... Throttling network traffic - comp.arch.embedded How to restrict outbound ... How to disable outgoing FTP service? - comp.os.vmsTraffic Shaping HOW-TO? - comp.dcom.sys.cisco Mostly FTP transmissions. I aim to limit ... bigger bag of tricks called quality of service. ... There is nothing to stop you ... How can I determine the maximum simultaneous FTP connections a ...Limit on ftp file sizes - comp.unix.solaris It's dependant of the receiving system. ... is what are the limits regarding # of connection - memory, processor, size of ... Throttling network traffic - comp.arch.embeddedFor inbound TCP traffic, you can just limit the advertized window size and the rate at which you ... ports classified by e.g. interactive (http,telnet) non-interactive (ftp ... rate limiting with 3550 and 3750 troubles - comp.dcom.sys.cisco ...Hello, I wanted to implement traffic shapiung features using catalyst 3750 running ... I just did something like this: mls qos ! class-map match-all limit_ftp match ... Upload Permission to Users in Solaris 8 FTP Server - comp.unix ...Hi all, I want to know how to restrict or give upload or download access to any of the exisint user in Solaris 8 FTP Server. I googled without any s... FTP outward traffic causing "Unidentified IP traffic" error on ISA ...We have a problem with outgoing FTP traffic going through our ISA 2004 server from one of our remote sites. It works absolutely fine from our main o... traffic-shaping limit ftp traffic - Velocity Reviews - Computer ...I'm trying to limit the ftp traffic on 512 frame link to 400000 bits, so there is still some space left for telnet, http, etc. This is what I've setup so far but no luck: Configuring FTP Firewall Settings in IIS 7 : FTP 7 for IIS 7 ...Because you will be accessing this FTP site remotely, you want to make sure that you do not restrict access to ... will need to configure your settings so that FTP traffic ... 7/11/2012 10:32:35 AM
|
Search |
Post Question |
Groups |
Stream |
About |
Register
78 followers. 