[clug] network quotas
Antony Wuth
ajw at pobox.com
Thu Apr 17 10:47:44 EST 2003
Kim Holburn (kim.holburn at anu.edu.au) wrote:
> I have a linux router and I want to set a network quota on the throughput. Say 500MB per machine behind the router.
>
> Sorry I meant, say 500MB per host *per day* for most of the machines behind the router.
>
> And when the limit is reached the machine gets no more packets or is bandwidth limited to a very small pipe.
The Easy answer is a million different ways :) Mostly depending on how
much time, money & effort you want to spend.
You are going to have to look at every packet for your accounting - you
probably want to avoid looking at them more than once if you can.
That being said *I* would use your existing accounting information to
add firewalling rules, which can block the packets or just mark them to
be routed slowly by the kernel. You can tune how often you update the
'blocklist'
On a side note I recently heard a story of an ISP that used a packaged
accounting system to charge customers & after some time realised that
the figures they were using did not tally with that of the backup
system. After investigation it proved to be a simple config error - the
lesson being its a good idea to test such things well as the mess is
much harder (and more embarrassing) to clean up later. An easy test is to
transfer a known amount of data while using your normal accounting
package & a full tcpdump (filtered appropriately) once you get all the
numbers to match up you at least know they are all wrong in the same way
:)
Antony
More information about the linux
mailing list