For the record, what I ended up deploying was linux network-stack level traffic control with the HTB shaper. I ran into some strangeness with my filter rules, which were preventing my local traffic from getting exempted. I finally removed the default rule from the root shaper and put a u32 catch-all rule in pointing to the class with the restriction in it. This way it will catch ALL outbound bandwidth, as the local ITS was getting pretty ansy and they didn't care about what modes were in use, just that the absolute total amount of packets leaving my machine was at or below 50mbits/s. Oh well.... --Jim On Wed, Mar 23, 2011 at 1:13 PM, Jonathan Thurman <JThurman at nwresd.k12.or.us> wrote: > On 03/22/2011 12:24 PM, Jonathan Thurman wrote: >>> >>> If you are using vsftp, then you could add something like this to your /etc/vsftp/vsftp.conf: >>> >>> # Max transfer rate 10 Mb >>> anon_max_rate=10485760 >>> > >> We're running a ftp-only (so far) mirror that I'm about to announce to >> the list. It's my understanding that you need to adjust anon_max_rate >> *and* max_clients or else you could get, for example, 100 connections >> using a max transfer rate of 10Mb. So far I'm limiting our ftp >> connections/rate thusly: > > Good point. All the man page says is "The maximum data transfer rate permitted, in bytes per second, for anonymous clients.", but does not specifically state that is for ALL anonymous clients. The wording for local_max_rate leads me to believe that the rates are per-user, but I haven't reviewed the source. > >> anon_max_rate=5000000 >> max_clients=20 > > You might want to add max_per_ip as well, otherwise a single system could use up all 20 of your client connections. Don't make it too small though, as there are a lot of systems behind NAT. > >> so that we can't get hit by over 100Mb of traffic. Please let me know if >> this doesn't sound right, or if 20 clients maximum is way too wimpy to >> be a useful mirror. Also, I'm assuming that since we're talking about >> network transfer rate, the rate doesn't need to be x(1024^2), just >> x(1000^2)? > > anon_max_rate is a cap in bytes per second, so it does not have to be a multiple of anything. If you like limiting the number of bytes to a prime number, it should work =) > > -Jonathan > _______________________________________________ > CentOS-mirror mailing list > CentOS-mirror at centos.org > http://lists.centos.org/mailman/listinfo/centos-mirror >