Linux Traffic Shaping

Daniel Fussell dfussell at
Wed Mar 20 18:44:49 MDT 2013

On 03/20/2013 01:35 AM, Dan Egli wrote:
> *First, I wasn't aware that rsync (which I admit I failed to mention) used
> the SSH ports. Doesn't it use it's own port? Then, as far as throttling ssh
> (which I put in the wrong category by not thinking of scp, my bad) I don't
> necessarily WANT it throttled, but at the same time, if I have my 10 mbit
> link and I'm scp'ing something then try to download some mail from Gmail
> (or others), my experience of the past has indicated that while everything
> will continue to function, the mail especially will really slow down since
> the scp is using so much bandwidth. I freely admit my link wouldn't be
> saturated 100% of the time. But some complete saturation is in fact
> completely expected. And I don't mean bursts of a few seconds, I mean
> thirty or forty minutes of continuous saturation. Remember that one of the
> things I like to do is purchase media. If I was to download a HD movie,
> even at 10 mbits it's going to take at least 20 minutes, maybe longer. I
> think the file sizes are going up from the DVD size files to much larger
> (like near Blu-Ray sized files). I'd like to have my system setup so that I
> can ensure that everything gets a chance, and at least LOOKS speedy.
> Admittedly 3 mbits isn't much for scp (I was thinking of only the actual
> interactive ssh, not it's derivatives), so I could move it up to the #2
> priority that gives 9mbits. Maybe even 9.5 mbits. But I've seen the
> slowdowns when I have a file downloading (via scp or http or ftp or other
> doesn't matter) and I try to view a web page with a few graphics, or I try
> to download my mail. It works, no arguments. But the slowdown is apparent.
> What I'd like to accomplish is that the low bandwidth items (like imap&
> smtp) always get a bit of room, even if it's only 256kbits, then normal
> operational things that would create heavy bandwidth (http, scp, etc...)
> would get the lion's share, and what's left over goes to whatever other
> bandwidth gobbler there is, be it a online game (maybe an MMORPG or
> something) or downloading the latest movie, or transferring other large
> files, be it on Bittorrent, or a file sharing network like gnutella2 or
> kazaa or others. And the problem with telling the program itself to
> throttle is that it will ALWAYS throttle. The other point was that in
> instances where nothing else is happening (I'm typing something up locally,
> or I'm not even at the computer, or whatever) the major bandwidth gobblers
> like file sharing and Bittorrent can have free reign to saturate the link.*

What you are describing would be well suited to weighted fair queuing.  
I had to use this when I was keeping a T1 frame relay partial mesh from 
being saturated by a couple of loan officers doing a full back up a 
200MB access database every afternoon when they went to lunch.  Or the 
COO emailed a 2MB word document to all 200 employees (involving both the 
WAN and the upstream internet connection).  It would bring every branch 
office's processing to a halt and make even telneting into the routers 
to figure out what was going on very difficult.  With WFQ, you don't 
need to configure any services specifically; it does nothing if there is 
no congestion.  Once there is congestion, it automatically starts 
queuing packets.  But it services the small queues first, and leaves the 
bandwidth hogs with whatever is left over.  So telnet, imap, 
keep-alives, ssh, etc all get priority, and their packet latency is not 
noticeable.  The smaller throughput of the band hogs forces the TCP 
windows to readjust until they fit within the available bandwidth, and 
your retransmits, drops, etc goes down.  But for the most part, even the 
band hogs don't notice.

The down side is, I did this on Cisco routers.  I've half-heartedly 
looked for something like it as I occasionally have large media streams 
that kill my ssh performance.  But it's so infrequent I haven't put much 
effort into it.  I think there was a CFQ for network access something or 
other being talked about in kernel, but I don't remember an specifics, 
and I might be confusing it with another project using CFQ.

As for ssh and X11 redirection, the biggest killer there is the 
round-trip times and the chatty nature of the X11 protocol.  IMAP has 
the same problem.  As does SMB.  So yes, WFQ would help there too, by 
ensuring you don't get timeouts and need to restart a transaction.

;-Daniel Fussell

More information about the PLUG mailing list