bandwidth.tex

socket4 socket5 client

%@(#)$Id: bandwidth.tex,v 1.11 2005/11/03 13:24:17 michaels Exp $
%/*
% * Copyright (c) 2001
% *      Inferno Nettverk A/S, Norway.  All rights reserved.
% *
% * Redistribution and use in source and binary forms, with or without
% * modification, are permitted provided that the following conditions
% * are met:
% * 1. The above copyright notice, this list of conditions and the following
% *    disclaimer must appear in all copies of the software, derivative works
% *    or modified versions, and any portions thereof, aswell as in all
% *    supporting documentation.
% * 2. All advertising materials mentioning features or use of this software
% *    must display the following acknowledgement:
% *      This product includes software developed by
% *      Inferno Nettverk A/S, Norway.
% * 3. The name of the author may not be used to endorse or promote products
% *    derived from this software without specific prior written permission.
% *
% * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
% * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
% * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
% * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
% * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
% * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
% * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
% * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
% * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
% * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
% *
% * Inferno Nettverk A/S requests users of this software to return to
% *
% *  Software Distribution Coordinator  or  sdc@inet.no
% *  Inferno Nettverk A/S
% *  Oslo Research Park
% *  Gaustadall閑n 21
% *  NO-0349 Oslo
% *  Norway
% *
% * any improvements or extensions that they make and grant Inferno Nettverk A/S
% * the rights to redistribute these changes.
% *
% */

\documentclass[a4paper, final, twoside, english]{article}
\usepackage[latin1]{inputenc}
\usepackage[T1]{fontenc}
\usepackage{babel}
\usepackage{html}

\title{\emph{Dante}, Module \emph{Bandwidth}}
\author{
	Inferno Nettverk A/S \\
	Oslo Research Park   \\
	Gaustadall閑n 21	\\
	NO-0349 Oslo          \\
	Norway}
\date{$$$$Date: 2005/11/03 13:24:17 $$$$}

\makeindex

\begin{document}
\maketitle
\thispagestyle{empty}

\clearpage
\setcounter{page}{1}

\section{Description}
 The \emph{Bandwidth} module gives you control over how much
 bandwidth the \emph{Dante} server uses on behalf of the
 clients.

 It can be used to limit bandwidth to non-work related web/ftp
 sites, or to prevent ftp-related traffic from impacting too much
 on interactive telnet/ssh traffic.

 It can also be used to give more bandwidth to certain clients
 or for traffic to certain cites.

 In addition, when using the \emph{Dante} \emph{bind extension}, it
 can be used to provide bandwidth control to networkservers
 (like e.g. webservers) that do not support bandwidth control internally.

\section{Syntax}
 The syntax of the \texttt{bandwidth} statement is as follows:

 \verb"bandwidth: <bytes>"

 \texttt{bytes} is the maximum bandwidth, measured in bytes, to use per second.

\section{Semantics}
 The \texttt{bandwidth} statement integrates as a part of
 socks-rules.

 The maximal \texttt{bandwidth} set for a rule will be shared
 by all clients matching that rule.  The \emph{Dante} server
 will distribute the bandwidth to the matching clients in a
 least-recently used fashion, trying to let all clients get a
 fair share.

\section{Special notes}
 Sending the \emph{Dante} server a \texttt{SIGHUP} signal forces a reload
 of the configuration file.  It should be noted that this
 does not affect current sessions. 

 Changing e.g. a \emph{pass} statement to a \emph{block} statement,
 does not terminate the session of any existing client.
 Likewise, a reload of the configuration file does not let sessions
 created before the reload affect sessions created after the reload.

 This means that after a reload of the configuration file, the
 bandwidth counter for new sessions will be reset, and the possibly
 confusing situation might arise where more than the configured
 number of bandwidth is used, as old sessions will use the
 bandwidth allocated to them before the reload, independently
 of new sessions.
 
 Eventually the old sessions will finish however, and the maximal
 number of sessions will be the the number currently configured,
 until a new reload of the configuration-file occurs.
 

\section{Examples}
 This section shows several examples of how one could use the
 \emph{bandwidth} module.

 \subsection{Limiting web/http bandwidth}
  The below rule shows how one can limit the bandwidth used
  for webtraffic from the clients on the 10.0.0.0/24 net
  to a total of 10240 bytes, or 100 KiloBytes.

  \begin{verbatim}
pass {
   from: 10.0.0.0/24 to: 0.0.0.0/0 port = http
   command: connect
   bandwidth: 102400
}
  \end{verbatim}

 \subsection{Increasing web/http bandwidth}
  The next rule, if placed before other bandwith-limiting rules,
  shows how one can increase the bandwidth used for webtraffic from
  the clients on the 10.0.0.0/24 net to certain sites.

  In this case, the clients will be able to use 1024000 bytes,
  or one MegaByte, per second when going to the address work.example.com.

  \begin{verbatim}
pass {
   from: 10.0.0.0/24 to: work.example.com port = http
   command: connect
   bandwidth: 1024000
}
  \end{verbatim}

 \subsection{Limiting ftp bandwidth}
  The next rule shows how one can limit the bandwidth used
  for ftp-data for the clients on the 10.0.0.0/24 net
  to a total of 10240 bytes, or 10 kB/s

  This only works for \emph{active} ftp, since for \emph{passive} ftp
  we don't have fixed portnumbers.

  \begin{verbatim}
pass {
   from: 0.0.0.0/0 port = ftp-data to: 10.0.0.0/24
   command: bindreply
   bandwidth: 10240
}
  \end{verbatim}

 \subsection{Limiting bandwidth provided by internal servers to the outside}
  The next rule shows how one could use the \emph{Dante bind extension}
  together with the \emph{Bandwidth} module to limit the amount of
  data provided by a internal server, in this case, a webserver called
  \emph{our-webserver.example.com}, to a total of 10240 bytes, or 10 kB/s.

  This requires the webserver to be socksified and the \emph{bind extension}
  to be enabled on both the socksified client and on the \emph{Dante}
  server.

  \begin{verbatim}
pass {
   from: 0.0.0.0/0 to: our-webserver.example.com port = http
   command: bindreply
   bandwidth: 10240
}
  \end{verbatim}



\end{document}