3

What's the simplest way to put a cap on total monthly outgoing data? I have no desire to throttle bandwidth over short intervals, the aim is to ensure I stay within spending limits for monthly bandwidth cost even if I get DDOSsed and fail to respond to an alert from the AWS Limit Monitor.

Node.js running on Ubuntu running in AWS EC2 so there are various levels at which this could be implemented.

030
  • 5,901
  • 13
  • 68
  • 110
Sideshow Bob
  • 133
  • 4

1 Answers1

5

I would use tc and the Token Bucket Filter (tbf) to do this. If you have a 1Gbps line it can push ~328TB/mo at full utilisation. If your outgoing data is limited to 50TB/mo then the maximum sustained rate would be 

(50/328)Gbps ~ 0.152Gbps ~ 152Mbps

You can then use tc to limit the maximum 

tc qdisc add dev eth0 root tbf rate 152.0mbit burst 20kb latency 50ms

or something similar. Of course, if you're not fully utilising your link all the time then this can be wasteful but you shouldn't go over your limit.

Wolfram Alpha is handy for working this kind of stuff out too.

user9517
  • 115,471
  • 20
  • 215
  • 297
  • That looks great as I can set huge burst capacity without exceeding my rate long term, however the burst appears to be limited - I set 20mb but `tc qdisc show` shows 33000b, is that normal? Another question does this apply to all traffic regardless of type e.g. even ICMP requests? – Sideshow Bob Dec 06 '16 at 13:42
  • IDK about the burst limit. The second question is answered at the beginning of he tbf doc I linked to. – user9517 Dec 06 '16 at 13:48
  • For you perhaps; for me it isn't. Is that what 'classless' means? – Sideshow Bob Dec 06 '16 at 13:51
  • @Hanginoninquietdesperation Intrerstingly, that linked document keeps talking about millibits per second ... :) – Hagen von Eitzen Dec 06 '16 at 15:49
  • I, too, have noticed that the "burst" is always limited to about 200x the "rate" using tbf. I have found no explanation for this or any documentation regarding it. – jdizzle Jan 30 '18 at 04:43
  • I figured this out. Internally the tc tool converts the bucket into a duration of nanoseconds and stuffs it into a uint32. This means the max buckets size you can configure is worth about 4seconds of the rate (so you can't do a months worth of a bucket). The kernel has been patched, however, to support an alternative way of setting the rate to do exactly what you want, though. – jdizzle Feb 01 '18 at 04:29