debian, ubuntu, any linux. The speed limit of the network interface.

We continue with the creation of ordeals ideal platform for sale VDS debian based and KVM. This article is in principle holds for any distribution, only the package manager, use the right. And it is not only true for virtualization, but in general … But my selfish interest here is to limit the maximum speed of the network to a single VDSki.

As usual – prehistory. The other day remarked that periodically download speed with my VDS falls. While falls fairly quickly and returned to normal as quickly. On the host – 7 virtual servers, one of which I use for experiments, and 6 – rent familiar rent. The investigation revealed that one of the VDS placed backup host to another server. It was nice to see that the files he twitched at a rate of as much as 80 megabits per second, but leave the rest of the 10 Mbit VDS, even for a short period? No, do not go.

Tweaking brought me to a very simple and convenient tool – wondershaper. I did not go into the details of how it works, for me it is important that it works. Actually how to use:

wondershaper [interface] [downlink] [uplink] – sets the limit for the interface
wondershaper [interface] – shows the limitation of the interface
wondershaper clear [interface] – removes the restriction for an interface

Now more respect to KVM. For starters learn which interface is currently using VDS hated us with a terrible consumption of bandwidth
If you have used my previous manual (/ 16) to adjust the KVM, then do the following:
Debian: ~ # ps aux | grep vds10
root 3351 3.4 8.4 691 888 1685376? 1340 Sl Jun16 50 / usr / bin / kvm -S -M pc -m 1024 -smp 1 -name vds10 -monitor pty -boot c -drive file = / vms / vds10.img, if = ide, index = 0, boot = on -drive file = / iso / debian-504-i386-CD-1.iso, if = ide, media = cdrom, index = 2 -net nic, macaddr = 54: 52: 00: 38: 00: fb , vlan = 0 -net tap, fd = 11, script =, vlan = 0, ifname = vnet0 -serial pty -parallel none -usb -vnc -k en-us

If you did not use my manual … Well, first, in vain, and secondly – you still need to learn interface. This can be done through virt-manager or disabling interfaces through iptables, pinging the desired VDS.

So, in the above quotation from me grep above vds10 we run the interface vnet0. To begin torturing her cruelly:
Debian: ~ # wondershaper vnet0 10000 10000
We put the limit for the interface of 10,000 kbit per second download and 10000 on upload. Unfortunately, I have not figured out how to specify the limits in megabits, but it is not so important.

Debian: ~ # wondershaper vnet0
With this command, you can see the statistics on the interface. It is a great and incomprehensible, but still)

Now we have become good and decided to remove the restriction interface (VDSki). Doing
Debian: ~ # wondershaper vnet0 clear
Restriction on the interface no longer applies.

How else can use wondershaper … Well, for example, to limit the total rate of all the VDS server if they use one device bridge (wondershaper br0 100 100) to the host has remained guarantee the free band. Can be grouped into different VDSy bridge (one of the following articles will tell you how) and restrict their speed in groups.

Well conclusions.
This method does not protect any VDS, any host on the encapsulation of traffic. It will not help you survive the 200 megabit ddos ​​one of VDS.
This method in general is useful only if you want to limit the rate of outgoing traffic VDS. To limit the rate of incoming I do not recommend.