Old Doc Pages
Contents
BetterBandwidth Concepts
BetterBandwidth uses 'tc' (a built in Linux tool) to provide traffic shaping for users that have their own network interface. The tc tool on its own does not provide a mechanism for limiting bandwidth usage by uid/user on a shared network interface. BetterLinux has added this functionality into its BetterBandwidth feature. Now admins can limit bandwidth for a single user on a shared server that has a corporate internet connection.
A common problem for web hosts is that one single user with a 1Gbit connection could kill the entire TCP stack. Often the host is unaware that it happens because they use 5 min bandwidth averages to monitor bandwidth on their 1 gig or 10 gig port. But all it takes is a 30 second spike in bandwidth out of 5 mins to make customers angry. And because of the 5 minute average it looks like the peak was around 50Mbits when it easily could have been 500Mbits. Customers will blame it on the server or the hosting company.
Many hosting companies give out IPs just to be able to limit bandwidth. This is an expensive approach. The BetterLinux BetterBandwidth feature can do it without giving out dedicated IPs.
BetterLinux has an apache mod called mod_betterlinux that allows BetterBandwidth to limit bandwidth for all ports for an individual user or group of users like email, FTP, etc is all included. This is a tremendous advantage for a host. BetterBandwidth monitors and controls individual, group, and system-wide bandwidth usage in multi-tenant Linux environments. Administrators can now limit outbound bandwidth as if each user had a dedicated IP address. This lets admins consolidate multiple users onto a single IP, which innovatively addresses the fast-increasing IPV4 IP address shortage.
Configure BetterBandwidth
Follow the BetterBandwidth HOWTO guide for configuring bandwidth limiting
Bandwidth limiting
BetterBandwidth limiting uses the mod_betterlinux Apache module located in in the betterlinux-core-*.rpm , as well as the linux tc method of using the uid classifier to categorize specific user processes. The betterlinux-core-*.rpm is installed by the bl-install script by default and auto-configured for cPanel systems during the betterlinux-cpanel-install script.
cPanel Bandwidth Limiting Setup
During the betterlinux-cpanel-install script installation, the user will answer Y/N to this question:
Install BetterLinux Apache throttling? [y/N]
Selecting yes, will auto-configure and load the apache module mod_betterlinux on a cPanel system.
After the installation is complete, the following parameters and arguments need to be added to the BetterLinux configuration files:
- In /etc/betterlinux/cpud.conf.d/groups.conf the create an interface group. Here's an example:
interface interface-types eth0
- In /etc/betterlinux/cpud.conf.d/betterlinux-cpud.conf add the "bandwidth_limit" parameter wich sets the bandwidth limit by user and interface groups. This parameter also allows the admin to pass in any "tc" command line options. This parameter takes a value in the format:
bandwidth_limit group=GROUP interface_group=INTERFACE_GROUP limit=20mbit
The first switch (group=) value is the name of the user group created in groups.conf. The second switch (interface_group=) value is the name of the interface group defined in groups.conf. The third switch (limit=) is amount of bandwidth allowed for each user defined in the user group. The fifth and "OPTIONAL" switch (tc_command=) takes any tc command line values like this: tc_command=-burst=25mbit -ceil=30mbit
For example, if this parameter is set to:
bandwidth_limit group=cpanel_users interface_group=interface-types limit=20mbit
The result will be 20 megabits bandwidth limiting for the users defined in the bandwidth_users group and for the interfaces defined in the interface_type group.
To enable these settings, restart the BetterCPU daemon:
service cpud restart
non-cPanel Bandwidth Limiting Setup
- Depending on the distribution, edit the apache conf or create a new one under conf.d and add the following:
LoadModule betterlinux_module /usr/lib64/httpd/modules/mod_betterlinux.so <IfModule betterlinux_module> Betterlinux On </IfModule>
Then restart apache.
Using this command will check the mod_betterlinux syntax in the apache .conf file:
apachectl -t -D DUMP_MODULES
- Configure BetterCPU (cpud) by adding or uncommenting the following parameter located in /etc/betterlinux/cpud.conf.d/main.conf
approved_accounting_program /usr/sbin/httpd apache
Please note, the full path to the httpd program is required, and it must be the actual program and not a symlink. Also, be sure to list the user it runs as, whether that is apache, httpd, or different username.
- In /etc/betterlinux/cpud.conf.d/groups.conf the create an interface group. Here's an example:
interface interface-types eth0
- In /etc/betterlinux/cpud.conf.d/main.conf add the "bandwidth_limit" parameter wich sets the bandwidth limit by user and interface groups. This parameter also allows the admin to pass in any "tc" command line options. This parameter takes a value in the format:
bandwidth_limit group=GROUP interface_group=INTERFACE_GROUP limit=20mbit
The first switch (group=) value is the name of the user group created in groups.conf. The second switch (interface_group=) value is the name of the interface group defined in groups.conf. The third switch (limit=) is amount of bandwidth allowed for each user defined in the user group. The fifth and "OPTIONAL" switch (tc_command=) takes any tc command line values like this: tc_command=-burst=25mbit -ceil=30mbit
For example, if this parameter is set to:
bandwidth_limit group=cpanel_users interface_group=interface-types limit=20mbit
The result will be 20 megabits bandwidth limiting for the users defined in the bandwidth_users group and for the interfaces defined in the interface_type group.
To enable these settings, restart the BetterCPU daemon:
service cpud restart
Assigning IP addresses with the dedicated IP address mapper
With multi-homed systems, incoming traffic is directed to the IP address where DNS resolves the domain name. A system with multiple virtual hosts can accept traffic to secondary addresses which, in turn, are assigned to secondary addresses, which are assigned to the system's network adapters.
Without some modification, responses sent from a server in a multi-homed system originate from the host's primary IP address. This makes it difficult to apply bandwidth or connection limits using a server's IP address. Most often, hosting providers work around this problem by implementing some sort of full virtualization solution that provides a unique virtual instance for each client. <KGO> What is the drawback of this solution?
BetterBandwidth uses the dedicated kernel module to provide a more cost-effective, efficient solution for managing bandwidth in multi-homed environments. When used in conjunction with the BetterBandwidth dedicated daemon, the dedicated kernel module allows administrators to assign outgoing traffic to a specific secondary address which, in turn, is assigned to a specific user--all without the overhead of a fully virtualized system. (Both IPv4 and IPv6 are supported.)
To enable this functionality:
- Ensure the dedicated kernel module is loaded:
modprobe dedicated
- Edit /etc/betterlinux/ipv4 and/or /etc/betterlinux/ipv6 to include the specific mappings.
- Restart dedicatedd:
service dedicatedd restart
The IPv4 and IPv6 mapping files are in the following format. Each line contains a single entry.
username|uid: address
The address field can contain either a raw IPv4 or IPv6 address or a DNS name. If the DNS name resolves to more than one address, the kernel randomly selects one of the addresses.
Once configured, the active mappings for IPv4 addresses can be viewed using the following command:
cat /proc/sys/net/ipv4/dedicated
To view mappings for IPv6 addresses, use the following command:
cat /proc/sys/net/ipv6/dedicated
Note: The command output displays the uid rather than the username.
