GridFTP Bandwidth Limiting

GridFTP Bandwidth Limiting

Tim Pinkawa

Revision History
Revision 1.02009-02-03tim
Initial document.


The provided shell script allows user-specified bandwidth limiting for outgoing traffic on a given port range using networking features of the Linux 2.6 kernel.


  • Super user (root) access

  • Linux 2.6 kernel with Netfilter support

  • iptables (provided by the iptables package on most distributions, more information available here.)

  • tc (provided by the iproute package on most distributions, more information available here.)


As root: rate

rate is passed directly to tc which allows all valid tc rate units to be used, for example:

  • 50kbps (50 kilobytes per second)

  • 1mbps (1 megabyte per second)

  • 512kbit (512 kilobits per second)

  • 5mbit (5 megabits per second)

See the tc(8) manual page, section UNITS for complete information.

The GLOBUS_TCP_SOURCE_RANGE environment variable must be set to specify the TCP port range that will be affected. The variable should be set in the format "lowport,highport". See GridFTP Firewall requirements for more information.


The bandwidth limiting process consists of three commands. First, a rule is created using iptables to classify all TCP traffic in the port range specified by the GLOBUS_TCP_SOURCE_RANGE environment variable with a class 1:1 which will be used by tc. tc adds a queuing discipline (qdisc) chained off the root queue with a handle of 1:0. Finally, a tc class is added off the qdisc created in the previous command with a class ID 1:1 and a rate specified by the user.

If you already use tc...

If you have existing tc infrastructure set up, it is important that you verify that this script's use of the handle 1:0 and class ID 1:1 do not conflict with existing configurations.


By default, the script applies bandwidth limiting to the eth0 interface. If you are using another network interface, the IFACE variable should be updated in the script to reflect your desired network interface.