How to Limit the Network Bandwidth Used by Applications in a Linux System with Trickle

Have you ever encountered situations where one application dominated you all network bandwidth? If you have ever been in a situation where one application ate all your traffic, then you will value the role of the trickle bandwidth shaper application. Either you are a system admin or just a Linux user, you need to learn how to control the upload and download speeds for applications to make sure that your network bandwidth is not burned by a single application.

Bandwidth limit in Linux

Install Trickle Bandwidth Limit in Linux

What is Trickle?

Trickle is a network bandwidth shaper tool that allows us to manage the upload and download speeds of applications in order to prevent any single one of them to hog all (or most) of the available bandwidth. In few words, trickle lets you control the network traffic rate on a per-application basis, as opposed to per-user control, which is the classic example of bandwidth shaping in a client-server environment, and is probably the setup we are more familiar with.

How Trickle Works?

In addition, trickle can help us to define priorities on a per-application basis, so that when overall limits have been set for the entire system, priority apps will still get more bandwidth automatically. To accomplish this task, trickle sets traffic limits to the way in which data is sent to, and received from, sockets using TCP connections. We must note that, other than the data transfer rates, trickle does not modify in any way the behavior of the process it is shaping at any given moment.

What Can’t Trickle do?

The only limitation, so to speak, is that trickle will not work with statically linked applications or binaries with the SUID or SGID bits set since it uses dynamic linking and loading to place itself between the shaped process and its associated network socket. Trickle then acts as a proxy between these two software components.

Since trickle does not require superuser privileges in order to run, users can set their own traffic limits. Since this may not be desirable, we will explore how to set overall limits that system users cannot exceed. In other words, users will still be able to manage their traffic rates, but always within the boundaries set by the system administrator.

In this article we will explain how to limit the network bandwidth used by applications in a Linux server with trickle. To generate the necessary traffic, we will use ncftpput and ncftpget (both tools are available by installing ncftp) on the client (CentOS 7 server – dev1: 192.168.0.17), and vsftpd on the server (Debian Wheezy 7.5 – dev2: 192.168.0.15) for demonstration purposes. The same instructions also works on RedHat, Fedora and Ubuntu based systems.

Prerequisites

1. For RHEL/CentOS 7/6, enable the EPEL repository. Extra Packages for Enterprise Linux (EPEL) is a repository of high-quality free and open-source software maintained by the Fedora project and is 100% compatible with its spinoffs, such as Red Hat Enterprise Linux and CentOS. Both trickle and ncftp are made available from this repository.

2. Install ncftp as follows:

# yum update && sudo yum install ncftp		[On RedHat based systems]
# aptitude update && aptitude install ncftp	[On Debian based systems]	

3. Set up a FTP server in a separate server. Please note that although FTP is inherently insecure, it is still widely used in cases when security in uploading or downloading files is not needed. We are using it in this article to illustrate the bounties of trickle and because it shows the transfer rates in stdout on the client, and we will leave the discussion of whether it should or should not be used for another date and time :).

# yum update && yum install vsftpd 		[On RedHat based systems]
# aptitude update && aptitude install vsftpd 	[On Debian based systems]

Now, edit the /etc/vsftpd/vsftpd.conf file on the FTP server as follows:

anonymous_enable=NO
local_enable=YES
chroot_local_user=YES
allow_writeable_chroot=YES

After that, make sure to start vsftpd for your current session and to enable it for automatic start on future boots:

# systemctl start vsftpd 		[For systemd-based systems]
# systemctl enable vsftpd
# service vsftpd start 			[For init-based systems]
# chkconfig vsftpd on

4. If you chose to set up the FTP server in a CentOS/RHEL 7 droplet with SSH keys for remote access, you will need a password-protected user account with the appropriate directory and file permissions for uploading and downloading the desired content OUTSIDE root’s home directory.

You can then browse to your home directory by entering the following URL in your browser. A login window will pop up prompting you for a valid user account and password on the FTP server.

ftp://192.168.0.15

If the authentication succeeds, you will see the contents of your home directory. Later in this tutorial you will be able to refresh that page to display the files that have been uploaded during previous steps.

FTP Directory Tree

FTP Directory Tree

Best Affordable Linux and WordPress Services For Your Business
Outsource Your Linux and WordPress Project and Get it Promptly Completed Remotely and Delivered Online.

If You Appreciate What We Do Here On TecMint, You Should Consider:

  1. Stay Connected to: Twitter | Facebook | Google Plus
  2. Subscribe to our email updates: Sign Up Now
  3. Get your own self-hosted blog with a Free Domain at ($3.45/month).
  4. Become a Supporter - Make a contribution via PayPal
  5. Support us by purchasing our premium books in PDF format.
  6. Support us by taking our online Linux courses

We are thankful for your never ending support.

Gabriel Cánepa

Gabriel Cánepa is a GNU/Linux sysadmin and web developer from Villa Mercedes, San Luis, Argentina. He works for a worldwide leading consumer product company and takes great pleasure in using FOSS tools to increase productivity in all areas of his daily work.

Your name can also be listed here. Got a tip? Submit it here to become an TecMint author.

RedHat RHCE and RHCSA Certification Book
Linux Foundation LFCS and LFCE Certification Preparation Guide

You may also like...

17 Responses

  1. abu says:

    can i use this in cpanel server to throttled a specific user ?

  2. hafuz says:

    Hi,
    How to limite bandwidth only when needed.

    Ex: I want use app1 to download on a system with total bandwidth of 800 ko/s
    # trickle -d 600 foo_app1
    To let 200 ko/s to other apps.
    How call ‘trickle’ to tell it to use all Bandwidth when other app are finish to use bandwidth remaining ?
    I haven’t see no options in man page.
    Perhaps another app do that?
    Thanks

  3. Sandip Singh says:

    Hi,

    How can i change the transfer rate if ftp? please reply to my mail id.

    Sandip Singh

  4. cybernard says:

    If any user figures out how to run your app without trickle your bandwidth management no longer works. You need method that are part of the kernel for proper bandwidth management.

    • @cybernard,
      Would you be as kind as to share a specific example of how an user would be able to do that? Please notice that we covered this possibility near the bottom of the article. If you make an experiment and are able to fool trickle, please report back with the specifics so we can edit the article accordingly. Thank you!

  5. Terry says:

    This is very interesting but a bit redundant. Cgroups (control groups) is built into the kernel and provides awesome control over an application’s usage of not only network but mem, CPU, disk I/o and more. This is taken to the next level by containers and docker which provide better tooling and automation to make more easily use cgroups and other plumbing built into the os.
    I highly recommend spending your time learning docker and the other container tooling as this is the future for better designed apps and this skill set is in VERY high demand right now.

    • @Terry,
      Thanks for taking the time to share such a well-supported and informative comment. You are SO right about docker. The reason why we published this article is because it outlines the basics of network bandwidth shaping. We will consider writing and publishing a docker series in the near future once we’re done with the RHCSA and RHCE series.

  6. Chetan says:

    Hello

    Trickled can work along side Default TC-HTB-QoS class rules ?

  7. Thanks for sharing your thoughts on bandwidth
    limit in linux. Regards

  8. Sandeep says:

    Will it control smtp or postfix ?

Leave a Reply to Terry Cancel reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.