Throttle everyone *except* one host.

[Ken D'Ambrosio]

Hey, all. I've got a geographically dispersed cloud -- the primary
control nodes are in MA, but compute nodes in Ottawa and Texas. I'd like
to throttle all traffic between the sites (said traffic goes through a
single Linux host I'll call a "firewall," though "nexus" would be
closer), EXCEPT for when they go to retrieve images, which reside on a
single server.

So, assuming (for simplicity's sake) that I have:

----------------
| - compute1 |
| - compute2 | - Ottawa/172.28.0.0/16
| - compute3 | 
----------------
 |
------------------------------
| eth0 |
| | - Firewall
| eth1 - 172.17.5.0/24 |
------------------------------
 | \
------------ ----------
| control1 | | image |
| control2 | | server |
------------ ---------- 
172.17.5.9 172.17.5.10 
172.17.5.8 

how would I go about throttling all communications through the host
(say, to 2 Mb/s), except for the image server? I'm afraid my iptables fu
is not strong enough to figure this out with certitude -- which is
something I'd really like to do, as someone's VM saturated our WAN
uplink overnight, and I've got IT mad at me now, so playing
whack-a-spike would be best to be avoided. 

Thanks, 

-Ken 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.gnhlug.org/pipermail/gnhlug-discuss/attachments/20161024/cd1b4bb6/attachment.html