My company restricted the network speed by IP as 200K. That mean my maximum download speed is 200K per second. However, since the restriction is IP based, I can install a virtual machine and set its network mode as bridged. Then I can download at the speed of 200K in the guest and host at the same time (for different files). Now my question is, I can add multiple virtualized network card to my virtual machine, but how can I actually get the maximum speed? It seems that just add those network cards is not enough (I still got 200K). Thanks.
4
-
1possible duplicate of I have 4 Ethernet RJ45 ports which were limited to 200KB per second. How to use all 4 ports to speed up my network connection?– misterjayteeCommented Nov 17, 2013 at 11:46
-
2@misterjaytee This is a fundamentally different question. The original question was about Ethernet. This is about IP.– BradCommented Nov 17, 2013 at 17:57
-
@user2996423 You can simply multi-home your network adapter, but this doesn't magically make things faster since connections can only be made on one endpoint at a time.– BradCommented Nov 17, 2013 at 17:58
-
The question was about the same underlying problem from the same user - I believed it was worth flagging as such. If the user's question had changed due to new information, then it would have been better to amend the original question.– misterjayteeCommented Nov 18, 2013 at 22:47
Add a comment
|
3 Answers
Schemes to combine multiple download channels to increase a single pc download speed are not likely to improve your situation, whether you realize them with multiple VMs or with several Ethernet ports.
The reason is not that you only have one single IP port to go through (because most likely these are Gigabit ports, given that you mention in your other post having 4 distinct ports); all the reasons why this fails are summarized in this good AskUbuntu post.
And adding multiple VMs to the picture can only make your life more difficult.
However, it is my experience that many people delegated to implement such restrictive policies often do a hacked job of it, so that it is moderately easy to find creative ways around this. Let me give you a couple of ideas.
1) Use one VM with a bridged connection and a static IP. You stated that the policy is IP based, it is possible some machines are not subject to such restrictions. For instance, your IT people might have segregated fast IPs from slow IPs by IP range. By using a static IP you are able to explore whether this segregation can be circumvented. Just be careful because some systems record MAC addresses so that next time you connect to the system you are applied the same rules as the first time. It might be wise to introduce a program (macchanger) which changes randomly the VM's ethernet MAC address.
2) Some such policies are not suitably configured to deal with VPNs and encrypted traffic. Set up a VPN to any other place (home? girlfriend's place?) and try that. Or try one of the commercial services like Hamachi, LogMeIn, taking advantage of a free trial period, if any is offered.
answered Nov 17, 2013 at 13:25
-
suggestions 2 won't work: the vpn is tunneled over his existing connection. the packet-filter of his network-operators will kick packets from that ip, no matter what the payload (vpn-packets) will be. in suggestion 1 you are basically describing what OP has already tried: multiple vms and the system-os, all running over the same physical nic and all have their own IP. his problem is: how to trunk them together, bundled ethernet over IP, so to speak :)– akiraCommented Nov 17, 2013 at 16:43
-
@akira Not correct: in suggestion 1, I hint that he should change static IP until he finds one that is not limited in speed; I am not suggesting he tries to distribute load across different machines. In suggestion 2, what you say is correct if the sysadm has really done what he says he has done. But if he has just limited port 80 traffic, or some such thing, using port 1194 will bring much solace to the unjustly afflicted. Commented Nov 17, 2013 at 16:47
-
every ip he gets from his network is limited by x. it does not matter if that is a static one or one that is given to him by dhcp. one ip -> limited. ok, you are suggesting in 1) that he should try every possible of the 254 ip's in his network (or more, depends obviously on the network topology). i doubt that OP's network operators kept some ip's unlimited just to .. keep them unlimited. but, yeah, one might try that.– akiraCommented Nov 17, 2013 at 16:52
-
@akira In fact, I am suggesting he does not require an IP address from the network, just that he takes it. This is what you do when you choose your own static IP.... Actually, I am not suggesting that he tries all of them: with wireshark's help, he can narrow down the search quite a lot, but that requires a flight of fancy. Commented Nov 17, 2013 at 16:55
-
OP has to pick an IP from the same IP network that gets through the router OP is attached to, otherwise OP's packets won't be routed. I was not refering to DHCP by my "it's in the network". sure: Op can use wureshark to have a look what other stuff is yelling through his Ethernet but I suspect that will be of rather limited use.– akiraCommented Nov 17, 2013 at 17:57
If I'm not mistaken, bridging will have the effect that your system responds to incoming traffic from two MAC addresses. So it will get two IPs via DHCP (one for your physical system, another for your VM).
In Ethernet/TCP/IP, the MAC address is the only standard way to uniquely identify hardware from a remote end, and things like ARP, etc. completely depend on the answerer to be honest with the MAC address.
If the IP address is truly the factor by how they are limiting traffic, then your physical machine and VM should each be able to download up to 200Kbps/sec.
No, you cannot "combine" your VM NIC and real NIC to get 400Kbps/sec. TCP doesn't work with multiple simultaneous endpoints and a single connection must live on a single NIC for its duration. A protocol using UDP or plain IP could but that intelligence would have to be built into the protocol AND used by both sides (client and server), and there is no common protocol in use that does that.
It is possible that:
Depending on your company's setup, they may be actually limiting the bandwidth per corporate switch port, in which case this wouldn't work.
I think VMWare has its own OUI it uses for MAC addresses, so depending on your company's setup, they could "block" virtual NICs by MAC. You could circumvent this by manually assigning a MAC with an OUI of a real NIC manufacturer (3Com, e.g.) to the VM NIC.
Enterprise-level switches (what your Ethernet jack in your office leads to) have traffic counters. They can tell you are using more bandwidth at your jack than usual by looking at them. Alarms (SMTP traps) and such can be set on them.
answered Nov 17, 2013 at 15:45
No matter how many virtual machines you have, in the end every packet has to go through your physical network card and its IP address. That IP address is rate-limited.
If the network administrator is security-minded there will be a list of MAC addresses that are allowed on the internal network. Each of those would get a single IP address. NICs with an unknown MAC address could be denied an IP address or could be connected to a separate "guest" network that has no access to internal resources.
Basically you have two options;
- Ask the administrator nicely for more bandwidth
- Adding more physical network cards to your machine and agregate them.
Note that in some jurisdictions trying to circumvent access restrictions is illegal. It could get you fired or worse.
-
a nic can have multiple IPs assigned. OP is not tunneling over one IP but have one nic with multiple IPs.– akiraCommented Nov 17, 2013 at 16:00
-
nevetheless are your first 2 sentences wrong because that is not the situation that OP is facing. mac-filtering is worthless because i can assign any mac i like to my nic(s). i can also self-assign any IP to my nics. one can do a lot of fancy stuff with nics and macs and ip addresses all day long: the real problem for OP is en.wikipedia.org/wiki/Link_aggregation over multiple IPs. end of story. also: bridging does not help either because the traffic is limited per IP, not per nic.– akiraCommented Nov 17, 2013 at 16:24
-
1While you can indeed assign any MAC address you want, that doesn't help you if a finite list of allowed MAC addresses is used. You'd have to pick a valid MAC address from that list, which could easily be discovered because then another device would stop working. Commented Nov 17, 2013 at 16:32
-
not the point. the situation for OP is as he described. you can come up with any scheme you want: OP's network operators limit speed per IP. end of story. look @ultrasawblade's answer to get an idea of how vm-bridging works (multiple macs per nic). the reason why OP's problem is hard to overcome is the state-nature of of tcp works and how packtes of an established connection pick their route.– akiraCommented Nov 17, 2013 at 16:36