TL;DR 54.231.0.0/16
For those of us with limited upload bandwidth, just plugging an iPhone in for a charge while on home wifi can bring our connection to its knees. As convenient as automatic online backups are, they tend to monopolize all the available bandwidth, and saturating your upload means crippling the download as well (it has to do with buffer bloat, delayed ACKs, and other stuff).
Through some Google-fu I found (one of) the subnet(s) used by iCloud, so that I can easily throttle the upload traffic without imposing a limit on all the upload coming from iOS devices. The subnet is 54.231.0.0/16
.
Thanks to my pfSense router, I put together a nifty set of rules that throttles uploads to that subnet from 8 am to midnight, limiting it to 50% of my available bandwidth. During the night, it is unlimited.
Just a quick overview of what’s needed to do that on pfSense (not a full tutorial, sorry):
- A schedule that defines the times you want the limit to be enabled
- Trafic shaping with a dedicated upload queue with a fixed maximum rate, in addidition the default ones
- A floating rule of type Pass, applied on both WAN and LAN, TCP protocol, destination
54.231.0.0/16
, active during the day, sent to the queue you created earlier w/ the limit enabled.
Actually I have 2 schedules, one for the day and the other for the night, an additional queue for unthrottled iCloud backups and an additional floating rule that is identical to the one above apart from the fact that it is enabled during the night and sends traffic to the unthrottled queue. This allows me to have nice graphs that show only iCloud traffic. Definitely not necessary, but cool.
One reply on “Throttling iCloud’s upload: here is the IP subnet”
Good info but It looks like this has changed:
Amazon.com, Inc. AMAZO-ZL4 (NET-54-230-0-0-1) 54.230.0.0 – 54.231.255.255
But wow, look what Apple is using now for my icloud backups:
CIDR: 17.0.0.0/8
NetName: APPLE-WWNET
NetHandle: NET-17-0-0-0-1
Parent: ()
NetType: Direct Assignment
OriginAS:
Organization: Apple Inc. (APPLEC-1-Z)
Looks like somebody’s got friends at ARIN…