TC + HTB traffic control in linux

Article title: TC + HTB traffic control in linux. Linux is a technology channel of the IT lab in China. Includes basic categories such as desktop applications, Linux system management, kernel research, embedded systems, and open source.

The C rule involves the QUEUE classifier (CLASS) FILTER. the flags of the filter can be implemented using the set-mark of U32 or iptables) generally, "sending control" does not control two NICs in linux. one eth1 is the Internet, and the other eth0 is the intranet. run HTB on eth0. (Note: The filter flag can be u32 or iptables set-mark. if iptables is used for marking, the lower-speed LV is controlled at eth0, however, the marking should be performed before entering eth0. Therefore, "-I eth1"; example:

The main command is as follows: Create an HTB root

1. tc qdisc add dev eth0 root handle 1: htb default 20 creates an HTB class. the traffic limit is limited here and an emergency is set.

2. tc class add dev eth0 parent 1: classid htb rate 200 kbit (rate) ceil 200 kbit burst 20 k (burst traffic)

Create a filter rule to filter out the data to limit traffic and send it to the above class to limit the speed of 3.tc filter add dev eth0 parent 1: prio 1 (priority) protocol ip u32 match ip sport 80 0 xfff flowid 1:1

Note: Keep interactive data packets with a low latency and obtain idle bandwidth first, for example:

Ssh telnet dns quake3 irc ftp controls smtp commands and SYN-tagged data packets. In order to ensure that the upstream data stream does not harm the downstream stream, the ACK packet must be placed before the queue, because the ACK of the downstream data must compete with the same row of stream.

TC + IPTABLES + HTB + SFQ

1 TCP/IP protocol stipulates that each packet must have a backend message of ACKNOWLEDGE. that is to say, a message reply is required for the transmitted data to determine the subsequent transmission speed, and decide whether to re-transmit the lost data. part of the uplink bandwidth is used to transmit the ACK data. when the uplink bandwidth is large, the ACK data transmission speed and download speed will be affected,

2. the test proves that when the upload is full, the download speed becomes 40% or even lower, because the Upload file (including ftp upload and email SMTP) is large, A single traffic volume makes the bandwidth overhead packets and all data packets queue and wait according to the first-in-first-out principle, this explains why the entire network speed becomes slow when someone uploads a file or sends a large email over ftp.

Solution speed:

1. to solve these speed problems, the data passing through the line is distributed in a regular manner. by transferring the bandwidth bottleneck to our LINUX router, we can control the bandwidth a little less than the bandwidth we purchased. in this way, we can easily use tc technology to distribute and control the passed data.

Our imagination is like a driveway on the road. there are high-speed lanes, small lanes, large lanes, and high-speed syn ack icmp ssh, ftp-data and smtp, which require a large amount of transmission, cannot block the entire road.

In linux, the TC (traffic control) has such a role. if properly controlled, it will certainly have obvious results. The combination of tc and iptables is the best combination of simple application methods.

We set filters to use iptables to classify data packets. because iptables is more flexible and can also set counters for each rule, iptables uses the mangle chain to mark data packets and tells the kernel, the data packet has a specific FWMARK mark value (handle x fw) indicating that it should be sent to that class (classid x: x), and prio is the priority value, indicates that important data should first pass through that channel. First, select queue (htb ),

Generally, the first-in-first-out queue of the first-in-first-out queue is used by default, that is, the packet is first-in-first-out, the subsequent package can only be sent after the previous package is sent, so that even if it is a small ack package, it will wait, so that the upload will affect the download, even if you have a large download bandwidth, you can't do anything about it.

HTB (Hierarchical token bucket, layered token bucket), which works like CBQ, but does not rely on calculation of idle time. it is a classification token bucket filter ., it has few parameters.

Structure Diagram: 1:

~~~~~~~~~~~~~~~~ '~~~~~

~~~~~~~ _________ 1:1 ~~~~~~~~~ ________

| ~~~ | ~~~~ | ~~~~ | ~~~~~ | ~~~~~~~~ | ~~~~~~~~ | ~~~~~~~ |

~~~ ~~~~~~~~~~~~ ~~~ ~~~ ~~ 1: 24

Priority:

Based on the above example, start the script:

Parameter description:

Rate: The bandwidth value guaranteed by a class. if there are more than one class, make sure that the sum of all subclasses is less than or equal to the parent class,

Ceil: ceil is the maximum bandwidth value of a class.

Prio: it is the priority setting. the greater the value, the smaller the priority. if it is to allocate the remaining bandwidth, the smaller the value will give priority to the remaining idle bandwidth.

Generally, it is about 50%-80% for big data, and ceil is recommended to not exceed 85% to avoid a session occupying too much bandwidth.

Rate can be allocated according to various types of requirements:

Is a very small and most important data packet channel. of course, it must be divided into multiple vertices, or even occupied first if necessary, but it generally does not. Therefore, full speed is given.

Is a very important data path. you can give at least half of the data to multiple points, but you can add more points when necessary.

Rate Planning = + + + is generally around 50%-80%.

Http, pop is the most commonly used. for the sake of too many people, blocking is caused, and we cannot give too much or too little.

I plan to use it for smtp. the priority is lower than to prevent large attachments from occupying a large amount of bandwidth.

I plan to give ftp-data. like, it is very likely that a large number of files will be uploaded. Therefore, the rate cannot be too large, while other files can be larger when there is surplus, ceil settings are larger.

Is an indifferent channel, which is generally not the channel we usually need at work, give small points to prevent these people from interfering with normal work needs.

Uplink 320 K, with a pin lower than the theoretical value.

DEV = "PPP0"

UPLINK ink = 300

The downstream downlink 3200K is about half the bandwidth, so that more connections can be obtained.

DOWNLINK = 1500

1. a root queue was added, and all data packets that are not classified follow this as the default class:

Tc qdisc add dev $ DEV parent 1: htb default 24

1.1 add a main class 1 under the root team: the speed is $ UPLINK k

Tc cladd add dev $ DEV parent 1: classid 1:1 htb rate $ {UPLINK} kbit ceil $ {UPLINK} kbit prio 0

1.1.1 create the first leaf class under trunk class 1. this is the highest priority class, which requires a high-priority and high-speed packet to take this channel, such as syn ack icmp.

Tc class add dev $ DEV parent classid htb rate $ {$ uplink} kbit ceil $ {uplink} kbit prio 1

1.1.2 create the second leaf category under main class 1, which is a next-highest priority class, such as our important CRM data.

Tc class add dev $ DEV parent classid htb rate $ {$ uplink-150} kbit ceil $ {uplink-50} kbit prio 2

1.2 create a secondary stem class classid under the root class. all the following priorities of the primary class are lower than those of the primary class to prevent important data congestion.

Tc class add dev $ DEV parent 1: classid htb rate $ {$ UPLINK-150] kbit prio 3

[1] [2] [3] Next page