Linux tc cbq queue-based traffic management example

According to many documents of TC, I have also compiled a configuration record. In actual use, the effect is good. I would like to share it with you for your reference.
Environment: the local area network is not large enough to support more than 40 machines. Nat Internet sharing (Intranet: eth0 Internet: eth2)
CBQ uses the idle time of hardware to calculate the queue. The hardware is different and the effect is different. It is better to use htb for a large network. The following methods can be used to restrict uploading and downloading by writing scripts. MRTG can be used to detect abnormal streaming volumes, investigate who is doing bad things through ntop, and use the prepared TC script to limit the traffic, avoid affecting others' network usage.

 1) bind a CBQ queue to network physical devices (such as the ethernet card eth0)

# TC qdisc add Dev eth0 root handle 1: CBQ bandwidth 10 Mbit avpkt 1000 cell 8 MPU 64

Bind a CBQ queue to the network physical device eth0 with the serial number of 1:0. The actual bandwidth of the network physical device eth0 is 10 Mbit, and the average package size is 1000 bytes; the size of the packet interval sending unit is 8 bytes, and the minimum transfer package size is 64 bytes.
 
2) create a category on the queue

# TC class add Dev eth0
Parent 1:0 classid 1:1 CBQ bandwidth 10 Mbit rate 10 Mbit maxburst 20
Allot 1514 PRIO 1 avpkt 1000 cell 8 weight 1 Mbit

Create a root category of, assign a bandwidth of 10 Mbit, and set the priority to 1. The maximum available bandwidth of this queue is 10 Mbit, And the actually allocated bandwidth is 10 Mbit. the maximum number of outgoing packets that can receive burst messages is 20 bytes; the maximum transmission unit and MAC header size are 1514 bytes, the priority is 1, the average packet size is 1000 bytes, and the packet interval sending unit size is 8 characters, the weighted rate corresponding to the actual bandwidth is 1 Mbit.
Create subcategory

# TC class add Dev eth0
Parent classid CBQ bandwidth 10 Mbit rate 64 kbit maxburst 20
Allot 1514 PRIO 8 avpkt 1000 cell 8 weight 100 kbit bounded
Create a sub-class, its parent class is, the allocated bandwidth is 64 kbit, and the priority level is 8. The maximum available bandwidth of this queue is 10 Mbit, the actually allocated bandwidth is 64 kbit, and the maximum number of packets that can receive conflicting messages is 20 bytes; the maximum transmission unit and MAC header size are 1514 bytes, the priority is 8, the average packet size is 1000 bytes, and the packet interval sending unit size is 8 bytes, the weighted rate corresponding to the actual bandwidth is 100 kbit, And the unused bandwidth cannot be borrowed.

# TC class add Dev eth0
Parent classid CBQ bandwidth 10 Mbit rate 64 kbit maxburst 20
Allot 1514 PRIO 9 avpkt 1000 cell 8 weight 100 kbit bounded

Create category, its parent category is, the allocated bandwidth is 64 kbit, and the priority is 9. The maximum available bandwidth of this queue is 10 Mbit, the actually allocated bandwidth is 64 kbit, and the maximum number of packets that can receive conflicting messages is 20 bytes; the maximum transmission unit and MAC header size are 1514 bytes, the priority is 9, the average packet size is 1000 bytes, and the packet interval sending unit size is 8 bytes, the weighted rate corresponding to the actual bandwidth is 100 kbit, And the unused bandwidth cannot be borrowed.

3) create a queue in the subcategory underground and use the SFQ random fair queue
# TC qdisc add Dev eth0 parent SFQ quantum 1514b perturb 15
# TC qdisc add Dev eth0 parent :3 SFQ quantum 1514b perturb 15
Under the classification, create a queue and use SFQ to immediately fair the queue

4) create a route-based filter for each category
# TC filter add Dev eth0 parent 1:0 Protocol ip prio 1 u32 Match ip DST 192.111.1.116 flowid
# TC filter add Dev eth0 parent 1:0 Protocol ip prio 1 u32 Match ip DST 192.111.1.66 flowid :3
Restrict the download bandwidth of each IP address, and use the u32 filter to classify the destination address, corresponding to the created queue
To add the download bandwidth of A New restricted IP address, you must first create a new category (for example,) and then create a new SFQ queue based on the new category, use the u32 filter to limit the bandwidth of the destination address.
To limit the download bandwidth for several IP addresses, you need to create several categories, queues, and filters.

 

Restrict upload

# Bind a CBQ queue to the network physical device eth2 with the serial number of. The actual bandwidth of the network physical device eth2 is 2 Mbit, and the average package size is 1000 bytes; the size of the packet interval sending unit is 8 bytes, and the minimum transfer package size is 64 bytes.
# TC qdisc add Dev eth2 root handle 2: CBQ bandwidth 2 Mbit avpkt 1000 cell 8 MPU 64

 

Create a root category of 2 to 2; assign a bandwidth of 2 Mbit and set the priority to 1. The maximum available bandwidth of this queue is 2 Mbit, the actually allocated bandwidth is 2 Mbit, and the maximum number of packets that can receive conflicting messages is 20 bytes; the maximum transmission unit and MAC header size are 1514 bytes, the priority is 1, the average packet size is 1000 bytes, and the packet interval sending unit size is 8 bytes, the weighted rate corresponding to the actual bandwidth is 200 kbit.
# TC class
Add Dev eth2 parent 2: 0 classid 2: CBQ bandwidth 2 Mbit rate 2 Mbit
Maxburst 20 allot 1514 PRIO 1 avpkt 1000 cell 8 weight 200 kbit

 

# Create a category of, its parent category is, the allocated bandwidth is 64 kbit, and the priority level is 8. The maximum available bandwidth of this queue is 2 Mbit, the actually allocated bandwidth is 64 kbit, and the maximum number of packets that can receive conflicting messages is 20 bytes; the maximum transmission unit and MAC header size are 1514 bytes, the priority is 8, the average packet size is 1000 bytes, and the packet interval sending unit size is 8 bytes, the weighted rate corresponding to the actual bandwidth is 100 kbit, And the unused bandwidth cannot be borrowed.
# TC
Class add Dev eth2 parent 2:1 classid 2nd CBQ bandwidth 2 Mbit Rate
64 kbit maxburst 20 allot 1514 PRIO 8 avpkt 1000 cell 8 weight 200 kbit
Bounded

 

# Create a queue under the category, and then use SFQ to create a fair queue
/Sbin/TC qdisc add Dev eth2 parent 2: 2 SFQ quantum 1514b perturb 15

 

# Apply the route classifier to the root of the CBQ queue. The filtering protocol is IP and the priority is 100.
# TC filter add Dev eth2 parent 2: 0 Protocol ip prio 1 handle 2 FW classid 2: 2

 

# Tag data packets. You can use the return method to avoid traversing all rules and speed up processing.
# Iptables-T mangle-A prerouting-I eth0-s 192.111.1.xxx-J mark -- Set-mark 2
# Iptables-T mangle-A prerouting-I eth0-s 192.111.1.xxx-J return

 

# NAT (reference)
# Iptables-T Nat-A postrouting-s 192.111.1.0/24-O eth2-j snat -- to Internet IP Address

# To add the upload bandwidth of A New restricted IP address, you must first create a new category (for example,), then create a new SFQ queue based on the new category, and finally use the route filter, when the filtering protocol is IP, mark the packets whose original IP address is the IP address to be restricted.
To limit the download bandwidth of several IP addresses, you need to create the prerouting chain of the mangle table of several categories, queues, route filters, and iptables.

There are other filters such:
# TC Filter
Add Dev eth0 parent 1:0 Protocol ip prio 100 route to 2 flowid IP
Route add 192.111.1.24 Dev eth0 via 192.111.1.4 realm 2

 

Maintenance
It mainly includes adding, modifying, and deleting queues, categories, filters, and routes.
The Add action is generally performed in the order of "queue-> category-> filter-> route". There is no requirement for modifying the action; the deletion is performed in the order of "route-> filter-> category-> queue.
# Simply display the queue status of the specified device
/Sbin/TC qdisc ls Dev eth0

 

# Display the queue status of a specified device in detail
/Sbin/TC-s qdisc ls Dev eth0

 

# Simply display the category of a specified device
/Sbin/TC class ls Dev eth0

 

# Detailed display of the category of a specified device
/Sbin/TC-S Class ls Dev eth0

 

# Display filter status
/Sbin/TC-s filter ls Dev eth0

# Queue Maintenance
Generally, for a traffic controller, a queue is configured for each Ethernet card at the factory hour. Generally, no additional, modification, or deletion actions are required for the queue.

Classification Maintenance
The Add action is implemented using the TC class add command.
The modify action is implemented using the TC class change command as follows:
/Sbin/TC class change Dev eth0 parent classid CBQ bandwidth 10 Mbit rate 64 kbit maxburst 20 allot 1514 PRIO 8 avpkt 1000 cell 8 weight 100 kbit bounded
The Bounded command should be used with caution. Once added, the bounded command can only be deleted and then added.

# Filter Maintenance

The Add action is implemented using the TC filter add command.
 
The modify action is implemented using the TC filter change Command, as shown below:
/Sbin/TC filter change Dev eth0 parent 1:0 Protocol ip prio 1 u32 Match ip DST 192.111.1.116 flowid

The Delete action is implemented using the TC filter del command, as shown below:
/Sbin/TC filter del Dev eth0 parent 1:0 Protocol ip prio 1 u32 Match ip DST 192.111.1.116 flowid 1:

From: http://www.netren.org/index.php/linux-tc/53-tc-cbq.html