TC usage instructions in Linux

TC usage instructions in Linux

 

I. Introduction to TC principles

In Linux, the traffic controller Tc (Traffic Control) is used to control traffic in the Linux kernel. It establishes a queue at the output port to control traffic.

Shows the basic principles of Linux traffic control.

 

 

After receiving packets come in from the input interface, ingress discarding does not conform to the specified data packet, which is determined by the input multi-path distributor (input de-multiplexing: if the purpose of receiving a packet is the host, the packet is sent to the upper layer for processing; otherwise, the receiving packet must be forwarded to the forwarding block for processing. The forwarding block also receives packets generated by the upper layer of the host (such as TCP and UDP. The next hop of the processed package is determined by viewing the route table. Then, arrange the packages to send them to the output interface ). Generally, we can only limit the number of NICs.SendPackets, cannot limit the packets received by the network adapter, so we can control the transmission rate by changing the sending order. Linux traffic control is mainly implemented when the output interfaces are arranged.

Ii. TC rules

1. Traffic Control Method

Traffic control includes the following methods:

Shaping (Restriction) when the traffic is restricted, its transmission rate is controlled below a certain value. The limit value can be much smaller than the valid bandwidth, so that the traffic burst can be smooth and the network is more stable. Shaping only applies to outbound traffic.

Scheduling allows you to allocate bandwidth within the bandwidth range according to the priority by transmitting scheduled data packets. Scheduling is only suitable for outbound traffic.

Strategy shaping is used to process outbound traffic, while strategy is used to process received data.

Dropping: if the traffic exceeds a specified bandwidth, the data packet is discarded, whether in or out.

2. Traffic control processing objects

Traffic processing is controlled by three objects:Qdisc (Queuing rules),Class (Category)AndFilter (Filter).

Qdisc (queuing rule) is short for queueing discipline. It is the basis for understanding traffic control.At any time, if the kernel needs to send data packets through a network interface, it must followQdisc (Queuing rules)Add data packets to the queue.Then, the kernel extracts data packets from qdisc as much as possible and delivers them to the Network Adapter Driver Module. The simplest qdisc is pfifo, which does not process any incoming data packets. data packets are first-in-first-out in the queue. However, it will save packets that cannot be processed by the network interface at the moment.

The qdisc category is as follows:

(1), classless qdisc (qdisc cannot be classified)

1> non-category qdisc includes:

[P | B] FIFO

Use the simplest qdisc, pure first-in-first-out. There is only one parameter: limit, which is used to set the queue length. pfifo is based on the number of data packets; bfifo is based on the number of bytes.

Pfifo_fast

When compiling the kernel, if the advanced router compilation option is enabled, pfifo_fast is the standard qdisc of the system. Its Queue includes three bands ). Use the FIFO rule in each band. The priority of the three bands is also different. The priority of Band 0 is the highest, and that of Band 2 is the lowest. If the band contains data packets, the system will not process the data packets in band 1. The same is true for Band 1 and Band 2. Data packets are allocated in three bands according to the type of service (ToS.

Red

Red is short for Random Early Detection (Random Early Detection. If this qdisc is used, when the bandwidth usage is close to the specified bandwidth, the system will randomly discard some data packets. It is ideal for high-bandwidth applications.

SFQ

SFQ is short for Stochastic fairness queueing. It sorts the traffic by session (Session-corresponding to each TCP connection or UDP stream) and sends packets for each session cyclically.

TBF

TBF is short for token bucket filter and is suitable for reducing the flow rate to a certain value.

2> Configuration of qdisc that cannot be classified

If no classifier qdisc is available, the classifier qdisc can only be attached to the root of the device. Their usage is as follows:

TC qdisc add Dev root qdisc QDISC-PARAMETERS

To delete an unclassified qdisc, run the following command:

TC qdisc del Dev Root

If no qdisc is set on a network interface, pfifo_fast serves as the default qdisc.

(2) classful qdisc (classification qdisc)

Classifier qdisc includes:

CBQ

CBQ is short for Class Based queueing. It implements a rich structure of Connection Sharing categories, including the ability to restrict bandwidth and manage bandwidth priorities. The bandwidth limit is completed by calculating the idle time of the connection. The idle time is calculated based on the frequency of data packet departure events and the bandwidth of lower-layer connections (data link layer.

Htb

Htb is the abbreviation of hierarchy token bucket. Through improvement on the basis of practice, it realizes a rich Connection Sharing category system. Using htb can easily ensure the bandwidth of each category, although it also allows a specific class to break through the upper limit of bandwidth and occupy the bandwidth of other classes. Htb can use TBF (token bucket filter) to limit the bandwidth and classify the priorities.

Prio

Prio qdisc does not limit the bandwidth because packets of different categories are separated sequentially. With PRIO qdisc, you can easily manage the traffic priority. Only data packets of the high-priority type are sent after they are completely sent. To facilitate management, you need to use iptables or ipchains to process the type of service (ToS) of data packets ).

Class (class) Some qdisc (queuing rules) can contain some categories, and different categories can contain more in-depth qdisc (queuing rules ), the subdivided qdisc can also queue data packets in the queue. By setting the Departure Order of various types of data packets, qdisc can set the priority of network data traffic.

Filters are used to classify data packets and determine which qdisc they follow to enter the queue. Data packets must be classified whenever they enter the category of a subclass. There are multiple classification methods. Using fileter is one of them. When a filter is used for classification, the kernel calls all the filters attached to this class until a decision is returned. If no decision is returned, further processing is performed, and the processing method is related to qdisc. It should be noted that filters are in qdisc and cannot act as subjects.

3. Operating Principle

Classes form a tree. Each class has only one parent class, and a class can have multiple child classes. Some qdisc (such as CBQ and htb) allow dynamic addition of classes at runtime, while other qdisc (such as PRIO) do not allow dynamic creation of classes. The qdisc that allows dynamic addition of classes can have zero or more sub-classes, Which queue data packets. In addition, each class has a leaf qdisc. By default, this leaf qdisc queues in pfifo mode. We can also use other types of qdisc to replace this default qdisc. In addition, the leaf qdisc can be classified, but each subclass can only have one leaf qdisc. When a data packet enters a classification qdisc, it is classified into a subclass. We can use the following three methods to classify data packets, but not all qdisc can use these three methods.

TC Filter)

If a filter is attached to a class, related commands query them. The filter can match all the fields of the data packet header, or the tags made by ipchains or iptables.

Type of service)

Some qdisc have built-in rules based on the type of service (ToS) for data packet classification.

SKB-> priority

User space applicationsProgramYou can use the so_priority option to set the ID of a class in the SKB-> priority field.

Each node of the tree can have its own filter, but the high-level filter can also be directly used for its subclass.

If the data packet is not successfully classified, it will be ranked in the leaf qdisc of this class. The relevant details are on the qdisc manual page.

4. Naming rules

All qdisc, classes, and filters have IDs. The ID can be set manually or automatically assigned by the kernel. An ID consists of a master serial number and a slave serial number. The two numbers are separated by a colon.

Qdisc

A qdisc is assigned a master serial number, called a handle, and uses the slave serial number as the class namespace. The handle is expressed in the same way as 10. Traditionally, You need to explicitly allocate a handle to qdisc with sub-classes.

Class)

The class in the same qdisc shares the master serial number of the qdisc, but each class has its own serial number, which is called the Class Identifier (classid ). The Class Identifier is only related to the parent qdisc and has nothing to do with the parent class. The naming conventions of classes are the same as those of qdisc.

Filter)

The ID of a filter consists of three parts, which are used only when the filter is hashed. For more information, see the TC-filters manual page.

5. Unit

All parameters of the TC command can use floating-point numbers, which may involve the following count units.

1. bandwidth or flow rate unit:

Kbps kilobytes/second

Mbit/s

Kbit kbits/s

Mbit Mbits/s

BPS or a number in bytes/second

2. Data Volume unit:

Kb or KB

MB or MB

Mbit megabits

Kbit

B or a number in bytes.

3. Unit of measurement of time:

S, SEC, or secs seconds

Ms, msec, or msecs minutes

Us, USEC, usecs, or a non-unit number microsecond

Iii. TC commands

TC can use the following command to operate on qdisc, classes, and filters:

Add

Add a qdisc, class, or filter to a node. When adding a parameter, you must pass an ancestor as the parameter. When passing the parameter, you can either use ID or directly pass the root of the device. If you want to create a qdisc or filter, you can use the handle to name it. If you want to create a class, you can use the Class Identifier (classid) to name it.

Remove

Delete the qdisc specified by a handle. The root qdisc (Root) can also be deleted. All sub-classes on the deleted qdisc and filters attached to each class are automatically deleted.

Change

Modify some entries in an alternative way. Except for handle and ancestor, the syntax of the change command is the same as that of the add command. In other words, the change command cannot be a node.

Replace

Delete or add an existing node similar to the atomic operation. If the node does not exist, this command creates a node.

Link

Only applicable to dqisc, replacing an existing node.

Example:

TC qdisc [add | change | replace | link] Dev [Parent qdisc-ID | root] [Handle qdisc-id] qdisc [qdisc specific parameters]

TC class [add | change | replace] Dev parent qdisc-ID [classid class-id] qdisc [qdisc specific parameters]

TC filter [add | change | replace] Dev [Parent qdisc-ID | root] Protocol protocol PRIO priority filtertype [filtertype specific parameters] flowid flow-ID

TC [-S |-D] qdisc show [Dev]

TC [-S |-D] class show Dev TC filter show Dev

Iv. Specific operations

Linux traffic control is mainly divided into three aspects: establishing a queue, establishing a classification, and creating a filter.

1. The basic steps are as follows:

(1) bind a queue qdisc to a physical network device (such as the ethernet card eth0;

(2) create a classification class on the queue;

(3) create a routing-based filter for each category;

(4) create a specific route table in combination with the filter.

2. simulated environment instance:

The IP address of the Ethernet Card (eth0) on the traffic controller is 192.168.1.66, and a CBQ queue is created on it. Assume that the average packet size is 1000 bytes, the packet interval sending unit is 8 bytes, and the maximum number of packets that can receive conflicting messages is 20 bytes.

If there are three types of traffic to be controlled: 1) It is sent to host 1 and its IP address is 192.168.1.24. Its traffic bandwidth is controlled at 8 Mbit with a priority of 2. 2) it is sent to host 2 and its IP address is 192.168.1.30. The traffic bandwidth is controlled at 1 Mbit and the priority is 1; 3) it is sent to subnet 1, its subnet number is 192.168.1.0, and its subnet mask is 255.255.255.0. The traffic bandwidth is controlled at 1 Mbit and the priority is 6.

1. Create a queue

Generally, only one queue is required for one Nic.

Bind a CBQ queue to the network physical device eth0 with the serial number of 1:0. The actual bandwidth of the network physical device eth0 is 10 Mbit, and the average package size is 1000 bytes; the size of the packet interval sending unit is 8 bytes, and the minimum transfer package size is 64 bytes.

· TC qdisc add Dev eth0 root handle 1: CBQ bandwidth 10 Mbit avpkt 1000 cell 8 MPU 64

2. Create a category

The classification is based on the queue.

Generally, you need to create a root category for a queue, and then create a subcategory on it. For a classification, the classification takes effect in the order of serial numbers, and smaller serial numbers take precedence. Once a data packet is sent through a classification matching rule, the subsequent classification does not take effect.

1) create a root category:, assign a bandwidth of 10 Mbit, and set the priority to 8.

· TC class add Dev eth0 parent 1:0 classid 1:1 CBQ bandwidth 10 Mbit rate 10 Mbit maxburst 20 allot 1514 PRIO 8 avpkt 1000 cell 8 weight 1 Mbit

The maximum available bandwidth of this queue is 10 Mbit, the actually allocated bandwidth is 10 Mbit, and the maximum number of packets that can receive conflicting messages is 20 bytes; the maximum transmission unit and MAC header size are 1514 bytes, the priority is 8, the average packet size is 1000 bytes, and the packet interval sending unit size is 8 bytes, the weighted rate corresponding to the actual bandwidth is 1 Mbit.

2) create a category of, its parent category is, the allocated bandwidth is 8 Mbit, and the priority level is 2.

· TC class add Dev eth0 parent classid CBQ bandwidth 10 Mbit rate 8 Mbit maxburst 20 allot 1514 PRIO 2 avpkt 1000 cell 8 weight 800 kbit split 1:0 bounded

The maximum available bandwidth of this queue is 10 Mbit, the actually allocated bandwidth is 8 Mbit, and the maximum number of packets that can receive conflicting messages is 20 bytes; the maximum transmission unit and MAC header size are 1514 bytes, the priority is 1, the average packet size is 1000 bytes, and the packet interval sending unit size is 8 bytes, the weighted rate corresponding to the actual bandwidth is 800 kbit, the separation point of the classification is, And the unused bandwidth cannot be borrowed.

3) create a category of, its parent category is, the allocated bandwidth is 1 Mbit, and the priority is 1.

· TC class add Dev eth0 parent classid CBQ bandwidth 10 Mbit rate 1 Mbit maxburst 20 allot 1514 PRIO 1 avpkt 1000 cell 8 weight 100 kbit split 1:0

The maximum available bandwidth of this queue is 10 Mbit, the actually allocated bandwidth is 1 Mbit, and the maximum number of packets that can receive conflicting messages is 20 bytes; the maximum transmission unit and MAC header size are 1514 bytes, the priority is 2, the average packet size is 1000 bytes, and the packet interval sending unit size is 8 bytes, the weighted rate corresponding to the actual bandwidth is 100 kbit, and the separation point of the classification is.

4) create a category of, its parent category is, the allocated bandwidth is 1 Mbit, and the priority is 6.

· TC class add Dev eth0 parent classid CBQ bandwidth 10 Mbit rate 1 Mbit maxburst 20 allot 1514 PRIO 6 avpkt 1000 cell 8 weight 100 kbit split 1:0

The maximum available bandwidth of this queue is 10 Mbit, the actually allocated bandwidth is 1 Mbit, and the maximum number of packets that can receive conflicting messages is 20 bytes; the maximum transmission unit and MAC header size are 1514 bytes, the priority is 6, the average packet size is 1000 bytes, and the packet interval sending unit size is 8 bytes, the weighted rate corresponding to the actual bandwidth is 100 kbit, and the separation point of the classification is.

3. Create a filter

Filters mainly serve classification.

Generally, you only need to provide a filter for the root category and then provide route ing for each subcategory.

1) apply the route classifier to the root of the CBQ queue. The parent classifier number is 1:0. The filtering protocol is IP, the priority is 100, and the filter is based on the route table.

· TC filter add Dev eth0 parent 1:0 Protocol ip prio 100 route

2) create a route ing classification

· TC filter add Dev eth0 parent 1:0 Protocol ip prio 100 route to 2 flowid

· TC filter add Dev eth0 parent 1:0 Protocol ip prio 100 route to 3 flowid

· TC filter add Dev eth0 parent 1:0 Protocol ip prio 100 route to 4 flowid

4. Create a route

This route maps to the previously created route.

1) data packets sent to host 192.168.1.24 are forwarded by Classification 2 (Classification 2 at a rate of 8 Mbit)

· IP Route add 192.168.1.24 Dev eth0 via 192.168.1.66 realm 2

2) packets sent to host 192.168.1.30 are forwarded by Category 3 (rate of Category 3: 1 Mbit)

· IP Route add 192.168.1.30 Dev eth0 via 192.168.1.66 realm 3

3) data packets sent to the subnet 192.168.1.0/24 are forwarded by Category 4 (the rate of Category 4 is 1 Mbit)

· IP Route add 192.168.1.0/24 Dev eth0 via 192.168.1.66 realm 4

Note: We recommend that you use IP host address traffic control restrictions for the CIDR blocks directly connected by the traffic controller. Do not use subnet traffic control restrictions. If you need to use the subnet traffic control limit for the directly connected subnet, you must delete the original route established by the system before establishing the subnet route ing.

5. Monitoring

This module monitors the status of existing queues, categories, filters, and routes.

1) displayQueueStatus

Simply display the queue status of the specified device (eth0 here)

· TC qdisc ls Dev eth0

Qdisc CBQ 1: rate 10 Mbit (bounded, isolated) PRIO no-transmit

Displays the queue status of the specified device (eth0 here) in detail.

· TC-s qdisc ls Dev eth0

Qdisc CBQ 1: rate 10 Mbit (bounded, isolated) PRIO no-transmit sent 7646731 bytes 13232 Pkts (dropped 0, overlimits 0) borrowed 0 overactions 0 avgidle 31 undertime 0

It mainly shows that 13232 data packets are sent through the queue, the data traffic is 7646731 bytes, the number of discarded packets is 0, and the number of packets exceeding the rate limit is 0.

2) displayCategoryStatus

Simple display of the classification status of the specified device (eth0 here)

· TC class ls Dev eth0

Class CBQ 1: root rate 10 Mbit (bounded, isolated) PRIO no-transmit class CBQ 1:1 parent 1: rate 10 Mbit PRIO no-transmit # No-transmit indicates the priority is 8 class CBQ parent rate 8 Mbit PRIO 2 class CBQ 3 parent rate 1 Mbit PRIO 1 class CBQ parent rate 1 Mbit PRIO 6

Detailed display of the category of the specified device (eth0 here)

· TC-S Class ls Dev eth0

Class CBQ 1: root rate 10 Mbit (bounded, isolated) PRIO no-transmit sent 17725304 bytes 32088 Pkts (dropped 0, overlimits 0) borrowed 0 overactions 0 avgidle 31 undertime 0 class CBQ parent 1: rate 10 Mbit PRIO no-transmit sent 16627774 bytes 28884 Pkts (dropped 0, overlimits 0) borrowed 16163 overactions 0 avgidle 587 undertime 0 class CBQ parent rate 8 Mbit PRIO 2 sent 628829 bytes 3130 Pkts (dropped 0, overlimits 0) borrowed 0 overactions 0 avgidle 4137 undertime 0 class CBQ parent rate 1 Mbit PRIO 1 sent 0 bytes 0 Pkts (dropped 0, overlimits 0) borrowed 0 overactions 0 avgidle 159654 undertime 0 class CBQ parent rate 1 Mbit PRIO 6 sent 5552879 bytes 8076 Pkts (dropped 0, overlimits 0) borrowed 3797 overactions 0 avgidle 159557 undertime 0

The data packets sent by different categories, data traffic, number of dropped packets, number of packets exceeding the rate limit, and so on are displayed. Among them, the root category (class CBQ 1:0) should be in a similar situation as the queue.

For example, the classification class CBQ sends 8076 data packets at, the data traffic is 5552879 bytes, the number of discarded packets is 0, and the number of packets exceeding the rate limit is 0.

DisplayFilterStatus

· TC-s filter ls Dev eth0

Filter parent 1: Protocol IP Pref 100 route filter parent 1: Protocol IP Pref 100 route FH 0xffff0002 flowid to 2 filter parent 1: protocol IP Pref 100 route FH 0xffff0003 flowid to 3 filter parent 1: Protocol IP Pref 100 route FH 0xffff0004 flowid to 4

Here, flowid indicates the classification class CBQ, And to 2 indicates sending through Route 2.

Show existingRoutingStatus

· IP Route

192.168.1.66 Dev eth0 scope link 192.168.1.24 via 192.168.1.66 Dev eth0 realm 2 unzip Dev ppp0 proto kernel scope link SRC mask 192.168.1.30 via 192.168.1.66 Dev eth0 realm 3 192.168.1.0/24 Via 192.168.1.66 Dev eth0 realm 4 192.168.1.0/24 dev eth0 proto kernel scope link SRC 192.168.1.66 172.16.1.0/24 Via 192.168.1.66 Dev eth0 scope link 127.0.0.0/8 Dev lo scope link default via 202.102.24.216 Dev ppp0 default via 192.168.1.254 Dev eth0

As shown above, the display line with realm at the end is a valid routing filter.

6. Maintenance

It mainly includes adding, modifying, and deleting queues, categories, filters, and routes.

The Add action is generally performed in the order of "queue-> category-> filter-> route". There is no requirement for modifying the action; the deletion is performed in the order of "route-> filter-> category-> queue.

1) queue Maintenance

Generally, for a traffic controller, a queue is configured for each Ethernet card at the factory hour. Generally, no additional, modification, or deletion actions are required for the queue.

2) classification Maintenance

Add

The Add action is implemented using the TC class add command, as shown in the preceding figure.

Modify

The modify action is implemented using the TC class change command as follows:

· TC class change Dev eth0 parent classid CBQ bandwidth 10 Mbit rate 7 Mbit maxburst 20 allot 1514 PRIO 2 avpkt 1000 cell 8 weight 700 kbit split 1:0 bounded

The Bounded command should be used with caution. Once added, the bounded command can only be deleted and then added.

Delete

The Delete action can be performed only when the category does not work. Once data is sent through the category, it cannot be deleted. Therefore, you must use the shell file to modify and restart to delete the file.

3) filter Maintenance

Add

The Add action is implemented using the TC filter add command, as shown in the preceding figure.

Modify

The modify action is implemented using the TC filter change Command, as shown below:

· TC filter change Dev eth0 parent 1:0 Protocol ip prio 100 route to 10 flowid

Delete

The Delete action is implemented using the TC filter del command, as shown below:

· TC filter del Dev eth0 parent 1:0 Protocol ip prio 100 route to 10

4) Maintenance of one-to-one ing routing with Filters

Add

The Add action is implemented using the IP Route add command, as shown in the preceding figure.

Modify

The modification action is implemented by the IP route change command as follows:

· IP route change 192.168.1.30 Dev eth0 via 192.168.1.66 realm 8

Delete

The Delete action is implemented using the IP Route del command as follows:

· IP Route del 192.168.1.30 Dev eth0 via 192.168.1.66 realm 8

· IP Route del 192.168.1.0/24 Dev eth0 via 192.168.1.66 realm 4

Note: Some of the content is from the Internet and copyright belongs to the original author.