Iptables and TC-to-port bandwidth throttling in "Go" Linux port speed limit

Whether iptables or TC (traffic control) is powerful, it is a network-related tool, so we use these two tools to limit the bandwidth of the port.

1. Use the command ifconfig to view the network card information on the server, such as the network card eth0 is used for external networks, that is, the user through the network card to connect to the system, then we will be limited to the bandwidth of this network card

Ifconfig

2. Establishing the Eth0 queue

TC Qdisc Add dev eth0 root handle 1:htb default 20

Command explanation: Bind a HTB queue on eth0, number 1:0, default collation is 20

3. Set up and classify

TC class Add dev eth0 parent 1:0 classid 1:1 HTB rate  3Mbit

Command explanation: Create root classification on queue 1:0 1:1 speed limit, category HTB, speed limit 3Mbit

4. Create a Category

TC class Add dev eth0 parent 1:1 classid 1:20 HTB rate 2Mbit ceil 3Mbit

Create category 1:20 for parent class with root category 1:1, HTB speed limit 1Mbit max 3Mbit (HTB can borrow other class bandwidth)

5. Add a fair queue

TC Qdisc Add dev eth0 parent 1:20 handle 20:SFQ perturb 10

Command explanation: SFQ is a fair queue that prevents a session from taking up full bandwidth

6. Create a classification filter

TC Filter Add dev eth0 parent 1:20 protocol IP u32 match IP sport 8080 0xffff classid 1:20

Command explanation: Create a filter with number 1:20 in category 1:20 for the parent class, load the U32 module, and specify a port of 8080

So far bandwidth is limited, the maximum bandwidth is 3Mbit, that is, more than 200 k download speed.

7. Delete TC Queue

TC Qdisc del Dev eth0 root

The established queue is removed and the bandwidth is no longer limited.

The above is only using TC to limit the bandwidth, of course, can also be used in conjunction with Iptables, then the sixth step above is not quite the same

6. Create filters and develop handle

TC Filter Add dev EM2 parent 1:0 protocol IP prio 1 handle $ FW classid 1:20

7. Bind a TC queue to a port using iptable

Iptables-t mangle-i postrouting-o eth0-sport 8080-j MARK--set-mark 1000iptables-t mangle-i postrouting-o eth0-sp ORT 8080-j RETURN

The above is the result of the combination of iptables and TC, where the limit is the port, of course, you can also set a target IP only limit the IP bandwidth.

Summarize

The limit is mentioned here is the bandwidth, and download based on the average distribution of connections, for TC, limit 200k, a connection that speed is 200k, if two connections become 100k one, and iptables, if a connection is full of 200k bandwidth, Then the second connection is rejected directly.

Ultimately, if you only want to download all the connections to the application, each connection is limited to 200k download speed, it is best to apply the server itself to limit.

This article was reproduced from: http://www.fullstacks.cn/archives/423

Iptables and TC-to-port bandwidth throttling in "Go" Linux port speed limit