Whether iptables or TC (traffic control) is powerful, it is a network-related tool, so we use these two tools to limit the bandwidth of the port.
1. Use the command ifconfig to view the network card information on the server, such as the network card eth0 is used for external networks, that is, the user through the network card to connect to the system, then we will be limited to the bandwidth of this network card
Ifconfig
2. Establishing the Eth0 queue
TC Qdisc Add dev eth0 root handle 1:htb default 20
Command explanation: Bind a HTB queue on eth0, number 1:0, default collation is 20
3. Set up and classify
TC class Add dev eth0 parent 1:0 classid 1:1 HTB rate 3Mbit
Command explanation: Create root classification on queue 1:0 1:1 speed limit, category HTB, speed limit 3Mbit
4. Create a Category
TC class Add dev eth0 parent 1:1 classid 1:20 HTB rate 2Mbit ceil 3Mbit
Create category 1:20 for parent class with root category 1:1, HTB speed limit 1Mbit max 3Mbit (HTB can borrow other class bandwidth)
5. Add a fair queue
TC Qdisc Add dev eth0 parent 1:20 handle 20:SFQ perturb 10
Command explanation: SFQ is a fair queue that prevents a session from taking up full bandwidth
6. Create a classification filter
TC Filter Add dev eth0 parent 1:20 protocol IP u32 match IP sport 8080 0xffff classid 1:20
Command explanation: Create a filter with number 1:20 in category 1:20 for the parent class, load the U32 module, and specify a port of 8080
So far bandwidth is limited, the maximum bandwidth is 3Mbit, that is, more than 200 k download speed.
7. Delete TC Queue
TC Qdisc del Dev eth0 root
The established queue is removed and the bandwidth is no longer limited.
The above is only using TC to limit the bandwidth, of course, can also be used in conjunction with Iptables, then the sixth step above is not quite the same
6. Create filters and develop handle
TC Filter Add dev EM2 parent 1:0 protocol IP prio 1 handle $ FW classid 1:20
7. Bind a TC queue to a port using iptable
Iptables-t mangle-i postrouting-o eth0-sport 8080-j MARK--set-mark 1000iptables-t mangle-i postrouting-o eth0-sp ORT 8080-j RETURN
The above is the result of the combination of iptables and TC, where the limit is the port, of course, you can also set a target IP only limit the IP bandwidth.
Summarize
The limit is mentioned here is the bandwidth, and download based on the average distribution of connections, for TC, limit 200k, a connection that speed is 200k, if two connections become 100k one, and iptables, if a connection is full of 200k bandwidth, Then the second connection is rejected directly.
Ultimately, if you only want to download all the connections to the application, each connection is limited to 200k download speed, it is best to apply the server itself to limit.
This article was reproduced from: http://www.fullstacks.cn/archives/423
Iptables and TC-to-port bandwidth throttling in "Go" Linux port speed limit