Linux Traffic control all tips

TC is very powerful ah, a lot of so-called hardware routers, are based on this.

TC Introduction

In Linux, TC has two control methods CBQ and HTB.HTB are designed to replace CBQ. It is a hierarchical filtering framework. TC consists of three basic constituent blocks: Queue rules Qdisc (queueing discipline), Class (classes), and classifiers (classifiers)

Queue (queueing discipline): Used to control the network transmit and receive speed. With queues, Linux can cache network packets and then smooth network traffic based on the user's settings, as much as possible without interrupting connectivity (such as TCP). It is important to note that Linux does not control the receiving queue well enough, so we generally use only the send queue, that is, "no control". It encapsulates the other two main TC components (classes and classifiers). If the kernel needs to send packets through a network interface, it needs to queue the packets according to the Qdisc (queuing rules) configured for that interface. The kernel then extracts the packets from the Qdisc as much as possible, handing them over to the network adapter driver module.

The simplest qdisc is PFIFO it does not do any processing of incoming packets, and the packets are queued in first-in, first-out way. However, it saves packets that the network interface cannot handle for a while.

The queue rules include FIFO (first-in, pre-out), RED (random early detection), SFQ (random fair queue) and Token bucket (tokens bucket), class-base queue (CBQ), CBQ is a super queue, that is, it can contain other queues (and even other CBQ).

Class is used to represent control policies. Obviously, most of the time, we are likely to implement different traffic control strategies for different IPs, when we have to use different classes to represent different control strategies.

Filter is used to draw the user into a specific control strategy (that is, a different class). For example, now we want to implement a different control strategy for XXA,XXB two IP (A, b), at this time, we can use the filter to xxa into control policy A, the XXB into the control strategy B,filter partition of the flag can be used u32 marking function or iptables Set-mark (mostly using iptables to do the tagging) function.

Currently, the TC can be used by the filter has: Fwmark classifier, u32 classifier, based on the routing of the Classifier and RSVP classifier (for IPV6, IPV4), etc., wherein the fwmark classifier allows us to use the Linux netfilter code to select the traffic, The U32 classifier allows us to select the traffic based on any header. It should be noted that filter (filter) is inside the qdisc and they cannot be used as the main body.

Packet->iptables (when passing iptables, Iptables sets different mark)->TC (Class)->TC (queue) based on different IP

Application

Assume that the eth0 bit is the server's extranet network interface.
1) First in the Eth0 Qdisca,qdisca control through the local to the external network speed, therefore is used to control the server outflow speed
#tc qdisc add dev eth1 root handle 1:htb default 1
Add set interface top handle (for tagging) tag default to use 1 class
This is explained as follows: Both the queue, the class, and the filter have identifiers such as IDs, which generally have parent (parent, upper layer), note that IDs have interface locality, and different network interfaces can have the same ID. For here because Qdisc is at the top, so the parent is none, use ' Root ' to identify, ID with 1: to sign
The default 91′ means that when an IP stream does not meet any of the set filter rules, it is automatically categorized into Class 1. Please refer to the manual for more detailed instructions and rules.
2) Then set up two classes under Qdisc to specify eth0 to control the speed of the native to the outside network

#tc class Add dev eth0 parent 1:0 classid1:30 HTB rate 2mbit ceil 4mbit prio 2

Note: The above is our control output server speed, 2M, the maximum can be 4M

Rate: is the bandwidth value guaranteed by a class. If there is more than one class, ensure that the sum of all child classes is less than or equal to the parent class.

Prio: Used to indicate the competitiveness of borrowing bandwidth, the smaller the prio, the higher the priority, the stronger the competitiveness.

Ceil:ceil is the maximum bandwidth value a class can get.

3) Then set different classes under each root class for different applications. Examples are shown below. (If there is only one class, this is not necessary.)

#tc class Add dev eth0 parent classid 1:31 htbrate 0.5mbit ceil 2mbit prio 3

At the same time, in order not to cause a session to occupy the bandwidth, the node (that is, the application nodes in this article) adds the fair queue sfq. (Multi-IP)

#tc Qdisc Add dev eth0 parent 1:31 handle 31:SFQ perturb 10

4) then add the filter.

#tc filter Add dev eth0 parent 1:protocol Ipprio handle FW flowid 1:31
5) Marking with iptable, you can also use u32 and the like
#iptables-T mangle-i forward-i!eth1-p tcp–sport 80-s xxx.xxx.xxx.xxx–j Mark–set-mark 31
TC control of the highest speed

Rate Ceiling speed limit

The parameter ceil specifies the maximum bandwidth that a class can use to limit how much bandwidth a class can borrow. The default ceil is the same as the rate this feature is useful for ISPs because they generally limit the total number of users being serviced even if other users do not request services. (ISPS very much want the user to pay more money to get better service), note Root class is not allowed to be borrowed, so there is no designation Ceil

Note: The value of ceil should be at least as high as the rate at which it resides, meaning that ceil should be at least as high as any one of its subclasses
Burst Burst network hardware can only send one package at a time this depends only on the rate of one hardware. Link sharing software can take advantage of this ability to dynamically generate multiple connections running at different speeds. So rates and ceil are not an immediate measure but a mean of sending packets in a single time. The real situation is how to make a class with a very small amount of traffic available to other classes at the maximum rate for a certain time class. The burst and Cburst parameters control how much data can be sent effortlessly to other classes of need at the maximum speed of the hardware.

If the Cburst is less than a theoretical packet, the burst does not exceed the ceil rate, and the same method TBF the highest rate.

You may ask why bursts is needed. Because it can be easily raised to the speed on a very congested link. For example, WWW traffic is burst. You visit the homepage. Bursts of acquisition and reading.　　In the idle time burst will again "charge" once. Note: Burst and cburst are at least as large as the values of their subclasses.

TC Command format: join

TC Qdisc [Add | change | replace | link] Dev dev [parent Qdisc-id | root] [handle Qdisc-id] Qdisc [Qdisc specific P Arameters]

TC class [Add | change | replace] Dev dev parent qdisc-id [classid Class-id] qdisc [qdisc specific parameters]

TC Filter [Add | change | replace] Dev dev [parent Qdisc-id | root] Protocol protocol Prio Priority FilterType [Filte Rtype specific parameters] Flowid Flow-id

Show

TC [-S |-d] qdisc show [Dev Dev]

TC [-S |-d] class show Dev dev tc filter show Dev Dev

View the status of TC

Tc-s-D qdisc Show Dev eth0

Tc-s-D class show Dev eth0

Remove TC Rule

TC Qdisc del Dev eth0 root

Example: download

Download limit single IP

TC Qdisc Add dev eth0 root handle 1:htb r2q 1

TC class Add dev eth0 parent 1:classid 1:1 HTB rate 30mbit ceil 60mbit

TC Filter Add dev eth0 parent 1:protocol IP prio u32 match IP DST 192.168.1.2 flowid 1:1

You can limit the download speed of 192.168.1.2 to 30Mbit up to 60Mbit

R2q, refers to the root without default, so that the bandwidth of the entire network is not limited

Download the whole segment of IP

TC Qdisc Add dev eth0 root handle 1:htb r2q 1

TC class Add dev eth0 parent 1:classid 1:1 HTB rate 50mbit ceil 1000mbit

TC Filter Add dev eth0 parent 1:protocol IP prio u32 match IP DST 192.168.111.0/24 flowid 1:1

can limit 192.168.111.0 to 255 of the bandwidth of 3000k, the actual download speed of about 200k.

In this case, all the machines in this segment share the 200k bandwidth.

You can also add a SFQ (random fair queue)

TC Qdisc Add dev eth0 root handle 1:htb r2q 1

TC class Add dev eth0 parent 1:classid 1:1 HTB rate 3000kbit Burst 10k

TC Qdisc Add dev eth0 parent 1:1 handle 10:SFQ perturb 10

TC Filter Add dev eth0 parent 1:protocol IP prio u32 match IP DST 192.168.111.168 flowid 1:1

SFQ, he can prevent an IP in a segment from taking up the entire bandwidth.

Original

Linux Traffic control all tips