Transferred from:
Introduction
TC is used for traffic control of Linux kernel. Traffic control includes the following methods:
Shaping (Restriction)
When the traffic is limited, its transmission rate is controlled below a certain value. The limit value can be much smaller than the valid bandwidth, so that the traffic burst can be smooth and the network is more stable. Shaping only applies to outbound traffic.
Scheduling)
By transmitting scheduled data packets, you can allocate bandwidth within the bandwidth range according to the priority. Scheduling is only suitable for outbound traffic.
Grouping ing (Policy)
Shaping is used to process outbound traffic, while policiing is used to process received data.
Dropping)
If the traffic exceeds a specified bandwidth, the packet is discarded, whether in or out.
Traffic processing is controlled by three types of objects: qdisc (queuing rules), Class (category), and filter (filter ).
Qdisc (queue?
Qdisc (queuing rule) is short for queueing discipline. It is the basis for understanding traffic control. At any time, if the kernel needs to send packets through a network interface, it needs to add the packets to the queue according to the qdisc (queuing rule) configured for this interface. Then, the kernel extracts data packets from qdisc as much as possible and delivers them to the Network Adapter Driver Module.
The simplest qdisc is pfifo, which does not process any incoming data packets. data packets are first-in-first-out in the queue. However, it will save packets that cannot be processed by the network interface at the moment.
Class)
Some qdisc (queuing rules) can contain some categories, and different categories can contain more in-depth qdisc (queuing Rules ), the subdivided qdisc can also queue data packets in the queue. By setting the Departure Order of various types of data packets, qdisc can set the priority of network data traffic.
Filter)
Filters are used to classify data packets and determine which qdisc they follow to enter the queue. Data packets must be classified whenever they enter the category of a subclass. There are multiple classification methods. Using fileter is one of them. When a filter is used for classification, the kernel calls all the filters attached to this class until a decision is returned. If no decision is returned, further processing is performed, and the processing method is related to qdisc.
It should be noted that filters are in qdisc and cannot act as subjects.
Classless qdisc (qdisc cannot be classified)
Non-category qdisc includes:
[P | B] FIFO
Use the simplest qdisc, pure first-in-first-out. There is only one parameter: limit, which is used to set the queue length. pfifo is based on the number of data packets; bfifo is based on the number of bytes.
Pfifo_fast
When compiling the kernel, if the advanced router compilation option is enabled, pfifo_fast is the standard qdisc of the system. Its Queue includes three bands ). Use the FIFO rule in each band. The priority of the three bands is also different. The priority of Band 0 is the highest, and that of Band 2 is the lowest. If the band contains data packets, the system will not process the data packets in band 1. The same is true for Band 1 and Band 2. Data packets are allocated in three bands according to the type of service (ToS.
Red
Red is short for Random Early Detection (Random Early Detection. If this qdisc is used, when the bandwidth usage is close to the specified bandwidth, the system will randomly discard some data packets. It is ideal for high-bandwidth applications.
SFQ
SFQ is short for Stochastic fairness queueing. It sorts the traffic by session (Session-corresponding to each TCP connection or UDP stream) and sends packets for each session cyclically.
TBF
TBF is short for token bucket filter and is suitable for reducing the flow rate to a certain value.
Configuration of qdisc that cannot be classified
If no classifier qdisc is available, the classifier qdisc can only be attached to the root of the device. Their usage is as follows:
TC qdisc add Dev root qdisc QDISC-PARAMETERS
To delete an unclassified qdisc, run the following command:
TC qdisc del Dev Root
If no qdisc is set on a network interface, pfifo_fast serves as the default qdisc.
Classful qdisc (classification qdisc)
Classifier qdisc includes:
CBQ
CBQ is short for Class Based queueing. It implements a rich structure of Connection Sharing categories, including the ability to restrict bandwidth and manage bandwidth priorities. The bandwidth limit is completed by calculating the idle time of the connection. The idle time is calculated based on the frequency of data packet departure events and the bandwidth of lower-layer connections (data link layer.
Htb
Htb is the abbreviation of hierarchy token bucket. Through improvement on the basis of practice, it realizes a rich Connection Sharing category system. Using htb can easily ensure the bandwidth of each category, although it also allows a specific class to break through the upper limit of bandwidth and occupy the bandwidth of other classes. Htb can use TBF (token bucket filter) to limit the bandwidth and classify the priorities.
Prio
Prio qdisc does not limit the bandwidth because packets of different categories are separated sequentially. With PRIO qdisc, you can easily manage the traffic priority. Only data packets of the high-priority type are sent after they are completely sent. To facilitate management, you need to use iptables or ipchains to process the type of service (ToS) of data packets ).
Operating principle
Classes form a tree. Each class has only one parent class, and a class can have multiple child classes. Some qdisc (such as CBQ and htb) allow dynamic addition of classes at runtime, while other qdisc (such as PRIO) do not allow dynamic creation of classes.
The qdisc that allows dynamic addition of classes can have zero or more sub-classes, Which queue data packets.
In addition, each class has a leaf qdisc. By default, this leaf qdisc queues in pfifo mode. We can also use other types of qdisc to replace this default qdisc. In addition, the leaf qdisc can be classified, but each subclass can only have one leaf qdisc.
When a data packet enters a classification qdisc, it is classified into a subclass. We can use the following three methods to classify data packets, but not all qdisc can use these three methods.
TC Filter)
If a filter is attached to a class, related commands query them. The filter can match all the fields of the data packet header, or the tags made by ipchains or iptables.
Type of service)
Some qdisc have built-in rules based on the type of service (ToS) for data packet classification.
SKB-> priority
User space applications can use the so_priority option to set a class ID in the SKB-> priority field.
Each node of the tree can have its own filter, but the high-level filter can also be directly used for its subclass.
If the data packet is not successfully classified, it will be ranked in the leaf qdisc of this class. The relevant details are on the qdisc manual page.
Naming rules
All qdisc, classes, and filters have IDs. The ID can be set manually or automatically assigned by the kernel.
An ID consists of a master serial number and a slave serial number. The two numbers are separated by a colon.
Qdisc
A qdisc is assigned a master serial number, called a handle, and uses the slave serial number as the class namespace. The handle is expressed in the same way as 10. Traditionally, You need to explicitly allocate a handle to qdisc with sub-classes.
Class)
The class in the same qdisc shares the master serial number of the qdisc, but each class has its own serial number, which is called the Class Identifier (classid ). The Class Identifier is only related to the parent qdisc and has nothing to do with the parent class. The naming conventions of classes are the same as those of qdisc.
Filter)
The ID of a filter consists of three parts, which are used only when the filter is hashed. For more information, see the TC-filters manual page.
Unit
All parameters of the TC command can use floating-point numbers, which may involve the following count units.
Bandwidth or flow rate unit:
Kbps
Kilobytes/second
Mbps
MB/second
Kbit
Kbits/s
Mbit
Mbits/s
BPS or a number without Unit
Bytes/second
Data quantity unit:
Kb or K
Kilobytes
MB or m
MB
Mbit
MB
Kbit
Kilobytes
B or a number without Unit
Bytes
Unit of measurement of time:
S, SEC, or secs
Seconds
Ms, msec, or msecs
Minutes
Us, USEC, usecs, or a non-unit number
Microseconds
TC command
TC can use the following command to operate on qdisc, classes, and filters:
Add
Add a qdisc, class, or filter to a node. When adding a parameter, you must pass an ancestor as the parameter. When passing the parameter, you can either use ID or directly pass the root of the device. If you want to create a qdisc or filter, you can use the handle to name it. If you want to create a class, you can use the Class Identifier (classid) to name it.
Remove
Delete the qdisc specified by a handle. The root qdisc (Root) can also be deleted. All sub-classes on the deleted qdisc and filters attached to each class are automatically deleted.
Change
Modify some entries in an alternative way. Except for handle and ancestor, the syntax of the change command is the same as that of the add command. In other words, the change command cannot be a node.
Replace
Delete or add an existing node similar to the atomic operation. If the node does not exist, this command creates a node.
Link
Only applicable to dqisc, replacing an existing node.
History
TC was written by Alexey N. Kuznetsov and incorporated into the Linux kernel from Linux 2.2.
See also
TC-CBQ (8), TC-htb (8), TC-SFQ (8), TC-red (8), TC-TBF (8), TC-pfifo (8), TC-bfifo (8), tc-pfifo_fast (8), TC-filters (8)
Linux supports QoS from kernel 2.1.105. However, you need to recompile the kernel. When running make config, set experimental _ options to Y, set class based Queueing (CBQ), token bucket flow, and traffic shapers to Y, and run make Dep; make clean; make bzilo to generate a new kernel.
In Linux, the traffic controller (TC) is mainly used to set up a queue at the output port for traffic control. The control method is based on routing, that is, traffic control based on the destination IP address or destination subnet network number. The basic function modules of the traffic controller TC are queue, classification, and filter. The queues supported in the Linux Kernel include Class Based Queue, token bucket flow, CSZ, first in first out, priority, teql, SFQ, ATM, and red. The queue and Classification discussed here are based on CBQ (Class Based Queue), while the filter is based on routing (route.
You can configure and use the traffic controller TC in the following aspects: Establish a queue, establish a classification, create a filter, and establish a route, in addition, you also need to monitor existing queues, categories, filters, and routes.
The basic steps are as follows:
1) bind a CBQ queue to network physical devices (such as the ethernet card eth0;
2) create a category on the queue;
3) create a routing-based filter for each category;
4) Finally, work with the filter to create a specific route table.
Assume a simple Environment
The IP address of the Ethernet Card (eth0) on the traffic controller is 192.168.1.66, and a CBQ queue is created on it. Assume that the average packet size is 1000 bytes, the packet interval sending unit is 8 bytes, and the maximum number of packets that can receive conflicting messages is 20 bytes.
If three types of traffic need to be controlled:
1) it is sent to host 1 and its IP address is 192.168.1.24. The traffic bandwidth is controlled at 8 Mbit with a priority of 2;
2) It is sent to host 2 and its IP address is 192.168.1.26. The traffic bandwidth is controlled at 1 Mbit with a priority of 1;
3) it is sent to subnet 1. Its subnet number is 192.168.1.0, and its subnet mask is 255.255.255.0. The traffic bandwidth is controlled at 1 Mbit and the priority is 6.
1. Create a queue
Generally, only one queue is required for one Nic.
Bind a CBQ queue to the network physical device eth0 with the serial number of 1:0. The actual bandwidth of the network physical device eth0 is 10 Mbit, and the average package size is 1000 bytes; the size of the packet interval sending unit is 8 bytes, and the minimum transfer package size is 64 bytes.
? TC qdisc add Dev eth0 root handle 1: CBQ bandwidth 10 Mbit avpkt 1000 cell 8 MPU 64
2. Create a category
The classification is based on the queue. Generally, you need to create a root category for a queue, and then create a subcategory on it. For a classification, the classification takes effect in the order of serial numbers, and smaller serial numbers take precedence. Once a data packet is sent through a classification matching rule, the subsequent classification does not take effect.
1) create a root category:, assign a bandwidth of 10 Mbit, and set the priority to 8.
? TC class add Dev eth0 parent 1:0 classid 1:1 CBQ bandwidth 10 Mbit rate 10 Mbit maxburst 20 allot 1514 PRIO 8 avpkt 1000 cell 8 weight 1 Mbit
The maximum available bandwidth of this queue is 10 Mbit, the actually allocated bandwidth is 10 Mbit, and the maximum number of packets that can receive conflicting messages is 20 bytes; the maximum transmission unit and MAC header size are 1514 bytes, the priority is 8, the average packet size is 1000 bytes, and the packet interval sending unit size is 8 bytes, the weighted rate corresponding to the actual bandwidth is 1 Mbit.
2) create a category of, its parent category is, the allocated bandwidth is 8 Mbit, and the priority level is 2.
? TC class add Dev eth0 parent classid CBQ bandwidth 10 Mbit rate 8 Mbit maxburst 20 allot 1514 PRIO 2 avpkt 1000 cell 8 weight 800 kbit split 1:0 bounded
The maximum available bandwidth of this queue is 10 Mbit, the actually allocated bandwidth is 8 Mbit, and the maximum number of packets that can receive conflicting messages is 20 bytes; the maximum transmission unit and MAC header size are 1514 bytes, the priority is 1, the average packet size is 1000 bytes, and the packet sending unit size is 8 bytes, the weighted rate corresponding to the actual bandwidth is 800 kbit, the separation point of the classification is, And the unused bandwidth cannot be borrowed.
3) create a category of, its parent category is, the allocated bandwidth is 1 Mbit, and the priority is 1.
? TC class add Dev eth0 parent classid CBQ bandwidth 10 Mbit rate 1 Mbit maxburst 20 allot 1514 PRIO 1 avpkt 1000 cell 8 weight 100 kbit split 1:0
The maximum available bandwidth of this queue is 10 Mbit, the actually allocated bandwidth is 1 Mbit, and the maximum number of packets that can receive conflicting messages is 20 bytes; the maximum transmission unit and MAC header size are 1514 bytes, the priority is 2, the average packet size is 1000 bytes, and the packet sending unit size is 8 bytes, the weighted rate corresponding to the actual bandwidth is 100 kbit, and the separation point of the classification is.
4) create a category of, its parent category is, the allocated bandwidth is 1 Mbit, and the priority is 6.
? TC class add Dev eth0 parent classid CBQ bandwidth 10 Mbit rate 1 Mbit maxburst 20 allot 1514 PRIO 6 avpkt 1000 cell 8 weight 100 kbit split 1:0
The maximum available bandwidth of this queue is 10 Mbit, the actually allocated bandwidth is 64 kbit, and the maximum number of packets that can receive conflicting messages is 20 bytes; the maximum transmission unit and MAC header size are 1514 bytes, the priority is 1, the average packet size is 1000 bytes, and the packet interval sending unit size is 8 bytes, the weighted rate corresponding to the actual bandwidth is 100 kbit, and the separation point of the classification is.
3. Create a filter
Filters mainly serve classification. Generally, you only need to provide a filter for the root category and then provide route ing for each subcategory.
1) apply the route classifier to the root of the CBQ queue. The parent classifier number is 1:0. The filtering protocol is IP, the priority is 100, and the filter is based on the route table.
? TC filter add Dev eth0 parent 1:0 Protocol ip prio 100 route
2) create a route ing classification
? TC filter add Dev eth0 parent 1:0 Protocol ip prio 100 route to 2 flowid
? TC filter add Dev eth0 parent 1:0 Protocol ip prio 100 route to 3 flowid :3
? TC filter add Dev eth0 parent 1:0 Protocol ip prio 100 route to 4 flowid
4. Create a route
This route maps to the previously created route.
1) data packets sent to host 192.168.1.24 are forwarded by Classification 2 (Classification 2 at a rate of 8 Mbit)
? IP Route add 192.168.1.24 Dev eth0 via 192.168.1.66 realm 2
2) packets sent to host 192.168.1.30 are forwarded by Category 3 (rate of Category 3: 1 Mbit)
? IP Route add 192.168.1.30 Dev eth0 via 192.168.1.66 realm 3
3) data packets sent to the subnet 192.168.1.0/24 are forwarded by Category 4 (the rate of Category 4 is 1 Mbit)
? IP Route add 192.168.1.0/24 Dev eth0 via 192.168.1.66 realm 4
Note: We recommend that you use IP host address traffic control restrictions for the CIDR blocks directly connected by the traffic controller. Do not use subnet traffic control restrictions. If you need to use the subnet traffic control limit for the directly connected subnet, you must delete the original route established by the system before establishing the subnet route ing.
5. Monitoring
This module monitors the status of existing queues, categories, filters, and routes.
1) display the queue status
Simply display the queue status of the specified device (eth0 here)
? TC qdisc ls Dev eth0
Qdisc CBQ 1: rate 10 Mbit (bounded, isolated) PRIO no-transmit
Displays the queue status of the specified device (eth0 here) in detail.
? TC-s qdisc ls Dev eth0
Qdisc CBQ 1: rate 10 Mbit (bounded, isolated) PRIO no-transmit
Sent 7646731 bytes 13232 Pkts (dropped 0, overlimits 0)
Borrowed 0 overactions 0 avgidle 31 undertime 0
It mainly shows that 13232 data packets are sent through the queue, the data traffic is 7646731 bytes, the number of discarded packets is 0, and the number of packets exceeding the rate limit is 0.
2) display the category status
Simple display of the classification status of the specified device (eth0 here)
? TC class ls Dev eth0
Class CBQ 1: root rate 10 Mbit (bounded, isolated) PRIO no-transmit
Class CBQ parent 1: rate 10 Mbit PRIO no-transmit # No-transmit indicates the priority is 8
Class CBQ parent rate 8 Mbit PRIO 2
Class CBQ parent rate 1 Mbit PRIO 1
Class CBQ parent rate 1 Mbit PRIO 6
Detailed display of the category of the specified device (eth0 here)
? TC-S Class ls Dev eth0
Class CBQ 1: root rate 10 Mbit (bounded, isolated) PRIO no-transmit
Sent 17725304 bytes 32088 Pkts (dropped 0, overlimits 0)
Borrowed 0 overactions 0 avgidle 31 undertime 0
Class CBQ 1:1 parent 1: rate 10 Mbit PRIO no-transmit
Sent 16627774 bytes 28884 Pkts (dropped 0, overlimits 0)
Borrowed 16163 overactions 0 avgid le 587 undertime 0
Class CBQ parent rate 8 Mbit PRIO 2
Sent 628829 bytes 3130 Pkts (dropped 0, overlimits 0)
Borrowed 0 overactions 0 avgid le 4137 undertime 0
Class CBQ parent rate 1 Mbit PRIO 1
Sent 0 bytes 0 Pkts (dropped 0, overlimits 0)
Borrowed 0 overactions 0 avgid le 159654 undertime 0
Class CBQ parent rate 1 Mbit PRIO 6
Sent 5552879 bytes 8076 Pkts (dropped 0, overlimits 0)
Borrowed 3797 overactions 0 avgid le 159557 undertime 0
The data packets sent by different categories, data traffic, number of dropped packets, number of packets exceeding the rate limit, and so on are displayed. Among them, the root category (class CBQ 1:0) should be in a similar situation as the queue.
For example, the classification class CBQ sends 8076 data packets at, the data traffic is 5552879 bytes, the number of discarded packets is 0, and the number of packets exceeding the rate limit is 0.
Display filter status
? TC-s filter ls Dev eth0
Filter parent 1: Protocol IP Pref 100 route
Filter parent 1: Protocol IP Pref 100 route FH 0xffff0002 flowid to 2
Filter parent 1: Protocol IP Pref 100 route FH 0xffff0003 flowid :3 to 3
Filter parent 1: Protocol IP Pref 100 route FH 0xffff0004 flowid :4 to 4
Here, flowid indicates the classification class CBQ, And to 2 indicates sending through Route 2.
Displays the status of an existing route
? IP Route
192.168.1.66 Dev eth0 scope Link
192.168.1.24 via 192.168.1.66 Dev eth0 realm 2
202.102.24.216 Dev ppp0 proto kernel scope link SRC 202.102.76.5
192.168.1.30 via 192.168.1.66 Dev eth0 realm 3
192.168.1.0/24 Via 192.168.1.66 Dev eth0 realm 4
192.168.1.0/24 Dev eth0 proto kernel scope link SRC 192.168.1.66
172.16.1.0/24 Via 192.168.1.66 Dev eth0 scope Link
127.0.0.0/8 Dev lo scope Link
Default via 202.102.24.216 Dev ppp0
Default via 192.168.1.254 Dev eth0
As shown above, the display line with realm at the end is a valid routing filter.
6. Maintenance
It mainly includes adding, modifying, and deleting queues, categories, filters, and routes.
The Add action is generally performed in the order of "queue-> category-> filter-> route". There is no requirement for modifying the action; the deletion is performed in the order of "route-> filter-> category-> queue.
1) queue Maintenance
Generally, for a traffic controller, a queue is configured for each Ethernet card at the factory hour. Generally, no additional, modification, or deletion actions are required for the queue.
2) classification Maintenance
Add
The Add action is implemented using the TC class add command, as shown in the preceding figure.
Modify
The modify action is implemented using the TC class change command as follows:
? TC class change Dev eth0 parent classid CBQ bandwidth 10 Mbit
Rate 7 Mbit maxburst 20 allot 1514 PRIO 2 avpkt 1000 Cell
8 weight 700 kbit split 1:0 bounded
The Bounded command should be used with caution. Once added, the bounded command can only be deleted and then added.
Delete
The Delete action can be performed only when the category does not work. Once data is sent through the category, it cannot be deleted. Therefore, you must use the shell file to modify and restart to delete the file.
3) filter Maintenance
Add
The Add action is implemented using the TC filter add command, as shown in the preceding figure.
Modify
The modify action is implemented using the TC filter change Command, as shown below:
? TC filter change Dev eth0 parent 1:0 Protocol ip prio 100 route
10 flowid
Delete
The Delete action is implemented using the TC filter del command, as shown below:
? TC filter del Dev eth0 parent 1:0 Protocol ip prio 100 route to 10
4) Maintenance of one-to-one ing routing with Filters
Add
The Add action is implemented using the IP Route add command, as shown in the preceding figure.
Modify
The modification action is implemented by the IP route change command as follows:
? IP route change 192.168.1.30 Dev eth0 via 192.168.1.66 realm 8
Delete
The Delete action is implemented using the IP Route del command as follows:
? IP Route del 192.168.1.30 Dev eth0 via 192.168.1.66 realm 8
? IP Route del 192.168.1.0/24 Dev eth0 via 192.168.1.66 realm 4
(The combination of iptables and TC can implement the functions of the router)