Many small and medium-sized enterprises server access bandwidth is often only 10Mbps usually servers also run other services, such as the DNS service, when the site is large and many people download at the same time, the bandwidth is easily exhausted, resulting in server delay increase or drop packets. How do I limit the speed of 80 ports and ensure that other services work?
You can use the TC command to adjust restrictions on the ports and servers specified on the server.
Token Bucket (TB)
A token bucket is a common algorithm used to control the amount of data entering the network, allowing data bursts to be sent. It is used for network traffic control or rate limiting. With the token bucket, you can define the maximum rate of traffic allowed on an interface at a given time.
tokens/sec | | | | Bucket to | | to hold b tokens +======+=== ==+ | | | \|/ packets | +============+stream | ---> | token wait | ---> Remove token ---> eth0 | +============+
The TB filter puts tokens into the bucket at a certain rate.
Each token was permission for the source to send a specific number of bits into the network.
Bucket can hold B tokens as per shaping rules.
Kernel can send packet if you ' ve a tokens else traffic need to wait.
How do I use the TC command?
650) this.width=650; "title=" Warning examples requires good understanding of TCP/IP and other networking concepts "src=" HT Tp://figs.cyberciti.biz/warning-40px.png "style=" margin:10px 0px;padding:0px;border:none;vertical-align:baseline ; height:auto; "/> Warning! These examples require a good understanding of TCP/IP and other network concepts. All new users should try to sample in the test environment.
The TC command is installed by default on my Linux distribution. To list existing rules, enter:
# tc -s qdisc ls dev eth0
Sample output:
Qdisc pfifo_fast 0:root Bands 3 Priomap 1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1 Sent 2732108 bytes 10732 pkt (dropped 0, Overlim Its 0 requeues 0) rate 0bit 0pps backlog 0b 0p requeues 0
You first traffic shaping rules
First, send a ping request cyberciti.biz your local Linux workstation, and note the time of the ping, enter:
# ping cyberciti.biz
Sample output:
PING cyberciti.biz (74.86.48.99) bytes of data.64 bytes from txvip1.simplyguide.org (74.86.48.99): Icmp_seq=1 ttl=4 7 time=304 ms64 bytes from txvip1.simplyguide.org (74.86.48.99): icmp_seq=2 ttl=47 time=304 ms64 bytes from Txvip1.simplyg Uide.org (74.86.48.99): icmp_seq=3 ttl=47 time=304 ms64 bytes from txvip1.simplyguide.org (74.86.48.99): icmp_seq=4 ttl=4 7 time=304 ms64 bytes from txvip1.simplyguide.org (74.86.48.99): icmp_seq=5 ttl=47 time=304 ms64 bytes from Txvip1.simplyg Uide.org (74.86.48.99): icmp_seq=6 ttl=47 time=304 ms
Type the following TC command to slow down by 200 milliseconds
< Code style= "Margin:0px;padding:0px;border:0px;vertical-align:baseline;color:rgb (221,221,221); Background:rgb ( 51,51,51); " ># tc Qdisc Add dev eth0 root netem delay 200ms
# Ping cyberciti.biz
output sample:
ping cyberciti.biz (74.86.48.99) 56 (+) bytes of data.64 bytes from txvip1.simplyguide.org (74.86.48.99): icmp_seq=1 ttl=47 time=505 ms64 bytes from txvip1.simplyguide.org (74.86.48.99): icmp_seq=2 ttl=47 time=505 ms64 bytes from txvip1.simplyguide.org (74.86.48.99): icmp_seq=3 ttl=47 time=505 ms64 bytes from txvip1.simplyguide.org (74.86.48.99): icmp_seq=4 ttl=47 time=505 ms64 bytes from txvip1.simplyguide.org (74.86.48.99): icmp_seq=5 ttl=47 time=505 ms64 bytes from txvip1.simplyguide.org ( 74.86.48.99): icmp_seq=6 ttl=47 time=505 ms64 bytes from txvip1.simplyguide.org (74.86.48.99): icmp_seq=7 ttl=47 time=505 ms64 bytes from txvip1.simplyguide.org (74.86.48.99): icmp_seq=8 ttl=47 time=505 ms^c--- cyberciti.biz ping statistics -- -8 packets transmitted, 8 received, 0% packet loss, time 7006msrtt min/avg/max/mdev = 504.464/505.303/506.308/0.949 ms
To list the current rules, enter
# tc -s qdisc ls dev eth0
Output Sample:
Qdisc Netem 8001:root Limit delay 200.0ms Sent 175545 bytes 540 PKT (dropped 0, overlimits 0 requeues 0) rate 0bit 0 PPS Backlog 0b 0p requeues 0
To delete all rules, enter
# tc qdisc del dev eth0 root
# tc -s qdisc ls dev eth0
Examples of TBF
To attach a continuous maximum rate of 1mbit/s, the peakrate2.0mbit/s,10kilobyte buffers a TBF calculation, which makes the TBF cause a delay of up to 70ms, with the perfect peakrate behavior, with the front bucket queue size limit, entered:
# tc qdisc add dev eth0 root tbf rate 1mbit burst 10kb latency 70ms peakrate 2mbit minburst 1540
htb– Level token bucket
To control the use of egress bandwidth in a given link using HTB:
1.rate– you can set the allowable bandwidth.
2.ceil– you can set the burst bandwidth when the bucket is allowed.
3.prio– you can set additional bandwidth priorities. Prios the bandwidth provided by the lower class. For example, you can give DNS traffic and HTTP download prio lower.
4.iptables and TC: You need to use Iptables and TC as follows: Control outbound HTTP traffic.
Example: HTTP outbound traffic shaping
first , remove the rule that already exists on the eth1 nic:
#/sbin/tc qdisc del dev eth1 root
#/sbin/tc qdisc add dev eth1 root handle 1:0 HTB default ten
Define the class limit, which is the allowable bandwidth of 512 Kilobytes to 640,000 bytes of port 80 and burst bandwidth:
< Code style= "Margin:0px;padding:0px;border:0px;vertical-align:baseline;color:rgb (221,221,221); Background:rgb ( 51,51,51); " >#/sbin/tc class Add dev eth1 parent 1:0 classid 1:10 HTB rate 512kbps ceil 640kbps prio 0
< Code style= "Margin:0px;padding:0px;border:0px;vertical-align:baseline;color:rgb (221,221,221); Background:rgb ( 51,51,51); " >#/sbin/iptables-a output-t mangle-p tcp--sport 80-j MARK--set-mark
to protect Save Iptables Rules, enter the following command (RHEL for example):
#/sbin/service iptables Save
# TC Filter Add dev eth1 parent 1:0 prio 0 Protocol IP handle FW flowid 1:10
/ SBIN/TC qdisc add dev eth0 root handle 1:htb
/sbin/tc class add dev eth0 parent 1:cla SSID 1:1 HTB rate 1024kbps
/sbin/tc class add dev eth0 parent 1:1 ClassID 1:5 HTB rate 512kbps ceil 640kbps prio 1
/sbin/tc class add dev eth0 parent 1:1 ClassID 1:6 HTB rate 100kbps ceil 160kbps prio 0
/sbin/tc filter Add dev eth0 parent 1:0 prio 1 Protocol IP Handle 5 FW flowid 1:5
/sbin/tc filter Add dev eth0 parent 1:0 prio 0 Protocol IP Hand Le 6 FW flowid 1:6
/sbin/iptables-a output-t mangle-p tcp--sport 80-j MARK--set-m Ark 5
/sbin/iptables-a output-t mangle-p tcp--sport 22-j MARK--set-mark 6
How do I monitor and test speed?
Use tools
# /sbin/tc -s -d class show dev eth0
# /sbin/iptables -t mangle -n -v -L
# iptraf
# watch /sbin/tc -s -d class show dev eth0
To test the download speed use the lftp or wget command-line tool.
This article is from the "Professor" blog, please be sure to keep this source http://professor.blog.51cto.com/996189/1569481
Several examples of TC flow control on Linux