Use linux TC for server traffic control

Article Title: Use TC in linux to control server traffic. Linux is a technology channel of the IT lab in China. Includes basic categories such as desktop applications, Linux system management, kernel research, embedded systems, and open source.

The network environment of a server in the company is too high. When the server is connected to the source server for download, it runs to 400 M-500 M. In order to control the server, we studied TC for traffic control. Control the network to a small point. TC is very powerful. Many so-called hardware routers are based on this.

 TC Introduction

In linux, TC has two control methods: CBQ and HTB. HTB, which are designed to replace CBQ. It is a hierarchical filtering framework.

TC includes three basic components: queue-defined qdisc (queueing discipline), class, and Classifiers)

Queue (queueing discipline): used to control the transmission speed of the network. Through the queue, linux can cache network data packets and smooth network traffic without interrupting connections (such as TCP) based on user settings. It should be noted that linux does not have good control over the receiving queue, So we generally only use the sending queue, that is, "sending control is not controlled ". It encapsulates the other two main TC components (class and classifier ). If the kernel needs to send packets through a network interface, it needs to add the packets to the queue according to the qdisc (queuing rule) configured for this interface. Then, the kernel extracts data packets from qdisc as much as possible and delivers them to the Network Adapter Driver Module.

The simplest QDisc is pfifo, which does not process any incoming data packets. data packets are first-in-first-out in the queue. However, it will save packets that cannot be processed by the network interface at the moment.

Queue rules include FIFO, RED, SFQ, Token Bucket, and CBQ ), CBQ is a super queue that can contain other queues (or even other CBQ ).

Class indicates the control policy. Obviously, in many cases, we are likely to implement different traffic control policies for different IP addresses. At this time, we have to use different classes to express different control policies.

Filters are used to insert users into specific control policies (that is, different classes ). For example, now we want to apply different control policies (A, B) to the IP addresses xxa and xxb. In this case, we can use filters to divide xxa into control policy, divide xxb into control policy B. The flags divided by the filter can be implemented by the u32 marking function or the set-mark (mostly using IPtables for marking) function of iptables.

Currently, TC can use the following filters: fwmark classifier, u32 classifier, route-based classifier, And RSVP classifier (for IPV6 and IPV4 respectively, the fwmark classifier allows us to use the Linux netfilter code to select traffic, while the u32 classifier allows us to select traffic based on the ANY header. it should be noted that filters are in QDisc and cannot act as subjects.

Packet-> iptables (when iptables is used, iptables sets different mark based on different ip addresses)-> TC (class)-> TC (queue)

Application

Assume that eth0 is the server's Internet network interface.

1) first, in the qdiscA of eth0, qdiscA controls the speed from the local machine to the Internet, so it is used to control the outbound speed of the server.

# Tc qdisc add dev eth1 root handle 1: htb default 1

Add the upper-level handle (used for marking) of the Set interface to mark the class that uses 1 by default.

The explanation is as follows: both the queue, class, and filter have identifiers such as ID. Generally, they all have parent (parent, upper layer). Note that ID has local interface, different network interfaces can have the same ID. here, because the qdisc is on the top, the parent does not exist. It is identified by the word 'root' and the ID is marked by 1 :.

'Default 91' indicates that when an ip Stream does not meet any preset filter rules, it is automatically classified into class 1. For more detailed instructions on instruction rules, see the manual.

2) create two classes under qdisc to specify the eth0 to control the speed from the local computer to the Internet.

# Tc class add dev eth0 parent 1:0 classid1: 30 htb rate 2 mbit ceil 4 mbit prio 2

Note: The above is the speed at which we control the output server. It is 2 MB and the maximum speed is 4 MB.

Rate: The bandwidth value guaranteed by a class. If there is more than one class, make sure that the sum of all subclasses is less than or equal to the parent class.

Prio: used to indicate the competitiveness of borrowed bandwidth. The smaller the prio, the higher the priority, and the stronger the competitiveness.

Ceil: ceil is the maximum bandwidth value of a class.

3) set different classes for different applications under each root class ,. Example. (This is unnecessary if there is only one class)

# Tc class add dev eth0 parent classid htbrate 0.5 mbit ceil 2 mbit prio 3

At the same time, in order not to allow a session to occupy the bandwidth forever, add a fair queue sfq to the node (that is, the application nodes in this article). (multiple IP addresses)

# Tc qdisc add dev eth0 parent :31 handle 31: sfq perturb 10

4) Add a filter.

# Tc filter add dev eth0 parent 1: protocol ipprio 31 handle 31 fw flowid :31

4) use iptable for marking, or use u32 or the like.

# Iptables-t mangle-I forward-I! Eth1-p tcp? Sport 80-s xxx. xxx? J MARK? Set-mark 31

[1] [2] Next page