Use TC for flow control (Qos)

Original from: http://blog.chinaunix.net/u/9284/showart.php?id=220696
use TC for flow control (Qos)

(2006-12-13) Kang Daoyu

Objective:

I see the network on the Linux system flow control article a lot of not practical, even if the reference can not quickly write traffic control rules, and there are many errors. I have also written an article, is a lot of web sites cited, thanks to my support, I put an example to write out for everyone to reference and learning ( absolutely practical!) You can compare the articles of other people on the internet and my article to know! ）

Demand:

At present, the company's dedicated line bandwidth of 4M, up and down line equivalent, due to the recent internal use of Peer-to-peer on the network has a greater impact, so now the flow control (large part of people prohibit the use of Peer-to-peer download, but some managers can not be limited, but only to take the flow control). Objective: To ensure the operation of ERP system without affecting the use of other users, in other words, so that they do not feel, at the same time to achieve our goal. Note: Because TC can only restrict the sending of packets, so download the network card on, and upload the external network card control.

First, download Settings

1, rules (eth0 for the Internal network card, you can limit the download traffic)

TC Qdisc Add dev eth0 root handle 2:0 HTB default 30

TC class Add dev eth0 parent 2:0 classid 2:1 HTB rate 4Mbit burst 15k

TC class Add dev eth0 parent 2:1 classid 2:10 HTB rate 4Mbit burst 15k max Traffic 4M

TC class Add dev eth0 parent 2:1 classid 2:20 HTB rate 2000kbit ceil 2Mbit burst 15k maximum traffic 2M

TC class Add dev eth0 parent 2:1 classid 2:30 HTB rate 1000kbit ceil 1000kbit burst 15k maximum traffic 1M

TC Qdisc Add dev eth0 parent 2:10 handle 10:SFQ perturb 10

TC Qdisc Add dev eth0 parent 2:20 handle 20:SFQ perturb 10

TC Qdisc Add dev eth0 parent 2:30 handle 30:SFQ perturb 10

U32_1= "TC Filter Add dev eth0 protocol IP parent 2:0 prio 1 u32"

$U 32_1 match ip src 192.168.9.0/24 flowid 2:10 (the network of the 192.168.9.0/24 head Office ERP server)

Enable access to the ERP server maximum bandwidth of 4M, priority is 1

U32_2= "TC Filter Add dev eth0 protocol IP parent 2:0 prio 2 U32"

$U 32_2 match IP DST 192.168.1.172/32 flowid 2:20

$U 32_2 match IP DST 192.168.1.82/32 flowid 2:20

$U 32_2 match IP DST 192.168.1.200/32 flowid 2:20

The above 3 IP for the general manager, limit their download traffic is 2M, priority is 2

TC Filter Add dev eth0 protocol IP parent 2:0 prio 3 u32 match IP DST 192.168.1.0/24 flowid 2:30 (because of the default, this row can be omitted, for the rules clearer, or set Set as good)

The above is only set by default download bandwidth of only 1000K, about nearly 1M. Priority is 3

2, Attention matters:

Priority not the same two, upload settings

1, rules (eth1 for the Connection line network card, can limit the upload bandwidth)

Iptables-f-T Mangle

Iptables-x-T Mangle

Iptables-z-T Mangle

Iptables-a prerouting-t mangle-i eth0-s 192.168.1.200/32-j MARK--set-mark 1

Iptables-a prerouting-t mangle-i eth0-s 192.168.1.172/32-j MARK--set-mark 1

Iptables-a prerouting-t mangle-i eth0-s 192.168.1.82/32-j MARK--set-mark 1

#iptables-A prerouting-t mangle-i eth0-s 192.168.1.0/24-j MARK--set-mark 2 (may not use this article)

TC Qdisc Add dev eth1 root handle 1:0 HTB default 30

TC class Add dev eth1 parent 1:0 classid 1:1 HTB rate 4Mbit burst 15k

TC class Add dev eth1 parent 1:1 classid 1:10 HTB rate 4Mbit burst 15k max upload traffic to 4M

TC class Add dev eth1 parent 1:1 classid 1:20 HTB rate 1000kbit ceil 2Mbit burst 15k maximum traffic to 2M

TC class Add dev eth1 parent 1:1 classid 1:30 HTB rate 400kbit ceil 400kbit burst 15k maximum traffic to 400K

TC Qdisc Add dev eth1 parent 1:10 handle 10:SFQ perturb 10

TC Qdisc Add dev eth1 parent 1:20 handle 20:SFQ perturb 10

TC Qdisc Add dev eth1 parent 1:30 handle 30:SFQ perturb 10

U32= "TC Filter Add dev eth1 protocol IP parent 1:0 prio 1 u32"

TC Filter Add dev eth1 protocol IP parent 1:0 prio 1 u32 match IP DST 192.168.9.0/24 flowid 1:10

The above rules use to reach the ERP server traffic is unlimited, that is, the maximum can be 4M

TC Filter Add dev eth1 parent 1:0 protocol IP prio 3 handle 1 FW classid 1:20

The above rules enable the total handling of 3 IP address upload traffic is 2M

#tc filter Add dev eth1 parent 1:0 protocol IP prio 4 handle 2 FW ClassID 1:30 (because this rule is used by default, it can be omitted)

Default does not conform to the above two rules of all use this rule, upload the maximum bandwidth of 400K (don't say I harsh yo)

2. Attention Matters

1 because the internal IP address in the external network card will be NAT, so can not use the source address for U32 matching, only the FW rules for traffic identification

2 Priority must not be the same, otherwise the FW rules will fail

3 The above rules can be put into a file to run