Use TC to elegantly implement network current limiting under Linux-LINUX-php.cn

Home

System Tutorial

LINUX

Use TC to elegantly implement network current limiting under Linux

WBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWB

Feb 14, 2024 pm 12:27 PM

linuxlinux tutoriallinux systemlinux commandshell scriptarrangementembeddedlinuxGetting started with linuxlinux learning

1. The principle of flow control under Linux

We can control how packets are sent by queuing them. This control is called data shaping, which performs the following operations on data:

Increase delay
Drop packet
rearrange
Duplicate or corrupt
Control rate

Under the qdisc-class-filter structure, three steps are required to control traffic:

Create qdisc queue

Since Linux controls traffic by queuing packets, a queue is first needed.

Create class classification

class is actually used to classify traffic policies. For example, two traffic speed limit levels can be divided: 10MBps and 20MBps.

Create filter filter

Although the class classification has been created, no IP or port has been bound to the class, so there will be no control effect at this time. You also need to create a filter to bind the specified IP and port to the class so that the flow control class can take effect on the resource.

TC is a traffic control tool provided by Linux and one of the core infrastructures of network components such as Cilium/eBPF.

2. Limit the access speed of the specified IP and Port to this machine

2.1 Check the network card

ifconfig

eth0: flags=4163  mtu 1500
        inet 1.1.1.1  netmask 255.255.254.0  broadcast 1.1.1.1
        inet6 1::1:1:1:1  prefixlen 64  scopeid 0x20
        ether 1:1:1:1:1:1  txqueuelen 1000  (Ethernet)
        RX packets 2980910  bytes 2662352343 (2.4 GiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 1475969  bytes 122254809 (116.5 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

2.2 Configuration `qdisc-class-filter`

Create qdisc root queue

tc qdisc add dev eth0 root handle 1: htb default 1

Create a first-level class to bind all bandwidth resources

Note that the unit here is 6 MBps, which is 48 Mbps.

tc class add dev eth0 parent 1:0 classid 1:1 htb rate 6MBps burst 15k

Create subcategory class

You can create multiple subcategories to conduct refined management of resource traffic.

tc class add dev eth0 parent 1:1 classid 1:10 htb rate 6MBps ceil 10MBps burst 15k

Here ceil sets the upper limit. Under normal circumstances, the speed limit is 6MBps, but when the network is idle, it can reach 10 MBps.

Create filter filter, restrict IP

tc filter add dev eth0 protocol ip parent 1:0 prio 1 u32 match ip dst 1.2.3.3 flowid 1:10

Here, the bandwidth of 1.2.3.4 is limited to 1:10, which is 6MBps. Of course, you can also directly add a class policy to the network segment 1.2.0.0/16.

2.3 查看并清理配置

查看 class 配置

tc class show dev eth0

class htb 1:10 parent 1:1 leaf 10: prio 0 rate 48Mbit ceil 80Mbit burst 15Kb cburst 1600b 
class htb 1:1 root rate 48Mbit ceil 48Mbit burst 15Kb cburst 1590b

查看 filter 配置

tc filter show dev eth0

filter parent 1: protocol ip pref 1 u32 chain 0 
filter parent 1: protocol ip pref 1 u32 chain 0 fh 800: ht divisor 1 
filter parent 1: protocol ip pref 1 u32 chain 0 fh 800::800 order 2048 key ht 800 bkt 0 f

lowid 1:10 not_in_hw 


  match 01020303/ffffffff at 16

清理全部配置

tc qdisc del dev eth0 root

3. 限制本机对指定 IP、Port 的访问速度

由于排队规则主要是基于出口方向，不能对入口方向的流量（Ingress）进行限制。因此，我们需要将流量重定向到 ifb 设备上，再对 ifb 的出口流量（Egress）进行限制，以最终达到控制的目的。

3.1 启用虚拟网卡

将在 ifb 设备

modprobe ifb numifbs=1

启用 ifb0 虚拟设备

ip link set dev ifb0 up

3.2 配置 `qdisc-class-filter`

添加 qdisc

tc qdisc add dev eth0 handle ffff: ingress

重定向网卡流量到 ifb0

tc filter add dev eth0 parent ffff: protocol ip u32 match u32 0 0 action mirred egress re

direct dev ifb0

添加 class 和 filter

tc qdisc add dev ifb0 root handle 1: htb default 10

tc class add dev ifb0 parent 1:0 classid 1:1 htb rate 6Mbps

tc class add dev ifb0 parent 1:1 classid 1:10 htb rate 6Mbps

tc filter add dev ifb0 parent 1:0 protocol ip prio 16 u32 match ip dst 1.2.3.4  flowid 1:

10

3.3 查看并清理配置

下面是限速本机对指定 IP 访问的监控图

进入的流量被限制在 6 MBps 以下，而出去的流量不被限制。

查看 class 配置

tc class show dev ifb0

class htb 1:10 parent 1:1 prio 0 rate 48Mbit ceil 48Mbit burst 1590b cburst 1590b 

class htb 1:1 root rate 48Mbit ceil 48Mbit burst 1590b cburst 1590b

查看 filter 配置

tc filter show dev ifb0

filter parent 1: protocol ip pref 16 u32 chain 0 
filter parent 1: protocol ip pref 16 u32 chain 0 fh 800: ht divisor 1 
filter parent 1: protocol ip pref 16 u32 chain 0 fh 800::800 order 2048 key ht 800 bkt 0 

flowid 1:10 not_in_hw 

  match 01020304/ffffffff at 16

清理全部配置

tc qdisc del dev eth0 ingress
tc qdisc del dev ifb0 root
modprobe -r ifb

The above is the detailed content of Use TC to elegantly implement network current limiting under Linux. For more information, please follow other related articles on the PHP Chinese website!

Statement

This article is reproduced at:良许Linux教程网. If there is any infringement, please contact admin@php.cn delete

Does the internet run on Linux?Apr 14, 2025 am 12:03 AM

The Internet does not rely on a single operating system, but Linux plays an important role in it. Linux is widely used in servers and network devices and is popular for its stability, security and scalability.

What are Linux operations?Apr 13, 2025 am 12:20 AM

The core of the Linux operating system is its command line interface, which can perform various operations through the command line. 1. File and directory operations use ls, cd, mkdir, rm and other commands to manage files and directories. 2. User and permission management ensures system security and resource allocation through useradd, passwd, chmod and other commands. 3. Process management uses ps, kill and other commands to monitor and control system processes. 4. Network operations include ping, ifconfig, ssh and other commands to configure and manage network connections. 5. System monitoring and maintenance use commands such as top, df, du to understand the system's operating status and resource usage.

Boost Productivity with Custom Command Shortcuts Using Linux AliasesApr 12, 2025 am 11:43 AM

Introduction Linux is a powerful operating system favored by developers, system administrators, and power users due to its flexibility and efficiency. However, frequently using long and complex commands can be tedious and er

What is Linux actually good for?Apr 12, 2025 am 12:20 AM

Linux is suitable for servers, development environments, and embedded systems. 1. As a server operating system, Linux is stable and efficient, and is often used to deploy high-concurrency applications. 2. As a development environment, Linux provides efficient command line tools and package management systems to improve development efficiency. 3. In embedded systems, Linux is lightweight and customizable, suitable for environments with limited resources.

Essential Tools and Frameworks for Mastering Ethical Hacking on LinuxApr 11, 2025 am 09:11 AM

Introduction: Securing the Digital Frontier with Linux-Based Ethical Hacking In our increasingly interconnected world, cybersecurity is paramount. Ethical hacking and penetration testing are vital for proactively identifying and mitigating vulnerabi

How to learn Linux basics?Apr 10, 2025 am 09:32 AM

The methods for basic Linux learning from scratch include: 1. Understand the file system and command line interface, 2. Master basic commands such as ls, cd, mkdir, 3. Learn file operations, such as creating and editing files, 4. Explore advanced usage such as pipelines and grep commands, 5. Master debugging skills and performance optimization, 6. Continuously improve skills through practice and exploration.

What is the most use of Linux?Apr 09, 2025 am 12:02 AM

Linux is widely used in servers, embedded systems and desktop environments. 1) In the server field, Linux has become an ideal choice for hosting websites, databases and applications due to its stability and security. 2) In embedded systems, Linux is popular for its high customization and efficiency. 3) In the desktop environment, Linux provides a variety of desktop environments to meet the needs of different users.

What are the disadvantages of Linux?Apr 08, 2025 am 12:01 AM

The disadvantages of Linux include user experience, software compatibility, hardware support, and learning curve. 1. The user experience is not as friendly as Windows or macOS, and it relies on the command line interface. 2. The software compatibility is not as good as other systems and lacks native versions of many commercial software. 3. Hardware support is not as comprehensive as Windows, and drivers may be compiled manually. 4. The learning curve is steep, and mastering command line operations requires time and patience.

See all articles