TC limit bandwidth
Posted Hi,云计算!
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了TC limit bandwidth相关的知识,希望对你有一定的参考价值。
方法1:
1 tc qdisc add dev enp0s8 ingress 2 tc qdisc add dev enp0s8 root htb 3 tc qdisc show dev enp0s8 4 5 6 tc filter add dev enp0s8 parent 8001: protocol ip prio 1 u32 match ip src 172.16.50.120 police rate 1000Kbit burst 1Mb mtu 64kb drop flowid :1 7 tc filter add dev enp0s8 parent ffff: protocol ip prio 1 u32 match ip dst 172.16.50.120 police rate 1000Kbit burst 1Mb mtu 64kb drop flowid :1 8 9 tc filter add dev enp0s8 parent 8001: protocol ip prio 1 u32 match ip src 172.16.50.121 police rate 1000Kbit burst 1Mb mtu 64kb drop flowid :1 10 tc filter add dev enp0s8 parent ffff: protocol ip prio 1 u32 match ip dst 172.16.50.121 police rate 1000Kbit burst 1Mb mtu 64kb drop flowid :1 11 12 tc filter add dev enp0s8 parent 8001: protocol ip prio 1 u32 match ip src 172.16.50.11 police rate 1000Kbit burst 1Mb mtu 64kb drop flowid :1 13 tc filter add dev enp0s8 parent ffff: protocol ip prio 1 u32 match ip dst 172.16.50.11 police rate 1000Kbit burst 1Mb mtu 64kb drop flowid :1 14 15 16 tc -s -d -p filter show dev enp0s8 parent 8001: 17 tc -s -d -p filter show dev enp0s8 parent ffff:
问题:无法保证IP的达到规则带宽 ?
原因: tc 规则 ,1.创建 qdisc -> tc qdisc add dev enp0s8 root htb 2.创建Filter ->tc filter add dev enp0s8 parent 8001: protocol ip prio 1 u32 match ip src 172.16.50.120 police rate 1000Kbit burst 1Mb mtu 64kb drop flowid :1
从TC规则可知,1.仅有一个queue, 2. filter有police action(police action 限速目的IP进行queue速度,在超出限制执行drop),所有packet进入单个queue,依次发送。
方法2:
1 tc qdisc add dev enp0s9 root handle 1: htb default 30 2 3 tc class add dev enp0s9 parent 1: classid 1:1 htb rate 9mbit 4 tc class add dev enp0s9 parent 1:1 classid 1:10 htb rate 5mbit 5 tc class add dev enp0s9 parent 1:1 classid 1:20 htb rate 3mbit ceil 3mbit 6 tc class add dev enp0s9 parent 1:1 classid 1:30 htb rate 1kbit ceil 1mbit 7 8 tc qdisc add dev enp0s9 parent 1:10 handle 10: sfq perturb 10 9 tc qdisc add dev enp0s9 parent 1:20 handle 20: sfq perturb 10 10 tc qdisc add dev enp0s9 parent 1:30 handle 30: sfq perturb 10 11 12 tc filter add dev enp0s9 protocol ip parent 1:0 prio 1 u32 match ip src 192.168.10.100/32 flowid 1:10 13 tc filter add dev enp0s9 protocol ip parent 1:0 prio 1 u32 match ip src 192.168.10.105/32 flowid 1:20
方法3:
1 modemif=eth4 2 3 iptables -t mangle -A POSTROUTING -o $modemif -p tcp -m tos --tos Minimize-Delay -j CLASSIFY --set-class 1:10 4 iptables -t mangle -A POSTROUTING -o $modemif -p tcp --dport 53 -j CLASSIFY --set-class 1:10 5 iptables -t mangle -A POSTROUTING -o $modemif -p tcp --dport 80 -j CLASSIFY --set-class 1:10 6 iptables -t mangle -A POSTROUTING -o $modemif -p tcp --dport 443 -j CLASSIFY --set-class 1:10 7 8 tc qdisc add dev $modemif root handle 1: htb default 12 9 tc class add dev $modemif parent 1: classid 1:1 htb rate 1500kbit ceil 1500kbit burst 10k 10 tc class add dev $modemif parent 1:1 classid 1:10 htb rate 700kbit ceil 1500kbit prio 1 burst 10k 11 tc class add dev $modemif parent 1:1 classid 1:12 htb rate 800kbit ceil 800kbit prio 2 12 tc filter add dev $modemif protocol ip parent 1:0 prio 1 u32 match ip protocol 0x11 0xff flowid 1:10 13 tc qdisc add dev $modemif parent 1:10 handle 20: sfq perturb 10 14 tc qdisc add dev $modemif parent 1:12 handle 30: sfq perturb 10
测试脚本:
1 #test network: (192.168.10.6) 2 ovs-vsctl add-br br-ext 3 ovs-vsctl add-port br-ext enp0s9 4 5 ip link add veth-i-100 type veth peer name veth-o-100 6 ip link set veth-i-100 up 7 ovs-vsctl add-port br-ext veth-i-100 8 ip netns add ns-100 9 ip link set veth-o-100 netns ns-100 10 ip netns exec ns-100 ip link set veth-o-100 11 ip netns exec ns-100 ip addr add 192.168.10.100/24 dev veth-o-100 12 13 ip link add veth-i-105 type veth peer name veth-o-105 14 ip link set veth-i-105 up 15 ovs-vsctl add-port br-ext veth-i-100 16 ip netns add ns-105 17 ip link set veth-o-105 netns ns-105 18 ip netns exec ns-105 ip link set veth-o-105 19 ip netns exec ns-105 ip addr add 192.168.10.105/24 dev veth-o-105 20 21 #1)TCP测试 22 #服务器执行:#iperf -s -i 1 -w 1M 23 iperf -s -i 10 -p 1100 -D 24 25 #客户端执行:#iperf -c host -i 1 -w 1M 26 ip netns exec ns-100 iperf -c 192.168.10.8 -i 10 -t 120 -p 1100 27 #其中-w表示TCP window size,host需替换成服 务器地址。 28 29 #2)UDP测试 30 #服务器执行:# iperf -u -s -p 2100 31 iperf -u -s -D 32 #客户端执行:#iperf -u -c 10.32.0.254 -b 900M -i 1 -w 1M -t 60 33 ip netns exec ns-100 iperf -c 192.168.10.8 -b 100M -i 10 -t 120 -p 2100 34 #其中-b表示 使用带宽数量,千兆链路使用90%容量进行测试就可以了。
参考文档:
http://lartc.org/lartc.html#LARTC.QDISC.EXPLAIN
http://www.funtoo.org/Traffic_Control
以上是关于TC limit bandwidth的主要内容,如果未能解决你的问题,请参考以下文章