声明:本站文章皆基于公开来源信息,仅代表作者个人观点,与作者所在公司无关!

TC limit bandwidth

方法1:

 1 tc qdisc add dev enp0s8 ingress
 2 tc qdisc add dev enp0s8 root htb
 3 tc qdisc show dev enp0s8
 4   
 5   
 6 tc filter add dev enp0s8 parent 8001: protocol ip prio 1 u32 match ip src 172.16.50.120 police rate 1000Kbit burst 1Mb mtu 64kb drop flowid :1
 7 tc filter add dev enp0s8 parent ffff: protocol ip prio 1 u32 match ip dst 172.16.50.120 police rate 1000Kbit burst 1Mb mtu 64kb drop flowid :1
 8   
 9 tc filter add dev enp0s8 parent 8001: protocol ip prio 1 u32 match ip src 172.16.50.121 police rate 1000Kbit burst 1Mb mtu 64kb drop flowid :1
10 tc filter add dev enp0s8 parent ffff: protocol ip prio 1 u32 match ip dst 172.16.50.121 police rate 1000Kbit burst 1Mb mtu 64kb drop flowid :1
11   
12 tc filter add dev enp0s8 parent 8001: protocol ip prio 1 u32 match ip src 172.16.50.11 police rate 1000Kbit burst 1Mb mtu 64kb drop flowid :1
13 tc filter add dev enp0s8 parent ffff: protocol ip prio 1 u32 match ip dst 172.16.50.11 police rate 1000Kbit burst 1Mb mtu 64kb drop flowid :1
14   
15   
16 tc -s -d -p filter show dev enp0s8 parent 8001:
17 tc -s -d -p filter show dev enp0s8 parent ffff:

问题:无法保证IP的达到规则带宽 ?

         原因:  tc 规则 ,1.创建 qdisc -> tc qdisc add dev enp0s8 root htb  2.创建Filter ->tc filter add dev enp0s8 parent 8001: protocol ip prio 1 u32 match ip src 172.16.50.120 police rate 1000Kbit burst 1Mb mtu 64kb drop flowid :1

        从TC规则可知,1.仅有一个queue,  2. filter有police action(police action 限速目的IP进行queue速度,在超出限制执行drop),所有packet进入单个queue,依次发送。

 

方法2:

 1 tc qdisc add dev enp0s9 root  handle 1:  htb default 30
 2  
 3 tc class add dev enp0s9 parent  1:  classid 1:1 htb rate 9mbit
 4 tc class add dev enp0s9 parent  1:1 classid 1:10 htb rate 5mbit
 5 tc class add dev enp0s9 parent  1:1 classid 1:20 htb rate 3mbit ceil 3mbit
 6 tc class add dev enp0s9 parent  1:1 classid 1:30 htb rate 1kbit ceil 1mbit
 7  
 8 tc qdisc add dev enp0s9 parent  1:10 handle 10: sfq perturb 10
 9 tc qdisc add dev enp0s9 parent  1:20 handle 20: sfq perturb 10
10 tc qdisc add dev enp0s9 parent  1:30 handle 30: sfq perturb 10
11  
12 tc filter add dev enp0s9 protocol ip parent 1:0 prio 1 u32 match ip src 192.168.10.100/32  flowid 1:10
13 tc filter add dev enp0s9 protocol ip parent 1:0 prio 1 u32 match ip src 192.168.10.105/32  flowid 1:20

 

方法3:

 1 modemif=eth4
 2   
 3 iptables -t mangle -A POSTROUTING -o $modemif -p tcp -m tos --tos Minimize-Delay -j CLASSIFY --set-class 1:10
 4 iptables -t mangle -A POSTROUTING -o $modemif -p tcp --dport 53 -j CLASSIFY --set-class 1:10
 5 iptables -t mangle -A POSTROUTING -o $modemif -p tcp --dport 80 -j CLASSIFY --set-class 1:10
 6 iptables -t mangle -A POSTROUTING -o $modemif -p tcp --dport 443 -j CLASSIFY --set-class 1:10
 7   
 8 tc qdisc add dev $modemif root handle 1: htb default 12
 9 tc class add dev $modemif parent 1: classid 1:1 htb rate 1500kbit ceil 1500kbit burst 10k
10 tc class add dev $modemif parent 1:1 classid 1:10 htb rate 700kbit ceil 1500kbit prio 1 burst 10k
11 tc class add dev $modemif parent 1:1 classid 1:12 htb rate 800kbit ceil 800kbit prio 2
12 tc filter add dev $modemif protocol ip parent 1:0 prio 1 u32 match ip protocol 0x11 0xff flowid 1:10
13 tc qdisc add dev $modemif parent 1:10 handle 20: sfq perturb 10
14 tc qdisc add dev $modemif parent 1:12 handle 30: sfq perturb 10

 

测试脚本:

 1 #test network: (192.168.10.6 2 ovs-vsctl add-br br-ext
 3 ovs-vsctl add-port br-ext enp0s9
 4  
 5 ip link add veth-i-100 type veth peer name veth-o-100
 6 ip link set veth-i-100 up
 7 ovs-vsctl add-port br-ext veth-i-100
 8 ip netns add ns-100
 9 ip link set veth-o-100 netns ns-100
10 ip netns exec ns-100 ip link set veth-o-100
11 ip netns exec ns-100 ip addr add 192.168.10.100/24 dev veth-o-100
12  
13 ip link add veth-i-105 type veth peer name veth-o-105
14 ip link set veth-i-105 up
15 ovs-vsctl add-port br-ext veth-i-100
16 ip netns add ns-105
17 ip link set veth-o-105 netns ns-105
18 ip netns exec ns-105 ip link set veth-o-105
19 ip netns exec ns-105 ip addr add 192.168.10.105/24 dev veth-o-105
20   
21 #1)TCP测试
22 #服务器执行:#iperf -s -i 1 -w 1M
23 iperf -s -i 10 -p 1100  -D
24  
25 #客户端执行:#iperf -c host -i 1 -w 1M
26 ip netns exec ns-100 iperf -c 192.168.10.8 -i 10 -t 120 -p 1100
27 #其中-w表示TCP window size,host需替换成服 务器地址。
28  
29 #2)UDP测试
30 #服务器执行:# iperf -u -s -p 2100
31 iperf -u -s -D
32 #客户端执行:#iperf -u -c 10.32.0.254 -b 900M  -i 1  -w 1M  -t 60
33 ip netns exec ns-100 iperf -c 192.168.10.8 -b 100M -i 10 -t 120 -p 2100
34 #其中-b表示 使用带宽数量,千兆链路使用90%容量进行测试就可以了。
View Code

 

问题:

1.怎么删除TC filter ?

     tc filter del dev bond1 parent ffff: prio 1 handle 800::801 u32

2.怎么对overlay限速 ?

    tc filter add dev ens34 protocol ip parent 8004: pref 10 u32 match u16 0xac10 0xffff at 70 match u16 0xff0b 0xffff at 72 police rate 1000Kbit burst 1Mb mtu 64kb drop flowid :1

    匹配geneve封装中的inner src IP,IP地址172.16.255.11,其16进制为ac10ff0b。u32类型的match需要从4的整数倍字节开始,而geneve封装中的inner src IP起始字节为70,故分成两个u16的封装。

    参见: https://serverfault.com/questions/162558/inconsistencies-with-linux-tc-filter-u32-matching-on-packet-data-payload-can-s/162608

 

参考文档:

    http://lartc.org/lartc.html#LARTC.QDISC.EXPLAIN

    http://www.funtoo.org/Traffic_Control

    http://www.mamicode.com/info-detail-286576.html

posted @ 2017-07-01 08:28  Hi,云计算!  阅读(1089)  评论(1编辑  收藏  举报