Some traffic shaping for single server under Linux

A lot of SMB server access bandwidth is often only 10Mbps. Usually the server also runs other services, such as FTP service, web service, when the website has a large amount of visits and many people at the same time When downloading, bandwidth is easily exhausted, causing server latency or packet loss. How to speed limit the port 80, and ensure that other services can run normally?

You can use the tc command to adjust the limits of the ports and servers specified on the server.

Token Bucket (TB)

Token Bucket is a common algorithm used to control the amount of data entering the network, allowing bursts of data to be sent. It is used for network flow control or rate limiting. With the token bucket, you can define traffic on a interface that allows the maximum rate at a given time. Tokens/sec|  | |  |  Bucket to|  |  To hold b tokens+======+=====+| | |  \\| /Packets |  +============+stream |  ---> |  Token wait |  ---> Remove token ---> eth0|  +============+1.The TB filter puts tokens into the bucket at a certain rate.2.Each token is permission for the source to send a specific number of bits into the network.3 .Bucket can hold b tokens as per shaping rules.4.Kernel can send packet if you’ve a token else traffic need to wait.

How do I use the TC command?

Warning! These examples require a good understanding of TCP/IP and other network concepts. All new users should try to be examples in a test environment. The TC command is installed by default on my Linux distribution. To list existing rules, enter:

# tc -s qdisc ls dev eth0 sample output: qdisc pfifo_fast 0: root bands 3 priomap 1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1Sent 2732108 bytes 10732 pkt (dropped 0, overlimits 0 requeues 0) rate 0bit 0pps backlog 0b 0p requeues 0

You first traffic shaping rules First, send a ping request to cyberciti.biz your local Linux workstation, and pay attention to the ping Time, enter:

# ping cyberciti.biz sample output: PING cyberciti.biz (74.86.48.99) 56(84) bytes of data.64 bytes from txvip1.simplyguide.org (74.86.48.99): Icmp_seq=1 ttl=47 time=304 ms64 bytes from txvip1.simplyguide.org (74.86.48.99): icmp_seq=2 ttl=47 time=304 ms64 bytes from txvip1.simplyguide.org (74.86.48.99): icmp_seq=3 ttl =47 time=304 ms64 bytes from txvip1.simplyguide.org (74.86.48.99): icmp_seq=4 ttl=47 time=304 ms64 bytes from txvip1.simplyguide.org (74.86.48.99): icmp_seq=5 ttl=47 time= 304 ms64 bytes from txvip1.simplyguide.org (74.86.48.99): icmp_seq=6 ttl=47 time=304 ms

Type below TC command slows down 200 milliseconds

# tc qdisc add dev eth0 root netem delay 200ms Now, run ping request again # ping cyberciti.biz output sample: PING cyberciti.biz (74.86.48.99) 56(84) bytes Of data.64 bytes from txvip1.simplyguide.org (74.86.48.99): icmp_seq=1 ttl=47 time=505 ms64 bytes from txvip1.simplyguide.org (74.86.48.99): icmp_seq=2 ttl=47 time=505 ms64 Bytes from txvip1.simplyguide.org (74.86.48.99): icmp_seq=3 ttl=47 time=505 ms64 bytes from txvip1.simplyguide.org (74.86.48.99): icmp_seq=4 ttl=47 time=505 ms64 bytes from txvip1. Simplyguide.org (74.86.48.99): icmp_seq=5 ttl=47 time=505 ms64 bytes from txvip1.simplyguide.org (74.86.48.99): icmp_seq=6 ttl=47 time=505 ms64 bytes from txvip1.simplyguide.org ( 74.86.48.99): icmp_seq=7 ttl=47 time=505 ms64 bytes from txvip1.simplyguide.org (74.86.48.99): icmp_seq=8 ttl=47 time=505 ms^C---cyberciti.biz ping statistics -- -8 Packet transmitted, 8 received, 0% packet loss, time 7006msrtt min/avg/max/mdev = 504.464/505.303/506.308/0.949 ms

To list the current rules, enter #tc -s qdisc ls dev eth0 output sample: qdisc netem 8001: root limit 1000 delay 200.0msSent 175545 bytes 540 pkt (dropped 0, overlimits 0 requeues 0)rate 0bit 0pps backlog 0b 0p requeues 0

To delete all rules, enter # tc qdisc del dev eth0 root# tc -s qdisc ls dev eth0

examples of TBF

Attaching a sustained maximum rate of 1Mbit/s, peakrate 2.0mbit/s, 10kilobyte buffer for a TBF calculation, making the TBF cause up to 70ms delay, with perfect peakrate behavior, with the front bucket size limit,, input:

# tc qdisc add dev eth0 root tbf rate 1mbit burst 10kb latency 70ms peakrate 2mbit minburst 1540

HTB – hierarchical token bucket

Control the use of HTB's egress bandwidth on a given link: 1.rate – You can set the allowed bandwidth. 2.ceil – You can set the burst bandwidth when the bucket is allowed. 3.prio – You can set additional bandwidth priority. The bandwidth provided by the lower class of prios. For example, you can give DNS traffic and HTTP download PRIO lower. 4.iptables and TC: You need to use iptables and TC as follows: Control outbound HTTP traffic.

Example: HTTP Outbound Traffic Shaping

First, delete the existing rules on the eth1 NIC: # /sbin/tc qdisc del dev eth1 root Open the queue rule, type: # /sbin/Tc qdisc add dev eth1 root handle 1:0 htb default 10 defines the class limit, that is, the allowed bandwidth is 512 kilobytes to 640 kilobytes of port 80 and burst bandwidth:

# /sbin/Tc class add dev eth1 parent 1:0 classid 1:10 htb rate 512kbps ceil 640kbps prio 0 Please note that port 80 is not defined anywhere in the above class. You will use the iptables laceration rule as follows:

# /sbin/iptables -A OUTPUT -t mangle -p tcp --sport 80 -j MARK --set-mark 10 To save the iptables rules, enter the following Command, (RHEL for example): # /sbin/service iptables save Finally, assign it to qdisc:# tc filter add dev eth1 parent 1:0 prio 0 protocol ip handle 10 fw flowid 1:10 below port 80 and 22 Another example:

/sbin/tc qdisc add dev eth0 root handle 1: htb/sbin/tc class add dev eth0 parent 1: classid 1:1 htb rate 1024kbps/sbin/tc class add dev eth0 Parent 1:1 classid 1:5 htb rate 512kbps ceil 640kbps prio 1/sbin/tc class add dev eth0 parent 1:1 classid 1:6 htb rate 100kbps ceil 160kbps prio 0/sbin/tc filter add dev eth0 parent 1:0 Prio 1 protocol ip handle 5 fw flowid 1:5/sbin/tc filter add dev eth0 parent 1:0 prio 0 protocol ip handle 6 fw flowid 1:6/sbin/iptables -A OUTPUT -t mangle -p tcp --sport 80 -j MARK --set-mark 5/sbin/iptables -A OUTPUT -t mangle -p tcp --sport 22 -j MARK --set-mark 6

How do I monitor and Test speed?

Use the tool

# /sbin/tc -s -d class show dev eth0# /sbin/iptables -t mangle -n -v -L# iptraf# watch /sbin/tc -s -d class show dev eth0 To test the download speed using the LFTP or wget command line tools.