Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I saw a similar post and got this from an example script. I have set up a Linux PC router with two network interface cards with port forwarding and NAT enabled. The eth0 interface is the interface which has PC1 connected. The eth0 interface is connected to the internet via dhcp. eth1 interface has a static IP address and connects to the internet using NAT. eth1 interface has PC2 connected. When I run tests I transfer a file to PC2 from PC1 using scp. All of them are Linux PCs.
What I see is the rates as
filename1 100% 263MB 2.0MB/s 02:11 .
instead of 128kbit as I set in the script. Both the NICs are at 100Mb/s
Should I specify the PC1 IP address in the script with port number 22 as I want to limit scp traffic going from PC1 to PC2 (eth0 to eth1 in the Linux PC router).
Here is the script below
tc qdisc del dev eth0 root
tc qdisc add dev eth0 root handle 1:0 htb default 2
tc class add dev eth0 parent 1:0 classid 1:1 htb rate 512kbit ceil 512kbit
tc class add dev eth0 parent 1:1 classid 1:2 htb rate 256kbit ceil 512kbit
tc class add dev eth0 parent 1:1 classid 1:3 htb rate 128kbit ceil 128kbit
tc qdisc add dev eth0 parent 1:2 sfq
tc qdisc add dev eth0 parent 1:3 sfq
tc filter add dev eth0 parent 1:0 protocol ip u32 match ip sport 22 0xffff flowid 1:3
tc filter add dev eth0 parent 1:0 protocol ip u32 match ip dport 22 0xffff flowid 1:3
the question is did scp actually send the traffic using port 22, I'm guessing it didn't, it probably just did the initial connection/authentication part on port 22 and then opened a secondary channel for the file transfer.
Thanks for your reply. More than likely no. Should I try using passive ftp ports and rerun the ftp server using those? I thought most ftp servers would run in passive mode by default.
In my --sport I can then specify a range. Which ftp server should I use to test. Please let me know. I see no obvious problems with my tc class configuration.
Your tc stuff looks fine. You could try the ftp server, pretty much any of them would be fine and available in most distros, I tend to use pureftpd, proftpd, or vsftpd
hmm your zero might be messing things up, the tc-htb man page has just the major listed for the definition lines, though that seems a bit weird that, that would be the issue
Quote:
tc qdisc add dev eth0 root handle 1:0 htb default 2
tc class add dev eth0 parent 1:0 classid 1:1 htb rate 512kbit ceil 512kbit
tc qdisc add dev eth0 root handle 1: htb default 2
tc class add dev eth0 parent 1: classid 1:1 htb rate 512kbit ceil 512kbit
...
here is a script that I use at home on my dsl and it is working for me, I use a mangle table but that shouldn't be necessary
Code:
#!/bin/sh
/sbin/tc qdisc replace dev $1 root handle 1: htb default 30
/sbin/tc class replace dev $1 parent 1: classid 1:1 htb rate 890kbit burst 5k
/sbin/tc class replace dev $1 parent 1:1 classid 1:10 htb rate 590kbit ceil 890kbit burst 5k
/sbin/tc class replace dev $1 parent 1:1 classid 1:20 htb rate 300kbit ceil 800kbit burst 5k
/sbin/tc class replace dev $1 parent 1:1 classid 1:30 htb rate 5kbit ceil 800kbit burst 5k
/sbin/tc qdisc replace dev $1 parent 1:10 handle 10: sfq perturb 10
/sbin/tc qdisc replace dev $1 parent 1:20 handle 20: sfq perturb 10
/sbin/tc qdisc replace dev $1 parent 1:30 handle 30: sfq perturb 10
/sbin/tc filter add dev $1 parent 1:0 prio 0 protocol ip handle 10 fw flowid 1:10
/sbin/tc filter add dev $1 parent 1:0 prio 0 protocol ip handle 20 fw flowid 1:20
/sbin/tc filter add dev $1 parent 1:0 prio 0 protocol ip handle 30 fw flowid 1:30
iptables -t mangle -F
iptables -t mangle -N HTB_OUT
iptables -t mangle -I POSTROUTING -j HTB_OUT
iptables -t mangle -A HTB_OUT -j MARK --set-mark 30
... rules that set different marks (10, 20) based on various iptables rules (like destination, ports, ...)
Thanks a lot for your reply. It is still not working for me. I just want to limit the scp transfer rate to a certain bandwidth value. Now the two machines are on different networks use NAT running on a linux router and vsftpd server is running on machine1 and I use scp on machine2 to get the file. machine1 connects to eth0 of the linux router and machine 2 connects to eth1 interface of the linux router machine. All 3 PCs are Linux PCs in the network. I still see the rate does not change. What am I doing wrong? I changed the script as below.
#!/bin/sh
/sbin/tc qdisc add dev eth0 root handle 1: htb default 30
/sbin/tc class add dev eth0 parent 1: classid 1:1 htb rate 890kbit burst
/sbin/tc class add dev eth0 parent 1:1 classid 1:10 htb rate 590kbit ceil 890kbit burst 5k
/sbin/tc qdisc replace dev eth0 parent 1:10 handle 10: sfq perturb 10
/sbin/tc filter add dev eth0 parent 1:0 protocol ip u32 match ip sport 22 0xffff flowid 1:10
/sbin/tc filter add dev eth0 parent 1:0 protocol ip u32 match ip dport 22 0xffff flowid 1:10
The default shouldn't be 30 since 30 doesn't exist in your filter, try changing it to 10 (though that should limit all your traffic)
hmm given the direction you are doing this you might want to put the shaper on eth1 instead of eth0 since it shapes outbound traffic not inbound (and I'd bet your original stuff would work then as well)
Thanks a lot for your help and patience. I am quite new to using tc classes but am slowly getting a hang of it.
This is the script I used to test
/sbin/tc qdisc add dev eth1 root handle 1: htb default 10
/sbin/tc class add dev eth1 parent 1: classid 1:1 htb rate 512kbit burst 5k
/sbin/tc class add dev eth1 parent 1:1 classid 1:10 htb rate 256kbit ceil 512kbit burst 5k
/sbin/tc qdisc add dev eth1 parent 1:10 handle 10: sfq perturb 10
/sbin/tc filter add dev eth1 parent 1:10 prio 0 protocol ip handle 10 fw flowid 1:10
/sbin/tc filter add dev eth1 parent 1:0 protocol ip u32 match ip sport 22 0xffff flowid 1:10
/sbin/tc filter add dev eth1 parent 1:0 protocol ip u32 match ip dport 22 0xffff flowid 1:10
Now when I invoke scp on PC2 connected to eth1 interface I see this speeds
scp username@IP:/test.txt .
test.txt 100% 43MB 53.2KB/s 13:39
Since I am configuring my rate to be 256kbit and 512kbit the rate when I do scp will be between 32 kilobytes to 64 kilobytes which is as expected I suppose.
Now I want to do rate limiting for RTP and VOIP traffic. So I will still apply limiting to eth1 interface on VOIP and RTP ports? I will expand the script to add multiple classes for different types of traffic. So when I initiate a call from VOIP device connected to eth1 interface it will have rate limiting enabled. Is my understanding correct?
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
