Limit bandwidth of a network interface : tc and iptables doesn't work ?
Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Limit bandwidth of a network interface : tc and iptables doesn't work ?
Hi,
I try to limit the bandwidth of my eth0 interface. I have read several articles about it and i have tried the followings commands :
Quote:
tc qdisc add dev eth0 root handle 1: htb default 30
tc class add dev eth0 parent 1: classid 1:1 htb rate 100kbit
tc filter add dev eth0 parent 1:0 prio 1 protocol ip handle 5 fw flowid 1:1
iptables -A INPUT -t mangle -j MARK --set-mark 5
But it doesn't work. I have tried several others scripts too, again without success.
I'm running on Archlinux and I test the download speed with wget after these commands, but I always arrive at the maximum speed of my ADSL connection, and not the restricted speed.
My script is correct ? In all cases, it doesn't return an error. Or is it something else ?
You police ingress (inbound) and shape(limit) egress (outbound). There is not much in the way of policing short of just dropping packets. If eth0 is your WAN/ISP uplink, you can try something like this to see if you get the results you expect...
Code:
# clear it
/sbin/tc qdisc del dev eth0 ingress
# police it
/sbin/tc qdisc add dev eth0 handle ffff: ingress
/sbin/tc filter add dev eth0 protocol ip parent ffff: prio 50 u32 match ip \
src 0.0.0.0/0 police rate 128kbit burst 15k drop flowid :1
Where 128 is the number, in Kilobits, you want to police incoming traffic.
But I've two others questions :
- It works with virtual interfaces (like with eth0:1 par example) ?
- Is there a method to restrict the uplink and the downlink together at 128kbit ? It works well for the down, but not for the up.
Thank you again
EDIT : I have readed this article which says
Quote:
For traffic accepted on an interface, the ingress qdisc is traversed. With its limited utility, it allows no child class to be created, and only exists as an object onto which a filter can be attached. For practical purposes, the ingress qdisc is merely a convenient object onto which to attach a policer to limit the amount of traffic accepted on a network interface.
If I understand correctly, the police on ingress limits the uplink too ? So I made a mistake in my uplink tests ?
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.