LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 07-11-2018, 03:00 PM   #1
lpriya
LQ Newbie
 
Registered: Jul 2018
Posts: 2

Rep: Reputation: Disabled
Traffic control in linux


Hi all,

New to traffic control in general and my first question on this site, so please bear with me. I am trying to do rate-limiting/policing in linux for ingress traffic. Goal is to limit incoming traffic on an interface to a certain rate based on protocol/type of traffic, traffic above that rate should be dropped. Some initial search shows that tc is the tool that can be used. Unfortunately not able to find lot of documentation on the it- especially ingress policing, various constructs of u32 filter like priority/protocols etc. Many of the notes on tc are old and point to http://www.lartc.org/ which seems to be down, which makes me think tc may not be widely used anymore. What is the current traffic control utility that is prevalent on linux today?

I have tried suggestion given in this thread - https://www.linuxquestions.org/quest...t-work-837259/


# clear it
/sbin/tc qdisc del dev eth0 ingress
# police it
/sbin/tc qdisc add dev eth0 handle ffff: ingress
/sbin/tc filter add dev eth0 protocol ip parent ffff: prio 50 u32 match ip \
src 0.0.0.0/0 police rate 128kbit burst 15k drop flowid :1

It does not work for me. Getting this error -
# tc filter add dev eth0 parent ffff: u32 \
> match u32 0 0 \
> police rate 1mbit burst 100k
RTNETLINK answers: No such file or directory
We have an error talking to the kernel

Kindly point me to latest documentation of tc and/or any other tool which is more in trend.
Also can iptables be used for this purpose?

Looking forward.

Thanks,
Priya
 
Old 07-12-2018, 07:56 AM   #2
TB0ne
LQ Guru
 
Registered: Jul 2003
Location: Birmingham, Alabama
Distribution: SuSE, RedHat, Slack,CentOS
Posts: 26,278

Rep: Reputation: 7897Reputation: 7897Reputation: 7897Reputation: 7897Reputation: 7897Reputation: 7897Reputation: 7897Reputation: 7897Reputation: 7897Reputation: 7897Reputation: 7897
Quote:
Originally Posted by lpriya View Post
Hi all,
New to traffic control in general and my first question on this site, so please bear with me. I am trying to do rate-limiting/policing in linux for ingress traffic. Goal is to limit incoming traffic on an interface to a certain rate based on protocol/type of traffic, traffic above that rate should be dropped. Some initial search shows that tc is the tool that can be used. Unfortunately not able to find lot of documentation on the it- especially ingress policing, various constructs of u32 filter like priority/protocols etc. Many of the notes on tc are old and point to http://www.lartc.org/ which seems to be down, which makes me think tc may not be widely used anymore. What is the current traffic control utility that is prevalent on linux today?

I have tried suggestion given in this thread - https://www.linuxquestions.org/quest...t-work-837259/

# clear it
/sbin/tc qdisc del dev eth0 ingress
# police it
/sbin/tc qdisc add dev eth0 handle ffff: ingress
/sbin/tc filter add dev eth0 protocol ip parent ffff: prio 50 u32 match ip \
src 0.0.0.0/0 police rate 128kbit burst 15k drop flowid :1

It does not work for me. Getting this error -
# tc filter add dev eth0 parent ffff: u32 \
> match u32 0 0 \
> police rate 1mbit burst 100k
RTNETLINK answers: No such file or directory
We have an error talking to the kernel

Kindly point me to latest documentation of tc and/or any other tool which is more in trend. Also can iptables be used for this purpose?
You can use tc, but there are a couple of things that raise questions:
  • I bolded a piece above...since you just copied/pasted the commands from the other thread, are you *SURE* that eth0 is the device you want to use??
  • I realize that you are wanting to limit traffic, but don't say what KIND of traffic, or anything about your environment. It could be a proxy server (like Squid) may be a better solution
What version/distro of Linux are you using?
 
Old 07-12-2018, 05:41 PM   #3
lpriya
LQ Newbie
 
Registered: Jul 2018
Posts: 2

Original Poster
Rep: Reputation: Disabled
Thanks for your response.
Yes, eth0 is the interface of interest.
I am running my organization's proprietary linux distro with kernel version 4.8.
Proxy server is not in topology.
FWIW, I am able to add filter on root qdisc of eth0, but not on the ingress qdisc (throws error given in original post)
Kind of traffic to be policed is user-configurable - based on protocol. eg: icmp traffic with rate as 1mbps, burst 2mbps
I have matched ip in the example just to check how it would go.
Any pointers to detailed documentation on all constructs of tc appreciated.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Traffic Shaping VoiP using TC (Traffic Control) is this working? Nemus Linux - Networking 0 05-16-2011 02:45 PM
Should traffic control root qdsic & child class limit traffic? Washington Ratso Linux - Networking 0 02-23-2011 08:16 PM
tc traffic control tc traffic control Linux QoS control tool(noob help) inv|s|ble Linux - General 1 07-26-2007 12:12 PM
linux traffic control (tc) djsubari Linux - Networking 0 09-14-2006 08:09 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 05:13 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration