在我的小型私人网络中,我有一个设备(IP 地址 192.168.0.240),我希望它具有管道的“保证”部分。为此,我一直在关注这篇服务器故障文章来塑造出口在我的界面上。我已经完成了,在界面上如果b0,我也做过同样的事情以太网1正如本文所讨论的。出口流量以太网1正在按预期工作(tc -s class show dev eth1 验证这一点)。但是,当我查看 ifb0 类的统计信息时,没有字节或数据包通过它。
# tc -s class show dev ifb0
class htb 1:1 root rate 950000Kbit ceil 950000Kbit burst 120293b cburst 120293b
Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
rate 0bit 0pps backlog 0b 0p requeues 0
lended: 0 borrowed: 0 giants: 0
tokens: 1013 ctokens: 1013
class htb 1:10 parent 1:1 prio 1 rate 10000Kbit ceil 25000Kbit burst 2850b cburst 4725b
Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
rate 0bit 0pps backlog 0b 0p requeues 0
lended: 0 borrowed: 0 giants: 0
tokens: 2280 ctokens: 1512
class htb 1:20 parent 1:1 leaf 8003: prio 2 rate 900000Kbit ceil 950000Kbit burst 114075b cburst 120293b
Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
rate 0bit 0pps backlog 0b 0p requeues 0
lended: 0 borrowed: 0 giants: 0
tokens: 1014 ctokens: 1013
规则如下:
echo Changing MTU of ingress interface to that of eth1
eth1Mtu=$(cat /sys/class/net/eth1/mtu)
echo ${eth1Mtu} > /sys/class/net/ifb0/mtu
# This little bit of redirection magic is taken from https://serverfault.com/a/386791
echo Adding ingress qdisc to the eth1 interface
tc qdisc add dev eth1 handle ffff: ingress
tc filter add dev eth1 parent ffff: protocol ip u32 match u32 0 0 action mirred egress redirect dev ifb0
echo Adding egress logic to the pseudo interface
tc qdisc add dev ifb0 root handle 1: htb default 20
tc class add dev ifb0 parent 1: classid 1:1 htb rate 950mbit
tc class add dev ifb0 parent 1:1 classid 1:10 htb rate 10mbit ceil 25mbit prio 1
tc class add dev ifb0 parent 1:1 classid 1:20 htb rate 900mbit ceil 950mbit prio 2
tc qdisc add dev ifb0 parent 1:20 sfq
tc filter add dev ifb0 parent 1: protocol ip prio 1 u32 match ip src 192.168.0.240/32 flowid 1:10
我做错了什么,流量没有通过伪镜像接口路由?
编辑
一位受访者尝试了这些规则,并显示流量按照我的预期路由。这让我觉得我应该包括:这是在 Red Hat EL 5(CentOS 5:内核 2.6.18-348.18.1.el5)上完成的。我知道它非常非常老。但我无法更改操作系统。