问题
我进行了internet类似的搜索,但找不到太多有关 limit 的信息upload。给出的解决方案不是限制性的IP基础,例如这个但局域网作为一个整体。
+-----+
+--------+ | S |
| User A |---+ W |
+--------+ | I |
+--------+ | T | +--------+ +----------+
| User B |---+ C +-----| Router |--------| Internet |
+--------+ | H | +--------+ +----------+
.... ... / ...
+--------+ | H |
| User N |---+ U |
+--------+ | B |
+-----+
UserA:172.16.10.2UserB:172.16.10.3-RouterPrivate:172.16.0.1UserC:172.16.10.4
我只想upload限制172.16.10.3&172.16.10.4使用tc htbandiptables
我已经尝试过的
我根据我的要求修改了脚本。
IF_INET=external
# upload bandwidth limit for interface
BW_MAX=2000
# upload bandwidth limit for 172.16.16.11
BW_CLIENT=900
# first, clear previous settings
tc qdisc del dev ${IF_INET} root
# top-level htb queue discipline; send unclassified data into class 1:10
tc qdisc add dev ${IF_INET} root handle 1: htb default 10
# parent class (wrap everything in this class to allow bandwidth borrowing)
tc class add dev externel parent 1: classid 1:1 htb \
rate ${BW_MAX}kbit ceil ${BW_MAX}kbit
# two child classes
#
# the default child class
tc class add dev ${IF_INET} parent 1:1 \
classid 1:10 htb rate $((${BW_MAX} - ${BW_CLIENT}))kbit ceil ${BW_MAX}kbit
# the child class for traffic from 172.16.16.11
tc class add dev ${IF_INET} parent 1:1 \
classid 1:20 htb rate ${BW_CLIENT}kbit ceil ${BW_MAX}kbit
# classify traffic
tc filter add dev ${IF_INET} parent 1:0 protocol ip prio 1 u32 \
match ip src 172.16.16.11/32 flowid 1:20
但这会不是用于限制上传。那么解决办法是什么呢?
答案1
为什么使用 172.16.16.11 作为源 IP 而不是 .10.3 和/或 .10.4 ?!
我使用连接到本地 open-vswitch 接口的本地虚拟机(运行“nc -klvp 42 >/dev/null”)。为了演示某些源 IP 的流量整形,我删除了“class 1:20”处的“ceil”参数。
我的tc剧本
#!/bin/bash
export IF_INET=ovs-br0
export UNIT=kbps
export BW_MAX=2048
export BW_CLIENT=128
tc qdisc del dev ${IF_INET} root &>/dev/null
tc qdisc add dev ${IF_INET} root handle 1: htb default 10
tc class add dev ${IF_INET} parent 1: classid 1:1 htb rate ${BW_MAX}$UNIT
tc class add dev ${IF_INET} parent 1:1 classid 1:10 htb rate $((${BW_MAX} - ${BW_CLIENT}))$UNIT ceil ${BW_MAX}$UNIT
tc class add dev ${IF_INET} parent 1:1 classid 1:20 htb rate ${BW_CLIENT}$UNIT
tc filter add dev ${IF_INET} parent 1:0 protocol ip prio 1 u32 match ip src 172.16.10.3/32 flowid 1:20
tc filter add dev ${IF_INET} parent 1:0 protocol ip prio 1 u32 match ip src 172.16.10.4/32 flowid 1:20
具有不同源 IP 的本地 IP 地址/路由
section61:~ # ip a s dev ovs-br0 | grep 172.16.1
inet 172.16.10.4/24 scope global ovs-br0
inet 172.16.10.3/24 scope global secondary ovs-br0
inet 172.16.10.5/24 scope global secondary ovs-br0
inet 172.16.10.6/24 scope global secondary ovs-br0
section61:~ # ip route get 172.16.10.13 | grep -v cache
172.16.10.13 dev ovs-br0 src 172.16.10.3 uid 0
section61:~ # ip route get 172.16.10.14 | grep -v cache
172.16.10.14 dev ovs-br0 src 172.16.10.4 uid 0
section61:~ # ip route get 172.16.10.15 | grep -v cache
172.16.10.15 dev ovs-br0 src 172.16.10.5 uid 0
section61:~ # ip route get 172.16.10.16 | grep -v cache
172.16.10.16 dev ovs-br0 src 172.16.10.6 uid 0
使用不同源IP的两个数据流
section61:~ # dd if=/dev/zero of=/dev/stdout count=$((1*1024*1024)) bs=1024 | pv | nc 172.16.10.13 42
7.03MiB 0:00:58 [ 120KiB/s] [ <=> ]
section61:~ # dd if=/dev/zero of=/dev/stdout count=$((4*1024*1024)) bs=1024 | pv | nc 172.16.10.15 42
135MiB 0:01:17 [1.76MiB/s] [ <=> ]
要检查 qdisc 类的流量整形,我强烈建议运行巴蒙
提示
- 如果你在1:20级别使用“ceil”,那么你必须同时创建两个数据流才能完全饱和1:10!否则 1:20 将得到 1:10 未使用的提醒
- 使用“iptables mangle .. match-set”对数据包进行分类也应该有效。
openSUSE Leap 15.1 - Linux 4.12.14-lp151.28.75-default