A backup server was saturating the DSL links of remote offices every time the backups were running. To prevent this, I had to limit the incoming bandwidth of the TCP-connections that were used to back up the remote hosts, but not touch the ones that were used to connect to the servers in the local network. Here’s how to do it.
The limiting must be done by attaching a queuing discipline on the ingress side of the interface the traffic is coming in from. After that you can attach filters that filter traffic from specified hosts or subnets with a given bandwidth.
Step number one is to attach the ingress qdisc:
1 |
root@srv:/# tc qdisc add dev eth0 handle ffff: ingress |
Step number two is to add one or more filters that police the bandwidth:
1 2 3 4 5 6 |
root@srv:/# tc filter add dev eth0 parent ffff: protocol ip prio 50 \ u32 match ip src 192.168.123.123 \ police rate 64kbit burst 10k drop flowid :1 root@srv:/# tc filter add dev eth0 parent ffff: protocol ip prio 50 \ u32 match ip src 192.168.124.0/24 \ police rate 128kbit burst 10k drop flowid :1 |
Step number three is to make your new qdisc and filters to load each time you reboot your server. On Ubuntu, this can be achieved by adding a script to the /etc/network/if-up.d
directory. Scripts in that directory will be called whenever a network interface comes up.
Let’s add a file called /etc/network/if-up.d/tc
with the following contents:
1 2 3 4 5 6 7 8 9 10 11 12 |
#!/bin/sh # # Network traffic control settings # /sbin/tc qdisc add dev eth0 handle ffff: ingress /sbin/tc filter add dev eth0 parent ffff: protocol ip prio 50 \ u32 match ip src 192.168.123.123 \ police rate 64kbit burst 10k drop flowid :1 /sbin/tc filter add dev eth0 parent ffff: protocol ip prio 50 \ u32 match ip src 192.168.124.0/24 \ police rate 128kbit burst 10k drop flowid :1 |
Further reading:
moro mikko
minulla olisi kysymys tc:ll
En tied