Shulou(Shulou.com)06/01 Report--

I. Network Topology

II. Introduction to the environment

Server system is centos6.5, kernel: 2.6.32-431.el6.x86_64

Server: two network cards eth0:10.0.0.100

Eth2:192.168.0.1

PC: a network card eth0:192.168.0.10,gw:192.168.0.1

III. Introduction to tc

In linux, tc has two control methods: CBQ and HTB. HTB is designed to replace CBQ. HTB is more flexible than CBQ, but CPU is also more expensive. CBQ is usually used in high-speed links. Generally speaking, HTB is more widely used. Our rule for HTB in tc is essentially a tree structure, including three basic blocks: queue specification qdisc (queueing discipline), class and Classifiers.

Qdisc queue rule (queueing discipline):

It is used to control the sending and receiving speed of the network. Through queuing, linux can cache network packets and smooth network traffic as much as possible without interrupting connections (such as tcp) according to the user's settings. It should be noted that linux's control of the receiving queue is not good enough, so we generally only use the sending queue, that is, "controlled sending and uncontrolled receiving". It encapsulates the other two main tc components (classes and classifiers). If the kernel needs to send packets through a network interface, it needs to queue the packets according to the qdisc queue rules configured for that interface. The kernel then takes as many packets as possible from the qdisc and gives them to the network adapter driver module.

The simplest QDisc is pfifo, which does not do any processing to incoming packets. Packets pass through the queue on a first-in-first-out basis. However, it saves packets that the network interface cannot handle for the time being. Common queue rules include FIFO FIFO, RED random early detection, SFQ random fair queue and token bucket Token Bucket. Class base queue CBQ,CBQ is a super queue, that is, it can contain other queues and even other CBQ.

Class class

Class is used to denote control strategy. Obviously, most of the time, we may have to implement different flow control strategies for different IP, so we have to use different class to express different control strategies.

Filter rule

Filter is used to put users into specific control policies (that is, different class). For example, now we want to implement different control strategies (IP B) for the two IP of xxa,xxb. In this case, we can use filter to put xxa into control strategy A, and the flag bits that put xxb into the control strategy BForce filter can be realized by U32 marking function or IPtables's set-mark (mostly marked by iptables) function. At present, the filters that tc can use are: fwmark classifier, U32 classifier, route-based classifier and RSVP classifier (used for IPV6 and IPV4 respectively). Among them, fwmark classifier allows us to use Linux netfilter code to select traffic, while U32 classifier allows us to select traffic based on ANY header. It is important to note that filter (filters) are internal to QDisc and cannot be used as bodies.

Implementation steps

It mainly consists of three steps: establishing queue, classification and filter.

1 set up a queue qdisc for physical devices

(2) to establish a classification on the related queue, generally, to establish a root classification on the qdisc, and then to establish a subclass on the root classification.

3 establish a route-based filter for each classification and combine the filtering rules with a specific route. Typically, you only need to provide a filter for the root classification, and then provide a route map for each subclass.

IV. Implementation

Server end

Sed-I 's#net.ipv4.ip_forward = 0#net.ipv4.ip_forward = 1roomg' / etc/sysctl.conf

Sysctl-p

Make the nat command as follows:

Iptables-F

Iptables-t nat-F

Iptables-t nat-A POSTROUTING-s 192.168.0.0 to 24-o eth0-j SNAT-- to 10.0.0.100

Marking flow control based on fw filter

Iptables-t mangle-I PREROUTING-o eth0-s 192.168.0 MARK 24-j MARK-- set-mark 0x11

Upload rate for flow control

Tc can only control the rate of packets sent by the network card, so the upload rate should be limited on eth0.

Delete old queu

Tc qdisc del dev eth0 root 2 > / dev/null

Add a root queue

Tc qdisc add dev eth0 root handle 1:0 htb default 60

Add a root class

Tc class add dev eth0 parent 1:0 classid 1:1 htb rate 100Mbit ceil 100Mbit prio 0

Add a subclass for intranet rate limit to 10Mbit

Tc class add dev eth0 parent 1:1 classid 1:11 htb rate 10Mbit ceil 10Mbit prio 1 burst 96kbit

Set queue rules

Tc qdisc add dev eth0 parent 1:11 handle 111:0 sfq perturb 10

Map the queue to the fw filter, where the 0x11 of hand 0x11 is the tag that starts with iptables

Tc filter add dev eth0 parent 1:0 protocol ip prio 1 handle 0x11 fw classid 1:11

For download restrictions, the filter uses U32

Tc qdisc del dev eth2 root 2 > / dev/null

Root queue

Tc qdisc add dev eth1 root handle 2:0 htb default 30

Root class

Tc class add dev eth1 parent 2:0 classid 2:1 htb rate 10Mbit ceil 10Mbit prio 0

Subclass

Tc class add dev eth1 parent 2:1 classid 2:11 htb rate 1Mbit ceil 1Mbit prio 1

Set queue rules

Tc qdisc add dev eth1 parent 2:11 sfq perturb 10

Tc filter add dev eth2 parent 2:0 protocol ip prio 2 u32 match ip dst 192.168.0.0/24 flowid 2:11

Monitor traffic with the following command

Tc-s qdisc ls dev eth0

Tc-s qdisc ls dev eth2

Tc-s class ls dev eth0

Tc-s class ls dev eth2

Reference:

Http://lartc.org/howto/lartc.qdisc.classful.html

Https://blog.csdn.net/eydwyz/article/details/53320612

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.