When traffic is shaped, its rate of transmission is under control. Shaping may be more than lowering the available bandwidth – it is also used to smooth out bursts in traffic for better network behaviour.
Linux comes with very good traffic control programs. You can set up the guaranteed bandwidth and maximum bandwidth to limit its outgoing traffic using iptables and tc command.
I recommend that you read this tutorial and tc command man page before typing any one of the following commands.
First, you need to add root qdisc, enter:
### delete old rules if any ###
# /sbin/tc qdisc del dev eth0 root
#### add it ###
# /sbin/tc qdisc add dev eth0 root handle 11: htb default 500 r2q 1
In this following example, I’m going to set guaranteed bandwidth to 64KB/s and max/burstable bandwidth to 128KB/s for testing purpose (feel free to adjust those number as per your setup). Add level 1 class. This class set 128kbps as burstable bandwidth:
# /sbin/tc class add dev eth0 parent 11: classid 11:1 htb rate 128kbps ceil 128kbps quantum 2048
#### this is our level 2 class ####
# /sbin/tc class add dev eth0 parent 11:1 classid 11:101 htb rate 64kbps ceil 128kbps prio 0 quantum 2048
You need to add leaf to our qdisc:
# /sbin/tc qdisc add dev eth0 parent 11:101 handle 1001: sfq
Finally add our filter:
# /sbin/tc filter add dev eth0 parent 11: protocol ip handle 101 fw classid 11:101
iptables POSTROUTING rules
tc is used to configure Traffic Control in the Linux kernel. However, you need to use iptables to apply those rules for ftp tcp port 21 and passive ftp tcp port range 40000:41000 as follows:
### iptables mangle rule ### /sbin/iptables -A POSTROUTING -t mangle -o eth0 -p tcp -m multiport --sports 21,40000:41000 -j MARK --set-xmark 101 /sbin/iptables -A POSTROUTING -t mangle -o eth0 -p tcp -m multiport --sports 21,40000:41000 -j RETURN
Please note that mangle table is used for specialized packet alteration as follows:
- PREROUTING – for altering incoming packets before routing.
- OUTPUT – for altering locally-generated packets before routing.
- INPUT – for packets coming into the box itself.
- FORWARD – for altering packets being routed through the box.
- POSTROUTING – for altering packets as they are about to go out.
Here is a dump of mangle table:
# /sbin/iptables-save -t mangle
# Generated by iptables-save v1.4.8 on Sun Sep 9 14:28:18 2012 *mangle :PREROUTING ACCEPT [353:50724] :INPUT ACCEPT [353:50724] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [490:67671] :POSTROUTING ACCEPT [490:67671] -A POSTROUTING -o eth0 -p tcp -m multiport --sports 21,40000:41000 -j MARK --set-xmark 0x65/0xffffffff -A POSTROUTING -o eth0 -p tcp -m multiport --sports 21,40000:41000 -j RETURN COMMIT # Completed on Sun Sep 9 14:28:18 2012
Use lftp command or any other ftp client to test bandwidth limitations:
$ lftp -u username ftpservername
Try to download a big file:
lftp [email protected]:/multipedia/iso-images/centos> get CentOS-6.2-x86_64-bin-DVD1.iso