[TriLUG] Rate-limiting TCP - using "tc"

Owen Berry oberry at trilug.org
Mon May 30 09:36:26 EDT 2005 

I haven't used tc or this script, but if you have 100Mb ethernet then I
would follow the advice in the comment and use "100mbit".

Unless your web server and other services are really handling a lot of
traffic, I would look at Samba first, rather than taking this approach.

Can you be more specific? "Crawls" is such a relative term. :-)

-- Owen

On Sun, 2005-05-29 at 09:18 -0400, Kipp Spanbauer wrote:
> Jon,
> 
> I've seen a couple of your emails regarding the linux tc command. I've 
> copied the script you thrown out here, and I'm still having some trouble. 
> The issue that I face is that my linux box is also connected by samba to my 
> two windows machines. If I try to copy a file from the linux box via samba 
> internally, it crawls. I'm not trying to do VoIP or anything like that. I 
> just want a way to throttle Apache as well as a couple of other web servers 
> that I run.... Here's the script that I am using:
> 
> # Commands to add rate limiting for TCP in Linux
> # These commands must be run as root
> #
> # Create a Class based queue
> # Set normal interface speed (10Mb) for use in calculations
> # Note: use "100mbit" if your eth0 connection is 100Mb
> tc qdisc add dev eth0 root handle 1: cbq avpkt 1000 bandwidth 10mbit
> 
> # Create a 300Kb class - Beware the line wrap
> tc class add dev eth0 parent 1: classid 1:1 cbq rate 300kbit allot 1500 prio 
> 5 bounded isolated
> 
> # Tell which traffic should use the shaped class
> # Protocol 6 = TCP - Beware the line wrap
> tc filter add dev eth0 parent 1: protocol ip prio 16 u32 match ip protocol 6 
> 0xff flowid 1:1
> 
> # ... to match a single ip address
> # ... match ip dst 192.196.12.9 <http://192.196.12.9> flowid 1:1
> 
> # If it breaks everything, back out by using:
> # tc qdisc del dev eth0 root
> 
> Like I said, very much the same thing that you sent out in two different 
> emails (one in October and one in March). I am on Roadrunner residential 
> class. Do I need to increase the "10mbit" limit in the first uncommented 
> line of the script to speed up internal data transfers?
> 
> I have tried Googling tc on the web, but it seems difficult to find 
> easy-to-understand information. Any help you can provide would be greatly 
> appreciated.
> 
> Thank you,
> Kipp Spanbauer
> 
> 
> 
> 
> On 05 Oct 2004 21:36:34 -0400, Jon Carnes <jonc at nc.rr.com> wrote:
> > 
> > "tc" is a very powerful Linux tool! I'm using it to setup some simple
> > rate limits (and to setup some priority queuing based on destination
> > IPs).
> > 
> > We need to have a seminar on using tc!
> > 
> > One of the interesting things about VoIP is that it uses UDP for Voice.
> > This means that you can rate-limit TCP traffic on a firewall and reserve
> > some of the precious upload Bandwidth for Voice.
> > 
> > As an example, my cable connection gives me a 2.5Mb download but only
> > 347Kb upload. If I want to send large emails and talk on the phone at
> > the same time, I need to rate-limit my workstations upload speeds.
> > 
> > This three line script works on the RedHat servers/workstations that
> > I've tested. It limits the TCP upload to 300kb, reserving over 40kb for
> > my voice use (and since I use the G7.29 codec I only use 8kb of that
> > bandwidth)
> > 
> > ===
> > # Commands to add rate limiting for TCP in Linux
> > # These commands must be run as root
> > #
> > # Create a Class based queue
> > # Set normal interface speed (10Mb) for use in calculations
> > # Note: use "100mbit" if your eth0 connection is 100Mb
> > tc qdisc add dev eth0 root handle 1: cbq avpkt 1000 bandwidth 10mbit
> > 
> > # Create a 300Kb class - Beware the line wrap
> > tc class add dev eth0 parent 1: classid 1:1 cbq rate 300kbit
> > allot 1500 prio 5 bounded isolated
> > 
> > # Tell which traffic should use the shaped class
> > # Protocol 6 = TCP - Beware the line wrap
> > tc filter add dev eth0 parent 1: protocol ip prio 16 u32
> > match ip protocol 6 0xff flowid 1:1
> > 
> > # ... to match a single ip address
> > # ... match ip dst 192.196.12.9 <http://192.196.12.9> flowid 1:1
> > 
> > # If it breaks everything, back out by using:
> > # tc qdisc del dev eth0 root
> > 
> > ======
> > References:
> > 
> > http://www.linuxforum.com/linux-advanced-routing/lartc.ratelimit.single.html
> > 
> > http://www.linuxforum.com/linux-advanced-routing/lartc.qdisc.filters.html#LARTC.FILTERING.SIMPLE
> > 
> > ===
> > 
> > For clients at Soho sites I go through some bandwidth testing to find
> > the Choke Point -- the point at which packets begin to queue-up on the
> > outbound routers. I run flood pings while slowly increasing the outbound
> > bandwidth. The pings report a steady latency until the out-bound
> > bandwidth reaches a certain point, and then the latencies begin to rise.
> > 
> > The rise is caused by packets being queued up on one of the network
> > routers. If outbound bandwidth exceeds this Choke Point then traffic
> > will be queued up on the router (and I'm talking about your ISP's router
> > - not yours). It makes no sense to send data faster than this out of
> > your facilities, as it will only be queued-up on your ISP's network.
> > This will slow down *all* packets, including your time sensitive VoIP
> > packets.
> > 
> > The best course of action is to manually throttle your connection so
> > that it stays below this choke point.
> > 
> > Linksys WRT45G-S routers running the latest 2.09.1 firmware can do this
> > for you as well. However, some of my clients have Linux firewalls, so I
> > was forced to figure out how to do this simple bandwidth shaping on
> > Linux too.
> > 
> > As always, I thought I would share.
> > 
> > Jon
> > http://www.featuretel.com
> > 
> >

More information about the TriLUG mailing list