traffic shaping | A Single Failure Without A Point!

Sometimes you just gotta stop people taking all you bandwidth.

Below is the process I used to restrict the speed of data on port 22. Yes scp has a built in limiter, but when people don't respect your authority, you got to break out the big guns.

Step 1. Load required kernel modules and set device.

modprobe sch_netem act_police cls_flow cls_route cls_matchall cls_basic cls_flower cls_u32 cls_bpf cls_fw sch_htb sch_fq_codel sch_sfq

DEV=$(ip a | grep "2:" | cut -d':' -f2 | sed 's/\s//g')

Step 2. Add a qdisc (Queue Discipline)

tc qdisc add \
dev "${DEV}" \
root \
handle 1: \
htb \
default 30

Step 3. Create a single top level class which limits total bandwidth

tc class add \
dev "${DEV}" \
parent 1: \
classid 1:1 \
htb \
rate 1gbit

Step 4. Create a child class

tc class add \
dev "${DEV}" \
parent 1:1 \
classid 1:10 \
htb \
rate 20mbit \
ceil 30mbit \
prio 1

Step 5. Attach a leaf qdisc to the class

tc qdisc add \
dev "${DEV}" \
parent 1:10 \
sfq

Step 6. Add filter for priority traffic

tc filter add \
dev "${DEV}" \
parent 1: \
protocol ip \
prio 1 \
u32 \
match ip dport 22 0xffff \
flowid 1:10

To remove the config from the interface, execute the following:

tc qdisc del \
dev "${DEV}" \
root \
htb

A Single Failure Without A Point!

Tag Archives: traffic shaping

Linux Traffic Shaping