5

How can I limit the upload and download bandwidth on my CentOS server? This is a box with a single interface, eth0. Ideally, I would like a command-line solution (I've been trying to use tc), something that I could easily switch on and off in a script.

So far I've been trying to do something like tc filter add dev eth0 protocol ip prio 50 u32 police rate 100kbit burst 10240 drop but I'm obviously missing a lot of knowledge and information. Can somebody help with a quick one-liner?

Many thanks, Dan

Dan Nestor
  • 220
  • 1
  • 2
  • 7

1 Answers1

5

I'm having trouble adding the script code for you here, it is available via this gist - https://gist.github.com/akrasic/7242498#file-limit-tc-sh

The script is using TC and Hierarchical Token Bucket (HTB) to define the rules and lastly the filters that would act as a catch-all rule.

You would need to modify the interface var if it's different than eth0˙and the interface_speed .

Save the script on your server, and start it via: ḃash limit-tc.sh start

To stop: bash limit-tc.sh stop

View status: bash limit.tc status

Status output would look something like this:

qdisc htb 1: root refcnt 2 r2q 10 default 30 direct_packets_stat 1  
 Sent 535666 bytes 6461 pkt (dropped 172, overlimits 7641 requeues 0)  
 rate 0bit 0pps backlog 0b 0p requeues 0  
qdisc sfq 10: parent 1:10 limit 127p quantum 1514b perturb 10sec  
 Sent 535624 bytes 6424 pkt (dropped 172, overlimits 0 requeues 0)   
 rate 0bit 0pps backlog 0b 0p requeues 0  
qdisc sfq 20: parent 1:20 limit 127p quantum 1514b perturb 10sec  
 Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)  
 rate 0bit 0pps backlog 0b 0p requeues 0  
MadHatter
  • 78,442
  • 20
  • 178
  • 229
Tabiko
  • 310
  • 1
  • 8
  • Looking at the documentation I understand that for incoming traffic, a "police" filter must be used, which the script does not use. How come it still works? – Dan Nestor Oct 31 '13 at 15:27
  • TC commands until the filter part first the traffic shaping rules, and with the `tc filter ...` we classify the incoming and outgoing packets, and if they match the rules, they are being shaped to match the rule. There are different ways how this can be done, you can use iptables + tc to limit the traffic - but if you'd have high amount of traffic coming it iptables ip_conntrack limit could be hit and you'd end up raising limit until it becomes too much for the kernel to handle. This way you wouldn't hit this issue, you can have clean set of iptables rules which wouldn't use ip_conntrack. – Tabiko Nov 01 '13 at 04:08