0

I'm having some trouble limiting network bandwidth using the net_cls control group in conjunction with the linux traffic controller (tc). I think I might just be confused about how I'm writing the filter rules. I figured the easiest way to manage users network bandwidth would be to use their uid as part of their net_cls control groups classid. So I set the following rule in my cgconfig file (and keep rebooting the machine). I also have the proper setup in my cgrules.conf as any limits I impose on other controllers(like memory) are reflected properly.

So say I have a uid of 5004,

group cgroup_demo_cg {

    net_cls {
        net_cls.classid=0x00105004;
#or should it be the hex equivalent of 5004 ?
        #net_cls.classid=0x0010138c;
    }
}

So either way, the next step should be to add some tc stuff. THe handle is 10 either way so, first create the qdisk:

tc qdisc add dev eth0 root handle 10: htb

then set the class rule:

tc class add dev eth0 parent 10: classid 10:5004 htb rate 4kbit
#or if I had to use the hex value
tc class add dev eth0 parent 10: classid 10:138c htb rate 4kbit

then lastly apply a filter which I think should be the same whether I use the hex value or uid value(5004):

tc filter add dev eth0 parent 10: protocol ip prio 10 handle 1: cgroup

So after I set that up, I expect any network traffic from the user in that cgroup to have its network bandwidth limited by the tc accordingly, however it doesn't appear to be.

If I log in as the user, and set up an ssh session to another one of my machines, and then do a top command(which should send/receive a steady stream of some data), then run the command:

tc -s qdisc ls

I see:

qdisc htb 10: dev eth0 root refcnt 2 r2q 10 default 0 direct_packets_stat 0
 Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
 backlog 0b 0p requeues 0
qdisc pfifo_fast 0: dev eth1 root refcnt 2 bands 3 priomap  1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1
 Sent 1364212 bytes 6045 pkt (dropped 0, overlimits 0 requeues 0)
 backlog 0b 0p requeues 0

Which shows me that nothing was ever added to my qdisk? :(

Any one have any ideas what I'm doing wrong here?

Cheers!

Rooster
  • 485
  • 2
  • 7
  • 21
  • Can you confirm your user is actually in the `tasks` file of that cgroup? – Matthew Ife May 29 '14 at 18:34
  • @MatthewIfe ya, I can confirm that any tasks started by my user, have their pid's show up under the cgroups task file – Rooster May 29 '14 at 18:43
  • And the route this data takes will mean it will always exit out of eth0? – Matthew Ife May 29 '14 at 19:18
  • @MatthewIfe ah. you know, I'm using rackspace and it might be throwing the connection onto its servicenet. Let me double check. – Rooster May 29 '14 at 20:01
  • @MatthewIfe hmm, I'm definitely using eth1. But when I modify my process I'm still seeing traffic above 4kbps – Rooster May 29 '14 at 20:49
  • hmmm, maybe it is working. i set it to 20bps and now its being ridiculously slow and unresponsive. not sure how I can measure it though. Do the tc changes take a given amount of time to kick in? – Rooster May 29 '14 at 20:58
  • It only does egress of course. Try transferring something somewhere, like over scp and you'll get the rate. Also check `tc -s class show dev eth0` – Matthew Ife May 29 '14 at 22:13

0 Answers0