I can create rules to limit a entire subnet or to limit individual ip addresses with tc and htb. I am looking to use CIDR ranges to keep things somewhat elegant.
The machines in question are all running CentOS 7. I have been attempting to use tc + htb to accomplish this, but I am open to other tools if there is a better method.
My goal is to limit by a CIDR range and assign individual limits per source ip address.
For example, set global limit for 192.168.1.0/24 to 100Mb/s and each source ip within 192.168.1.0/24 has a individual upload limit of 10Mb/s that may not be exceeded.
Here is a working example of what I am doing for each ip(looking to simplify procedure if possible):
These steps only need to be performed once:
Create initial HTB qdisc:
# tc qdisc add dev eth0 root handle 1: htb default 12
Create root class:
# tc class add dev eth0 parent 1: classid 1:1 htb rate 100mbit ceil 100mbit
These steps must be performed for each IP in the CIDR range using current method (what I am looking to hopefully improve):
A class must be added for each source ip:
# tc class add dev eth0 parent 1:1 classid 1:10 htb rate 10mbit ceil 100mbit
# tc class add dev eth0 parent 1:1 classid 1:11 htb rate 10mbit ceil 100mbit
# tc class add dev eth0 parent 1:1 classid 1:12 htb rate 10mbit ceil 100mbit
A filter must be created for each source ip:
# tc filter add dev eth0 protocol ip parent 1:0 prio 1 u32 match ip src 192.168.1.2 flowid 1:10
# tc filter add dev eth0 protocol ip parent 1:0 prio 1 u32 match ip src 192.168.1.3 flowid 1:11
It may be that there is no elegant way to do this, but any tips / advice would be greatly appreciated. I have looked through several guides online such as http://lartc.org. Thank you.
