Linux - Network Traffic Priority by IP

3

2

I'm using Ubuntu 12.10 and looking for a way to shape network traffic based on the IP address. I have a LAN, lets say from 192.168.1.2 - 192.168.1.254. The server is at 192.168.1.1. All IPs should have the maximum possible network speeds (all ports, but Samba is the actual culprit). The moment a specific IP or IP range (eg: 192.168.1.100) connects, the full speed should be given to that IP, all other IPs speed should be reduced to the minimum. Once the IPs traffic is finished, the rest of the connected IPs' speed should be restored.

I pretty much have a server and if my own PC connects to it, I want full speed. Only if I'm not using the server, the rest should have full access.

I've found some solutions online with tc, but they all limit specific IPs with a certain speed. I however want all people to have the max speed, except if a certain IP is connected. So basically my IP should have the highest priority and the rest the lowest priority.

Can anyone help me out with a script or maybe a program that already exists?

goocreations

Posted 2013-02-13T15:31:42.363

Reputation: 237

Answers

3

tc is the way to go. The trick is to prioritize traffic without limiting it.

http://www.lartc.org/howto/lartc.qdisc.classful.html, section 9.5.3 "The PRIO qdisc"; by default it creates 3 queues but you can ignore the 3rd one. The simplest approach would be:

Create the queue disciplines (qdisc)

tc qdisc add dev eth0 root handle 1: prio

tc qdisc add dev eth0 parent 1:1 handle 10: sfq
tc qdisc add dev eth0 parent 1:2 handle 20: sfq
tc qdisc add dev eth0 parent 1:3 handle 30: sfq

They all have the same queue algorithm; then assign your servers (IP 192.168.1.0-127 in this case) to handle 10: and the rest to 20: :

tc filter add dev eth0 protocol ip parent 1:1 prio 1 u32 match ip dst 192.168.1.0/25 flowid 10:
tc filter add dev eth0 protocol ip parent 1:2 prio 2 flowid 20:

(Disclaimer: it's a been a while since I touched this stuff, you may have to experiment with the values after parent and flowid)

Using ranges that are powers of 2 is a lot easier than decimal limits. The /25 after the IP address ignores the last 7 bits of the IP address, hence a range from 0 to 127. Use a /26 to limit the range to 0..63, if necessary.

On the same page, Hierarchical Token Bucket is discussed, which is a more finegrained way of distributing bandwidth. The trick is to create to 2 classes with a skewed bandwidth ratio, say 1:10 (100 mbit vs 1000 mbit). This will leave some bandwidth to your other clients.

JvO

Posted 2013-02-13T15:31:42.363

Reputation: 883

Has anyone tried this? I'm getting the following error when I run add dev eth0 protocol ip parent 1:1 prio 1 u32 match ip dst 10.0.0.1/32 flowid 10: : RTNETLINK answers: Invalid argument. We have an error talking to the kernel – PicoutputCls – 2018-10-26T15:16:51.887

1Check the name of the interface on which you want to add the rules; it used to be 'eth0' for the first network card but names have differentiated lately. – JvO – 2018-11-02T17:52:36.900

Thanks @JvO. In my case the interface is still eth0. – PicoutputCls – 2018-11-09T10:26:37.490

1@PicoutputCls I've just edited accepted answer and fixed the commands you mentioned which cause an error. – StenaviN – 2019-06-11T13:02:45.803

Asked: 2013-02-13T15:31:42.363

Viewed: 4 185 times

Active: 2013-02-14T17:39:35.570