• linux TC打标和限速

     

    Linux tc script------edge!

     (2005-11-28 21:03:12)

    转载
    标签: 

    linux

    		 分类: 计算机与 Internet

    下面这个脚本是我修改后iproute2自带的diffserv范例中的第一个能够较好实现DSCP标注和数据流速率控制的脚本。

    #! /bin/sh -x
    #
    # sample script on using the ingress capabilities
    # This script fwmark tags(IPtables) based on metering on the ingress
    # interface the result is used for fast classification and re-marking
    # on the egress interface
    # This is an example of a color blind mode marker with no PIR configured
    # based on draft-wahjak-mcm-00.txt (section 3.1)
    #
    #path to various utilities;
    #change to reflect yours.
    #
    IPROUTE=/root/Desktop/iproute2
    TC=#IPROUTE/tc/tc
    IP=#IPROUTE/ip/ip
    IPTABLES=/sbin/iptables
    INDEV=eth0
    EGDEV="dev eth1"

    #CIR=committed information rate
    CIR1=1500kbit
    CIR2=1000kbit

    #The CBS is about 60 MTU sized packets
    CBS1=90k
    CBS2=90k

    meter1="police rate #CIR1 burst #CBS1 "
    meter2="police rate #CIR1 burst #CBS2 "
    meter3="police rate #CIR2 burst #CBS1 "
    meter4="police rate #CIR2 burst #CBS2 "
    #meter5="police rate #CIR2 burst #CBS2 "
    #
    # tag the rest of incoming packets from subnet 192.168.10.0/24 to fw value 1
    # tag all incoming packets from any other subnet to fw tag 2
    ############################################################

    ##IPTABLES -t mangle -A PREROUTING -s 0.0.0.0/24 -j MARK --set-mark 1

    #IPTABLES -t mangle -A PREROUTING -s 192.168.10.0/24 -j MARK --set-mark 1

    #0.0.0.0/24没有进行验证,说明为任何其它网段.可查相关资料确定,应该不难解决.这两条命令可能需要注意先后顺序.

    #iptables真是懒人是帮手,利用iptables可以对protocols, ip address, port等进行说明标注!

    ############################################################
    # install the ingress qdisc on the ingress interface
    #TC qdisc add dev #INDEV handle ffff: ingress
    #
    ############################################################

    # All packets are marked with a tcindex value which is used on the egress
    # tcindex 1 maps to EF, 2->AF41, 3->AF42, 4->BE
    #
    ############################################################
    #iptables标记为1的数据包大致速率=meter1+meter2+meter3
    #此脚本中在diffserv area的入口NIC处对数据流进行分类和流量控制,注意police参数和continue/drop选项.

    #如果不清楚可以查询Traffic Control HOWTO和Linux Advanced Routing & Traffic Control #HOWTO!

    #这里设置过滤器,handle 是iptables作mark的值,让被iptables 在mangle链做了mark的不同的值选择#不同的通
    #道classid,而prio 是过滤器的优先级别.

    #
    # anything with fw tag of 1 is passed on with a tcindex value 1
    #if it doesnt exceed its allocated rate (CIR/CBS)
    #
    #TC filter add dev #INDEV parent ffff: protocol ip prio 1 handle 1 fw \
    #meter1 \
    continue flowid 4:1
    #
    # if it exceeds the above but not the extra rate/burst below, it gets a
    #tcindex value  of 2
    #
    #TC filter add dev #INDEV parent ffff: protocol ip prio 2 handle 1 fw \
    #meter2 \
    continue flowid 4:2
    #
    # if it exceeds the above but not the rule below, it gets a tcindex value
    # of 3
    #
    #TC filter add dev #INDEV parent ffff: protocol ip prio 3 handle 1 fw \
    #meter3 \
    drop flowid 4:3
    #
    # Anything else (not from the subnet 10.2.0.24/24) gets discarded if it
    # exceeds 1Mbps and by default goes to BE if it doesnt
    #
    #TC filter add dev #INDEV parent ffff: protocol ip prio 4 handle 2 fw \
    #meter4 \
    drop flowid 4:4


    ######################## Egress side ########################


    # attach a dsmarker
    #
    #TC qdisc add #EGDEV handle 1:0 root dsmark indices 64
    #
    # values of the DSCP to change depending on the class
    #note that the ECN bits are masked out
    #
    #EF (0xb8 is 0x2e shifted to the right by two bits)
    #
    #TC class change #EGDEV classid 1:1 dsmark mask 0x3 \
          value 0xb8
    #AF41
    #TC class change #EGDEV classid 1:2 dsmark mask 0x3 \
          value 0x88
    #AF42
    #TC class change #EGDEV classid 1:3 dsmark mask 0x3 \
          value 0x90
    #BE
    #TC class change #EGDEV classid 1:4 dsmark mask 0x3 \
          value 0x0
    #
    #
    # The class mapping (using tcindex; could easily have
    # replaced it with the fw classifier instead)
    #
    #TC filter add #EGDEV parent 1:0 protocol ip prio 1 \
             handle 1 tcindex classid 1:1
    #TC filter add #EGDEV parent 1:0 protocol ip prio 2 \
             handle 2 tcindex  classid 1:2
    #TC filter add #EGDEV parent 1:0 protocol ip prio 3 \
             handle 3 tcindex  classid 1:3
    #TC filter add #EGDEV parent 1:0 protocol ip prio 4 \
             handle 4 tcindex  classid 1:4
    #

    #
    echo "---- qdisc parameters Ingress ----------"
    #TC qdisc ls dev #INDEV
    echo "---- Class parameters Ingress ----------"
    #TC class ls dev #INDEV
    echo "---- filter parameters Ingress ----------"
    #TC filter ls dev #INDEV parent ffff:

    echo "---- qdisc parameters Egress ----------"
    #TC qdisc ls #EGDEV
    echo "---- Class parameters Egress ----------"
    #TC class ls #EGDEV
    echo "---- filter parameters Egress ----------"
    #TC filter ls #EGDEV parent 1:0
    #
    #deleting the ingress qdisc
    ##TC qdisc del #INDEV ingress

    PS:此段脚本,需要两张网卡,完成DSCP标注和流量控制!
  • 相关阅读:
    “键鼠耕耘,IT家园”,博客园2010T恤正式发布
    解决jQuery冲突问题
    上周热点回顾(5.316.6)
    博客园电子期刊2010年5月刊发布啦
    上周热点回顾(6.76.13)
    Chrome/5.0.375.70 处理 <pre></pre> 的 Bug
    [转]C# MemoryStream和BinaryFormatter
    [转]Android adb不是内部或外部命令 问题解决
    [转]HttpWebRequest解析 作用 介绍
    财富中文网 2010年世界500强排行榜(企业名单)
  • 原文地址:https://www.cnblogs.com/zafu/p/15898330.html
Copyright © 2020-2023  润新知