[TriLUG] Rate-limiting TCP - using "tc"

Jon Carnes jonc at nc.rr.com
Tue Oct 5 21:36:34 EDT 2004


"tc" is a very powerful Linux tool! I'm using it to setup some simple
rate limits (and to setup some priority queuing based on destination
IPs).

We need to have a seminar on using tc!

One of the interesting things about VoIP is that it uses UDP for Voice.
This means that you can rate-limit TCP traffic on a firewall and reserve
some of the precious upload Bandwidth for Voice. 

As an example, my cable connection gives me a 2.5Mb download but only
347Kb upload. If I want to send large emails and talk on the phone at
the same time, I need to rate-limit my workstations upload speeds. 

This three line script works on the RedHat servers/workstations that
I've tested. It limits the TCP upload to 300kb, reserving over 40kb for
my voice use (and since I use the G7.29 codec I only use 8kb of that
bandwidth)

===
# Commands to add rate limiting for TCP in Linux
# These commands must be run as root
#
# Create a Class based queue
# Set normal interface speed (10Mb) for use in calculations
# Note: use "100mbit" if your eth0 connection is 100Mb
tc qdisc add dev eth0 root handle 1: cbq avpkt 1000 bandwidth 10mbit

# Create a 300Kb class - Beware the line wrap
tc class add dev eth0 parent 1: classid 1:1 cbq rate 300kbit 
 allot 1500 prio 5 bounded isolated
 
# Tell which traffic should use the shaped class
# Protocol 6 = TCP - Beware the line wrap
tc filter add dev eth0 parent 1: protocol ip prio 16 u32 
 match ip protocol 6 0xff flowid 1:1
 
# ... to match a single ip address
#       ...  match ip dst 192.196.12.9 flowid 1:1
 
# If it breaks everything, back out by using:
# tc qdisc del dev eth0 root

======
References:
http://www.linuxforum.com/linux-advanced-routing/lartc.ratelimit.single.html
http://www.linuxforum.com/linux-advanced-routing/lartc.qdisc.filters.html#LARTC.FILTERING.SIMPLE

===

For clients at Soho sites I go through some bandwidth testing to find
the Choke Point -- the point at which packets begin to queue-up on the
outbound routers. I run flood pings while slowly increasing the outbound
bandwidth. The pings report a steady latency until the out-bound
bandwidth reaches a certain point, and then the latencies begin to rise.

The rise is caused by packets being queued up on one of the network
routers. If outbound bandwidth exceeds this Choke Point then traffic
will be queued up on the router (and I'm talking about your ISP's router
- not yours). It makes no sense to send data faster than this out of
your facilities, as it will only be queued-up on your ISP's network.
This will slow down *all* packets, including your time sensitive VoIP
packets.

The best course of action is to manually throttle your connection so
that it stays below this choke point. 

Linksys WRT45G-S routers running the latest 2.09.1 firmware can do this
for you as well. However, some of my clients have Linux firewalls, so I
was forced to figure out how to do this simple bandwidth shaping on
Linux too.

As always, I thought I would share.

Jon
http://www.featuretel.com




More information about the TriLUG mailing list