登录  
 加关注
查看详情
   显示下一条  |  关闭
温馨提示!由于新浪微博认证机制调整,您的新浪微博帐号绑定已过期,请重新绑定!立即重新绑定新浪微博》  |  关闭

SeaRiver Blog

实力才是你一生最好的依靠!

 
 
 

日志

 
 

centos tc 带宽限制  

2007-03-28 03:22:39|  分类: monitor |  标签: |举报 |字号 订阅

  下载LOFTER 我的照片书  |

流量带宽限制法方:

1.在CENTOS 4.4上更新IPROUT软件包
  YUM install iproute

2.手工加载SCH_CBQ
  modprobe  SCH_CBQ

3.添加到配置文件中使服务器启动时自动加载
  /sbin/modprobe SCH_CBQ

4.以ROOT身份执行以下命令
tc qdisc del dev eth0 root
tc qdisc add dev eth0 root handle 1: cbq avpkt 1000 bandwidth 100Mbit
tc class add dev eth0 parent 1: classid 1:1 cbq rate 32kbit allot 1500  prio 5 bounded
tc filter add dev eth0 parent 1: protocol ip prio 16 u32 match ip dst 10.15.3.129/32 flowid 1:1
tc qdisc add dev eth0 parent 1:1 sfq perturb 10

相关资料:

 Limiting outgoing bandwidth

We can limit VE outgoing bandwidth by setting the tc filter on eth0.

DEV=eth0  tc qdisc del dev $DEV root  tc qdisc add dev $DEV root handle 1: cbq avpkt 1000 bandwidth 100mbit  tc class add dev $DEV parent 1: classid 1:1 cbq rate 256kbit allot 1500 prio 5 bounded isolated  tc filter add dev $DEV parent 1: protocol ip prio 16 u32 match ip src X.X.X.X flowid 1:1  tc qdisc add dev $DEV parent 1:1 sfq perturb 10  

X.X.X.X is an IP address of VE.

 

Limiting incoming bandwidth

This can be done by setting the tc filter on venet0:

DEV=venet0  tc qdisc del dev $DEV root  tc qdisc add dev $DEV root handle 1: cbq avpkt 1000 bandwidth 100mbit  tc class add dev $DEV parent 1: classid 1:1 cbq rate 256kbit allot 1500 prio 5 bounded isolated  tc filter add dev $DEV parent 1: protocol ip prio 16 u32 match ip dst X.X.X.X flowid 1:1  tc qdisc add dev $DEV parent 1:1 sfq perturb 10  

Note that X.X.X.X is an IP address of VE.

 

 Limiting VE to HN talks

As you can see, two filters above don't limit VE to HN talks. I mean a VE can emit as much traffic as it wishes. To make such a limitation from the HN, it is necessary to use tc police on venet0:

DEV=venet0:1  

 

Limiting packets per second rate from VE

To prevent dos atacks from the VE you can limit packets per second rate using iptables.

DEV=eth0  iptables -I FORWARD 1 -o $DEV -s X.X.X.X -m limit --limit 200/sec -j ACCEPT  iptables -I FORWARD 2 -o $DEV -s X.X.X.X -j DROP  

Here X.X.X.X is an IP address of VE

 

 External links

 

  评论这张
 
阅读(1291)| 评论(0)

历史上的今天

评论

<#--最新日志,群博日志--> <#--推荐日志--> <#--引用记录--> <#--博主推荐--> <#--随机阅读--> <#--首页推荐--> <#--历史上的今天--> <#--被推荐日志--> <#--上一篇,下一篇--> <#-- 热度 --> <#-- 网易新闻广告 --> <#--右边模块结构--> <#--评论模块结构--> <#--引用模块结构--> <#--博主发起的投票-->
 
 
 
 
 
 
 
 
 
 
 
 
 
 

页脚

网易公司版权所有 ©1997-2018