TC (Traffic Control) command - linux comes with advanced flow control

[tap]

tc command - linux restricts traffic based on ip

The principle part is organized with reference to multi-party documents. The main purpose of this article is to record several instances of speed limit for intuitive understanding and learning (git speed limit 1, 2).

refer to:

First, the principle of tc

The traffic controller TC (Traffic Control) in the Linux operating system is used for the traffic control of the Linux kernel, mainly by establishing a queue at the output port to realize the traffic control.
After receiving packets from the input interface, the packets that do not meet the requirements will be discarded after the traffic limit, and the input demultiplexer will judge and select:

If the destination host of the received packet is this host, then the packet is sent to the upper layer for processing, otherwise it needs to be forwarded, and the received packet is handed over to the Forwarding Block for processing.
The forwarding block also receives the packets generated by the upper layer (TCP, UDP, etc.) of the host, and determines the next hop of the processed packets by viewing the routing table.
Then, the packets are arranged to send them to the output interface.

Generally, only the data packets sent by the network card can be limited, but the data packets received by the network card cannot be limited, so the transmission rate can be controlled by changing the sending order. Linux flow control is mainly processed and implemented when the output interface is arranged.

2. Rules

2.1 Flow control method

Flow control includes the following methods:

SHAPING (limit): When traffic is limited, its transmission rate is controlled below a certain value. The limit value can be much smaller than the effective bandwidth, which can smooth out burst data traffic and make the network more stable. shaping only applies to outgoing traffic.
SCHEDULING: By scheduling the transmission of data packets, bandwidth can be allocated according to priority within the bandwidth range. SCHEDULING is also only suitable for outgoing traffic.
POLICING (policy):
SHAPING is used to handle outgoing traffic, while POLICIING (policy) is used to handle received data.
DROPPING: If the traffic exceeds a certain set bandwidth, the packet is dropped, whether it is inbound or outbound.

2.2 Flow control processing objects

The processing of traffic is controlled by three objects, which are:

qdisc (queuing discipline)
class
filter

2.2.1 qdisc (queuing rules)

QDisc (queuing discipline) is short for queueing discipline, which is the basis for understanding traffic control. Whenever the kernel needs to send a packet through a network interface, it needs to enqueue the packet according to the qdisc (queuing discipline) configured for that interface. Then, the kernel will take as many packets as possible from the qdisc and pass them to the network adapter driver module. The simplest QDisc is pfifo, which does not do any processing on incoming data packets, and the data packets pass through the queue in a first-in, first-out manner. However, it saves packets that the network interface cannot handle for a while.
The categories of qdisc are as follows:

CLASSLESS QDisc (Unclassifiable QDisc)
- [p|b]fifo:
  Use the simplest qdisc, pure FIFO. There is only one parameter: limit, which is used to set the length of the queue. pfifo is the number of packets; bfifo is the number of bytes.
- pfifo_fast:
  When compiling the kernel, if the Advanced Router compilation option is turned on, pfifo_fast is the standard QDISC of the system. Its queue includes three bands. Within each band, a first-in, first-out rule is used. The three bands (bands) have different priorities, with band 0 having the highest priority and band 2 having the lowest priority. If there are data packets in band0, the system will not process the data packets in band 1, and the same between band 1 and band 2. Data packets are allocated in three more bands (bands) according to the Type of Service (TOS).
- red:
  red is short for Random Early Detection. If this QDISC is used, the system will randomly drop some data packets when the bandwidth occupancy is close to the specified bandwidth. It is ideal for high bandwidth applications.
- sfq:
  sfq is short for Stochastic Fairness Queueing. It sorts traffic by session (corresponding to each TCP connection or UDP stream) and then sends packets for each session in a loop.
- tbf:
  tbf is short for Token Bucket Filter, which is suitable for reducing the flow rate to a certain value.
Unsortable qdisc configuration: If there is no sortable QDisc, the unsortable QDisc can only be attached to the root of the device. They are used as follows:

tc qdisc add dev DEV root QDISC QDISC-PARAMETERS

To delete an unsortable QDisc, use the following command:

tc qdisc del dev DEV root

If no QDisc is set on a network interface, pfifo_fast is used as the default QDisc.

CLASSFUL QDISC (Classification QDisc):
Classifiable qdiscs include:
- CBQ: CBQ is an acronym for Class Based Queueing. It implements a rich connection sharing class structure with both the ability to limit (shaping) bandwidth and the ability to manage bandwidth priorities. Bandwidth throttling is done by calculating the idle time of the connection. The calculation criteria for idle time are the frequency of packet dequeue events and the bandwidth of the underlying connection (data link layer).
- HTB: HTB is the abbreviation of Hierarchy Token Bucket. With improvements based on practice, it implements a rich class system for connection sharing. Using HTB can easily guarantee the bandwidth of each class, it also allows a specific class to break the bandwidth limit and occupy the bandwidth of other classes. HTB can implement bandwidth limitation through TBF (Token Bucket Filter), and can also prioritize categories.
- PRIO: PRIO QDisc cannot limit bandwidth because packets belonging to different classes are dequeued sequentially. Using PRIO QDisc can easily manage the priority of the traffic. Only the packets belonging to the high priority category are sent, and the packets belonging to the low priority category will be sent. In order to facilitate management, it is necessary to use iptables or ipchains to process the type of service (ToS) of the data packet.

2.2.2 class

Some QDiscs (queuing rules) can contain some categories, and different categories can contain more in-depth QDiscs (queuing rules), and the QDiscs through these subdivisions can also queue packets for incoming queues. By setting the dequeue order of various types of data packets, QDisc can set the priority of network data traffic.

2.2.3 filter

Filter (filter) is used to classify packets and determine which QDisc they enter the queue according to. Classification is required whenever a packet enters a subclassed class. There are many ways to classify, using fileter (filter) is one of them. When using filter (filter) classification, the kernel will call all the filters attached to this class (class), until a decision is returned. If no decision is returned, further processing is performed, and the processing method is related to QDISC. It should be noted that the filter (filter) is inside the QDisc, they cannot be used as the main body.

2.3 Execution process

Classes form a tree, each class has only one parent class, and a class can have multiple subclasses. Some QDiscs (eg CBQ and HTB) allow classes to be added dynamically at runtime, while others (eg PRIO) do not allow dynamic creation of classes. A QDisc that allows dynamically added classes can have zero or more subclasses, which queue packets. In addition, each class has a leaf QDisc. By default, this leaf QDisc is queued using pfifo. We can also use other types of QDisc instead of this default QDisc. Moreover, this leaf QDisc can be classified, but each subclass can only have one leaf QDisc. When a packet enters a class QDisc, it is classified into a subclass.
We can classify packets in the following three ways, but not all QDiscs can use these three ways:

tc filter (tc filter): If the filter is attached to a class, the relevant directive will query them. Filters can match all fields in the packet header, and can also match tags made by ipchains or iptables.
Type of Service: Some QDiscs have built-in rules for classifying packets based on Type of Service (ToS).
skb->priority: User-space applications can use the SO_PRIORITY option to set a class ID in the skb->priority field.
Each node of the tree can have its own filter, but higher-level filters can also be applied directly to its subclasses.
If the packet is not successfully classified, it will be queued to the leaf QDisc of this class. The details are in the man pages of the respective QDiscs.

2.4 Naming rules

All QDiscs, classes and filters have IDs. The ID can be set manually or automatically assigned by the kernel. The ID consists of a primary serial number and a secondary serial number, the two numbers are separated by a colon.

QDISC: A QDisc is assigned a primary serial number, called a handle, and then uses the secondary serial number as the class namespace. The handle uses the same expression as 10:. It is customary to explicitly assign a handle to a subclassed QDisc.
class:
The classes in the same QDisc share the master serial number of the QDisc, but each class has its own slave serial number, called the class identifier (classid). The class identifier is only related to the parent QDisc, not the parent class. The class naming convention is the same as that of QDisc.
filter:
The ID of the filter has three parts, which is only used when the filter is hashed. See the tc-filters man page for details.

2.5 units

Bandwidth or flow rate units:

kbps	Kbytes/s
mbps	megabytes/s
kbit	Kbit/s
mbit	Mbit/s
bps or a unitless number	bytes/s

Data quantity unit:

kb or k	kilobytes
mb or m	megabytes
mbit	megabit
kbit	kilobit
b or a unitless number	number of bytes

3. Interpretation of tc command parameters

tc can operate on QDiscs, classes and filters using the following commands:

add:
Add a QDisc, class or filter to a node. When adding, you need to pass an ancestor as a parameter. When passing the parameter, you can use either the ID or the root of the device directly. If you want to create a QDisc or filter, you can use the handle (handle) to name; if you want to create a class, you can use the class identifier (classid) to name.
remove:
delete the QDisc specified by a handle (handle), and the root QDisc (root) can also be deleted. All subclasses on the deleted QDisc and filters attached to each class are automatically deleted.
change:
Modify some entries in an alternative way. The syntax of the change command is the same as the add command, except that the handle and ancestor cannot be modified. In other words, the change command cannot determine the position of a node.
replace:
A near-atomic delete/add to an existing node. If the node does not exist, this command will create the node.
link:
For DQisc only, replaces an existing node.

4. Application

Linux flow control is mainly divided into three aspects: establishing queues, establishing classifications and establishing filters.

4.1 Steps:

Bind a queue QDisc to a network physical device (such as an Ethernet card eth0);
Create a classification class on the queue;
Create a route-based filter filter for each category;
Finally, in conjunction with the filter, a specific routing table is established.

4.2 Application 1:

git speed limit 1: speed limit for ports

It is easy to run full bandwidth when using git to pull the code. In order to control the use of bandwidth, the configuration is as follows:

#查看现有的队列
tc -s qdisc ls dev eth0

#查看现有的分类
tc -s class ls dev eth0

#创建队列
tc qdisc add dev eth0 root handle 1:0 htb default 1 
#添加一个tbf队列，绑定到eth0上，命名为1:0 ，默认归类为1
#handle：为队列命名或指定某队列

#创建分类
tc class add dev eth0 parent 1:0 classid 1:1 htb rate 10Mbit burst 15k
#为eth0下的root队列1:0添加一个分类并命名为1:1，类型为htb，带宽为10M
#rate: 是一个类保证得到的带宽值.如果有不只一个类,请保证所有子类总和是小于或等于父类.
#ceil: ceil是一个类最大能得到的带宽值.

#创建一个子分类
tc class add dev eth0 parent 1:1 classid 1:10 htb rate 10Mbit ceil 10Mbit burst 15k
#为1:1类规则添加一个名为1:10的类，类型为htb，带宽为10M

#为了避免一个会话永占带宽,添加随即公平队列sfq.
tc qdisc add dev eth0 parent 1:10 handle 10: sfq perturb 10
#perturb：是多少秒后重新配置一次散列算法，默认为10秒
#sfq,他可以防止一个段内的一个ip占用整个带宽

#使用u32创建过滤器
tc filter add dev eth0 protocol ip parent 1:0 prio 1 u32 match ip sport 22 flowid 1:10

#删除队列
tc qdisc del dev eth0 root

配置完成后加入本地启动文件：  
/etc/rc.local

git speed limit 2: speed limit for ip

Scenario:
Because bandwidth resources are limited (20Mbit≈2Mbyte), bandwidth resource alarms are caused when git is used to pull code, so the speed of git is limited. Requirements: no speed limit on the internal network; download speed on the external network is about 1M. (Note: here you need to pay attention to the unit conversion 1byte=8bit)...

#!/bin/bash
#针对不同的ip进行限速

#清空原有规则
tc qdisc del dev eth0 root

#创建根序列
tc qdisc add dev eth0 root handle 1: htb default 1

#创建一个主分类绑定所有带宽资源（20M）
tc class add dev eth0 parent 1:0 classid 1:1 htb rate 20Mbit burst 15k

#创建子分类
tc class add dev eth0 parent 1:1 classid 1:10 htb rate 20Mbit ceil 10Mbit burst 15k
tc class add dev eth0 parent 1:1 classid 1:20 htb rate 20Mbit ceil 20Mbit burst 15k

#避免一个ip霸占带宽资源（git1有讲到）
tc qdisc add dev eth0 parent 1:10 handle 10: sfq perturb 10
tc qdisc add dev eth0 parent 1:20 handle 20: sfq perturb 10

#创建过滤器
#对所有ip限速
tc filter add dev eth0 protocol ip parent 1:0 prio 2 u32 match ip dst 0.0.0.0/0 flowid 1:10
#对内网ip放行
tc filter add dev eth0 protocol ip parent 1:0 prio 1 u32 match ip dst 12.0.0.0/8 flowid 1:20

Problems encountered in this process:

No priority is configured so that only one rule takes effect (all ips are rate-limited)
- Solution: Add prio to the filter to specify the priority of the rule
Not sure what the local bandwidth is:
- Solution: directly give you a very large bandwidth (100000....), allocate the specified bandwidth resource to the IP that needs speed limit, and then allocate all the remaining bandwidth to the intranet IP. . . (Simple and rude and effective)

4.3 Application 2: Environment Simulation Example

need:

The IP address of the Ethernet card (eth0) on the flow controller is 192.168.1.66, and a CBQ queue is established on it. Assuming that the average size of the packet is 1000 bytes, the size of the packet interval sending unit is 8 bytes, and the maximum number of packets sent that can receive collisions is 20 bytes.
Suppose there are three types of traffic that need to be controlled:

is destined for host 1, whose IP address is 192.168.1.24. Its traffic bandwidth is controlled at 8Mbit, and the priority is 2;
is destined for host 2, whose IP address is 192.168.1.30. Its traffic bandwidth is controlled at 1Mbit, and the priority is 1;
It is sent to subnet 1, its subnet number is 192.168.1.0, and its subnet mask is 255.255.255.0. The traffic bandwidth is controlled at 1Mbit and the priority is 6.

accomplish:

Create a queue:

In general, only one queue needs to be established for one network card.
Bind a cbq queue to the network physical device eth0, its number is 1:0; the actual bandwidth of the network physical device eth0 is 10 Mbit, the average packet size is 1000 bytes; the size of the packet interval sending unit is 8 bytes , the minimum transmission packet size is 64 bytes.

tc qdisc add dev eth0 root handle 1: cbq bandwidth 10Mbit avpkt 1000 cell 8 mpu 64
#cell:包间隔发送单元的大小为8字节

Create a category:

Classification is built on queues.
In general, a root category needs to be established for a queue, and then subcategories are established on it. For the classification, it works according to the number sequence of its classification, and the smaller number takes precedence; once a certain classification matching rule is met, and the data packet is sent through this classification, the subsequent classification will no longer work.

1) Create a root classification 1:1; allocate a bandwidth of 10Mbit and a priority of 8

tc class add dev eth0 parent 1:0 classid 1:1 cbq bandwidth 10Mbit rate 10Mbit maxburst 20 allot 1514 prio 8 avpkt 1000 cell 8 weight 1Mbit
#prio:用来指示借用带宽时的竞争力,prio越小,优先级越高,竞争力越强.

The maximum available bandwidth of the queue is 10Mbit, the actual allocated bandwidth is 10Mbit, and the maximum number of packets that can receive conflict is 20 bytes; the size of the maximum transmission unit plus the MAC header is 1514 bytes, the priority level is 8, and the packet size The average size is 1000 bytes, the size of the packet interval sending unit is 8 bytes, and the weighted rate corresponding to the actual bandwidth is 1Mbit.
2) Create a category 1:2, its parent category is 1:1, the allocated bandwidth is 8Mbit, and the priority level is 2

tc class add dev eth0 parent 1:1 classid 1:2 cbq bandwidth 10Mbit rate 8Mbit maxburst 20 allot 1514 prio 2 avpkt 1000 cell 8 weight 800Kbit split 1:0 bounded

The maximum available bandwidth of the queue is 10Mbit, the actual allocated bandwidth is 8Mbit, and the maximum number of packets that can receive conflict is 20 bytes; the size of the maximum transmission unit plus the MAC header is 1514 bytes, the priority level is 1, and the size of the packet is 1. The average size is 1000 bytes, the size of the packet interval sending unit is 8 bytes, the weighted rate corresponding to the actual bandwidth is 800Kbit, the separation point of classification is 1:0, and unused bandwidth cannot be borrowed.
3) Create a category 1:3, its parent category is 1:1, the allocated bandwidth is 1Mbit, and the priority is 1.

tc class add dev eth0 parent 1:1 classid 1:3 cbq bandwidth 10Mbit rate 1Mbit maxburst 20 allot 1514 prio 1 avpkt 1000 cell 8 weight 100Kbit split 1:0

The maximum available bandwidth of the queue is 10Mbit, the actual allocated bandwidth is 1Mbit, and the maximum number of packets that can be sent with conflict is 20 bytes; the size of the maximum transmission unit plus the MAC header is 1514 bytes, the priority level is 2, and the maximum number of packets sent is 20 bytes. The average size is 1000 bytes, the size of the packet interval sending unit is 8 bytes, the weighted rate corresponding to the actual bandwidth is 100Kbit, and the separation point of classification is 1:0.
4) Create a category 1:4, its parent category is 1:1, the allocated bandwidth is 1Mbit, and the priority is 6.

tc class add dev eth0 parent 1:1 classid 1:4 cbq bandwidth 10Mbit rate 1Mbit maxburst 20 allot 1514 prio 6 avpkt 1000 cell 8 weight 100Kbit split 1:0

create filter

Filters mainly serve classification.
Typically you only need to provide a filter for the root category, and then provide route maps for each subcategory.
1) Apply the routing classifier to the root of the cbq queue, the parent classification number is 1:0; the filtering protocol is ip, the priority is 100, and the filter is based on the routing table.

tc filter add dev eth0 parent 1:0 protocol ip prio 100 route

2) Establish route mapping classification 1:2, 1:3, 1:4

tc filter add dev eth0 parent 1:0 protocol ip prio 100 route to 2 flowid 1:2

tc filter add dev eth0 parent 1:0 protocol ip prio 100 route to 3 flowid 1:3

tc filter add dev eth0 parent 1:0 protocol ip prio 100 route to 4 flowid 1:4

create route

The route is in one-to-one correspondence with the route map established above.
1) The data packets sent to the host 192.168.1.24 are forwarded through classification 2 (the rate of classification 2 is 8Mbit)

ip route add 192.168.1.24 dev eth0 via 192.168.1.66 realm 2

2) The data packets sent to the host 192.168.1.30 are forwarded through classification 3 (the rate of classification 3 is 1Mbit)

ip route add 192.168.1.30 dev eth0 via 192.168.1.66 realm 3

3) The data packets sent to the subnet 192.168.1.0/24 are forwarded through classification 4 (the rate of classification 4 is 1Mbit)

ip route add 192.168.1.0/24 dev eth0 via 192.168.1.66 realm 4

Note: Generally, it is recommended to use the IP host address flow control limit for the network segment directly connected to the flow controller, and do not use the subnet flow control limit. If it is necessary to use the subnet flow control restriction on the directly connected subnet, before establishing the route mapping of the subnet, you need to delete the route established by the system before completing the corresponding steps.

4.4 Application 3: MySQL database synchronization data rate limit scheme

mysql1: 10.9.57.162 
may1:   10.12.1.45 
# mysql1上实施(限制到may1的流量: 8mbit)
tc qdisc add dev eth0 root handle 1: htb r2q 1
tc class add dev eth0 parent 1: classid 1:1 htb rate 8mbit ceil 8mbit
tc qdisc add dev eth0 parent 1:1 handle 10: sfq perturb 10
tc filter add dev eth0 parent 1: protocol ip prio 16 u32 match ip dst 10.12.1.45 flowid 1:1  

# may1(限制到mysql1的流量: 8mbit)
tc qdisc del dev em1 root [ ] 
tc qdisc add dev  em1 root handle 2: htb r2q 1
tc class  add dev  em1 parent 2: classid 2:1 htb rate 8mbit ceil 8mbit
tc qdisc add dev  em1 parent 2:1 handle 11: sfq perturb 10
tc filter add dev  em1 parent 2: protocol ip prio 16 u32 match ip dst 10.9.57.162 flowid 2:1

monitor

It mainly includes monitoring the status of existing queues, classifications, filters and routes.
1) Display the status of the queue
Simply display the queue status of the specified device (eth0 here)

# tc qdisc ls dev eth0
qdisc cbq 1: rate 10Mbit (bounded,isolated) prio no-transmit

Displays the queue status of the specified device (here eth0) in detail

tc -s qdisc ls dev eth0

This mainly shows that 13232 packets were sent through the queue, the data flow was 7646731 bytes, the number of discarded packets was 0, and the number of packets exceeding the rate limit was 0.
2) Display the status of classification
Simply display the classification status of the specified device (eth0 here)

tc class ls dev eth0

Display the classification status of the specified device (here, eth0) in detail

tc -s class ls dev eth0

It mainly shows the data packets sent by different categories, the data flow, the number of dropped packets, the number of packets exceeding the rate limit, and so on. The status of the root class (class cbq 1:0) should be similar to the status of the queue.
For example, classification class cbq 1:4 sent 8076 packets with 5552879 bytes of data traffic, 0 packets dropped, and 0 packets exceeded the rate limit.
Show filter status

tc -s filter ls dev eth0

Here flowid 1:2 represents classification class cbq 1:2, and to 2 represents sending through route 2.
Display the status of existing routes

ip route

As shown above, display lines containing realm at the end are active route filters.

example script

speed limit

# ！/bin/sh
touch  /var/lock/subsys/local

echo  1  > /proc/sys/net/ipv4/ip_forward （激活转发）

route add default  gw  10.0.0.0  (这是加入电信网关，如果你已设了不用这条）

DOWNLOAD=640Kbit    (640/8 =80K ,我这里限制下载最高速度只能80K）
UPLOAD=640Kbit          (640/8 =80K,上传速度也限制在80K）
INET=192.168.0.          (设置网段，根据你的情况填）
IPS=1                          (这个意思是从192.168.0.1开始）
IPE=200                        (我这设置是从IP为192.168.0.1-200这个网段限速，根据自已的需要改）
ServerIP=253                (网关IP）
IDEV=eth0
ODEV=eth1

/sbin/tc  qdisc  del  dev  $IDEV root handle 10:
/sbin/tc  qdisc  del  dev  $ODEV  root handle  20:
/sbin/tc  qdisc  add  dev $IDEV  root  handle  10: cbq  bandwidth  100Mbit avpkt  1000
/sbin/tc  qdisc  add  dev  $ODEV  root  handle  20: cbq bandwidth  1Mbit  avpkt  1000
/sbin/tc  class  add  dev $IDEV  parent 10:0  classid  10:1  cbq  bandwidth  100Mbit  rate 100Mbit  allot 1514  weight  1Mbit  prio  8  maxburst  20  avpkt 1000
/sbin/tc  class  add  dev  $ODEV  parent  20:0  classid  20:1 cbq  bandwidth  1Mbit  rate  1Mbit  allot  1514  weitht  10Kbit  prio  8  maxburst  20  avpkt 1000

COUNTER=$IPS
while  [  $COUNTER  -le  $IPE  ]
    do
/sbin/tc  class  add  dev  $IDEV  parent  10:1  classid  10:1$COUNTER  cbq  banwidth  100Mbit  rate  
$DOWNLOAD  allot  1514  weight  20Kbit  prio  5  maxburst  20  avpkt  1000  bounded
/sbin/tc  qdisc  add  dev  $IDEV  parent  10:1$COUNTER  sfq  quantum  1514b  perturb15

/sbin/tc  filter  add  dev  $IDEV  parent  10:0  protocol  ip  prio  100  u32  match  ipdst  $INET$COUNTER  flowid  10:1$COUNTER
      COUNTER=` expr  $COUNTER  +  1  `
done

iptables  -t  nat  -A  POSTROUTING  -o  eth1  -s  192.168.0.0/24  -J  MASQUERADE

Model

#!/bin/sh
tc qdisc del dev eth7 root &> /dev/null
tc qdisc del dev eth8 root &> /dev/null

#Add qdisc
tc qdisc add dev eth7 root handle 10: htb default 9998
tc qdisc add dev eth8 root handle 10: htb default 9998

#Add htb root node
tc class add dev eth7 parent 10: classid 10:9999 htb rate 1000000kbit ceil 1000000kbit
tc class add dev eth8 parent 10: classid 10:9999 htb rate 1000000kbit ceil 1000000kbit

#Add htb fake default node here
tc class add dev eth7 parent 10:9999 classid 10:9998 htb rate 1000000kbit ceil 1000000kbit
tc class add dev eth8 parent 10:9999 classid 10:9998 htb rate 1000000kbit ceil 1000000kbit

#Add rule node
tc class add dev eth7 parent 10:9999 classid 10:3 htb rate 1kbit ceil 50kbit
tc filter add dev eth7 parent 10: protocol ip handle 3 fw classid 10:3
tc class add dev eth8 parent 10:9999 classid 10:3 htb rate 1kbit ceil 50kbit
tc filter add dev eth8 parent 10: protocol ip handle 3 fw classid 10:3

#Add htb real default node here
tc class change dev eth7 classid 10:9998 htb rate 1kbit ceil 1000000kbit
tc class change dev eth8 classid 10:9998 htb rate 1kbit ceil 1000000kbit

tc

#创建一个主队列
 tc qdisc add dev eth0 root handle 1： htb  default 1
#tc 队列   添加 设置接口  root为最上层 句柄(做标记用)： 标记类型 默认使用1的class
#命令解释：将一个htb队列绑定在eth0上,编号为1:0，默认归类是1

 tc class add dev eth0 parent 1：0 classid1：30 htb rate 10mbit
#为eth0 下的root队列1:0 添加分类并命名为 1:30 类型为htb 速度为10M

 tc class add dev eth0 parent 1：30 classid 1：31 htb rate 10mbit


tc qdisc add dev eth0 root tbf  match ip sport 22 0xffff rate 10mbit

How to test network speed

Test the local network status

centos7 system

# yum install -y speedtest-cli
# speedtest-cli

Test download from an ip

scp root@ip:/dir/filename  /dir/

Speed limit for ip: http://blog.csdn.net/zhongbeida_xue/article/details/54613750
http://blog.csdn.net/daniel117/article/details/17350243

Subsequent continuous updates. . .
If it is helpful to everyone, you can put the example on the message board (write the comment information clearly) in the future for the later friends to learn and use