Tutorials BASH Shell Troubleshooting Nginx Networking MySQL Google Cloud Platform Amazon Cloud Computing Rackspace Cloud

Computing Linux CentOS Debian / Ubuntu Ubuntu Linux Suse RedHat and Friends Slackware Linux UNIX AIX Mac OS X FreeBSD FreeBSD Jails (VPS) Openbsd Solaris See all tutorial topics Blog About Contact us Forum Linux Scripting Guide RSS/FEED

Linux FAQ / Howtos

tc: Linux HTTP Outgoing Traffic Shaping (Port 80 Traffic Shaping)

by Nix Craft on April 13, 2010 4 comments LAST UPDATED April 14, 2010 in Linux I've 10Mbps server port dedicated to our small business server. The server also act as a backup DNS server and I'd like to slow down outbound traffic on port 80. How do I limit bandwidth allocation to http service 5Mbps (burst to 8Mbps) at peak times so that DNS and other service will not go down due to heavy activity under Linux operating systems? You need use the tc command which can slow down traffic for given port and services on servers

and it is called traffic shaping: 1. When traffic is shaped, its rate of transmission is under control, in other words you apply some sort of bandwidth allocation for each port or or so called Linux services. Shaping occurs on egress. 2. You can only apply traffic shaping to outgoing or forwarding traffic i.e. you do not have any control for incoming traffic to server. However, tc can do policing controls for arriving traffic. Policing thus occurs on ingress. This FAQ only deals with traffic shaping.

Token Bucket (TB)

A token bucket is nothing but a common algorithm used to control the amount of data that is injected into a network, allowing for bursts of data to be sent. It is used for network traffic shaping or rate limiting. With token bucket you can define the maximum rate of traffic allowed on an interface at a given moment in time.
t o k e n s / s e c | | | |B u c k e tt o | |t oh o l dbt o k e n s + = = = = = = + = = = = = + | | \ | /

| P a c k e t s| + = = = = = = = = = = = = + s t r e a m |>|t o k e nw a i t|> R e m o v et o k e n > e t h 0 | + = = = = = = = = = = = = +

1. 2. 3. 4.

The TB filter puts tokens into the bucket at a certain rate. Each token is permission for the source to send a specific number of bits into the network. Bucket can hold b tokens as per shaping rules. Kernel can send packet if you've a token else traffic need to wait.

How Do I Use tc command?

WARNING! These examples requires good understanding of TCP/IP and other networking concepts. All new user should try out examples in test environment. tc command is by default installed on my Linux distributions. To list existing rules, enter:
#t csq d i s cl sd e ve t h 0

Sample outputs:
q d i s cp f i f o _ f a s t0 :r o o tb a n d s3p r i o m a p 1222120011111111 S e n t2 7 3 2 1 0 8b y t e s1 0 7 3 2p k t( d r o p p e d0 ,o v e r l i m i t s0r e q u e u e s0 ) r a t e0 b i t0 p p sb a c k l o g0 b0 pr e q u e u e s0

Your First Traffic Shaping Rule

First, send ping request to cyberciti.biz from your Local Linux workstation and note down ping time, enter:
#p i n gc y b e r c i t i . b i z

Sample outputs:
P I N Gc y b e r c i t i . b i z( 7 4 . 8 6 . 4 8 . 9 9 )5 6 ( 8 4 )b y t e so fd a t a . 6 4b y t e sf r o mt x v i p 1 . s i m p l y g u i d e . o r g( 7 4 . 8 6 . 4 8 . 9 9 ) :i c m p _ s e q = 1t t l = 4 7t i m e = 3 0 4m s 6 4b y t e sf r o mt x v i p 1 . s i m p l y g u i d e . o r g( 7 4 . 8 6 . 4 8 . 9 9 ) :i c m p _ s e q = 2t t l = 4 7t i m e = 3 0 4m s 6 4b y t e sf r o mt x v i p 1 . s i m p l y g u i d e . o r g( 7 4 . 8 6 . 4 8 . 9 9 ) :i c m p _ s e q = 3t t l = 4 7t i m e = 3 0 4m s 6 4b y t e sf r o mt x v i p 1 . s i m p l y g u i d e . o r g( 7 4 . 8 6 . 4 8 . 9 9 ) :i c m p _ s e q = 4t t l = 4 7t i m e = 3 0 4m s 6 4b y t e sf r o mt x v i p 1 . s i m p l y g u i d e . o r g( 7 4 . 8 6 . 4 8 . 9 9 ) :i c m p _ s e q = 5t t l = 4 7t i m e = 3 0 4m s

6 4b y t e sf r o mt x v i p 1 . s i m p l y g u i d e . o r g( 7 4 . 8 6 . 4 8 . 9 9 ) :i c m p _ s e q = 6t t l = 4 7t i m e = 3 0 4m s

Type the following tc command to slow down traffic by 200 ms:

#t cq d i s ca d dd e ve t h 0r o o tn e t e md e l a y2 0 0 m s

Now, send ping requests again:

#p i n gc y b e r c i t i . b i z

Sample outputs:
P I N Gc y b e r c i t i . b i z( 7 4 . 8 6 . 4 8 . 9 9 )5 6 ( 8 4 )b y t e so fd a t a . 6 4b y t e sf r o mt x v i p 1 . s i m p l y g u i d e . o r g( 7 4 . 8 6 . 4 8 . 9 9 ) :i c m p _ s e q = 1t t l = 4 7t i m e = 5 0 5m s 6 4b y t e sf r o mt x v i p 1 . s i m p l y g u i d e . o r g( 7 4 . 8 6 . 4 8 . 9 9 ) :i c m p _ s e q = 2t t l = 4 7t i m e = 5 0 5m s 6 4b y t e sf r o mt x v i p 1 . s i m p l y g u i d e . o r g( 7 4 . 8 6 . 4 8 . 9 9 ) :i c m p _ s e q = 3t t l = 4 7t i m e = 5 0 5m s 6 4b y t e sf r o mt x v i p 1 . s i m p l y g u i d e . o r g( 7 4 . 8 6 . 4 8 . 9 9 ) :i c m p _ s e q = 4t t l = 4 7t i m e = 5 0 5m s 6 4b y t e sf r o mt x v i p 1 . s i m p l y g u i d e . o r g( 7 4 . 8 6 . 4 8 . 9 9 ) :i c m p _ s e q = 5t t l = 4 7t i m e = 5 0 5m s 6 4b y t e sf r o mt x v i p 1 . s i m p l y g u i d e . o r g( 7 4 . 8 6 . 4 8 . 9 9 ) :i c m p _ s e q = 6t t l = 4 7t i m e = 5 0 5m s 6 4b y t e sf r o mt x v i p 1 . s i m p l y g u i d e . o r g( 7 4 . 8 6 . 4 8 . 9 9 ) :i c m p _ s e q = 7t t l = 4 7t i m e = 5 0 5m s 6 4b y t e sf r o mt x v i p 1 . s i m p l y g u i d e . o r g( 7 4 . 8 6 . 4 8 . 9 9 ) :i c m p _ s e q = 8t t l = 4 7t i m e = 5 0 5m s ^ C -c y b e r c i t i . b i zp i n gs t a t i s t i c s8p a c k e t st r a n s m i t t e d ,8r e c e i v e d ,0 %p a c k e tl o s s ,t i m e7 0 0 6 m s r t tm i n / a v g / m a x / m d e v=5 0 4 . 4 6 4 / 5 0 5 . 3 0 3 / 5 0 6 . 3 0 8 / 0 . 9 4 9m s

To list current rules, enter:

#t csq d i s cl sd e ve t h 0

Sample outputs:
q d i s cn e t e m8 0 0 1 :r o o tl i m i t1 0 0 0d e l a y2 0 0 . 0 m s S e n t1 7 5 5 4 5b y t e s5 4 0p k t( d r o p p e d0 ,o v e r l i m i t s0r e q u e u e s0 ) r a t e0 b i t0 p p sb a c k l o g0 b0 pr e q u e u e s0

To delete all rules, enter:

#t cq d i s cd e ld e ve t h 0r o o t #t csq d i s cl sd e ve t h 0

TBF Example
To attach a TBF with a sustained maximum rate of 1mbit/s, a peakrate of 2.0mbit/s, a 10kilobyte buffer, with a prebucket queue size limit calculated so the TBF causes at most 70ms of latency, with perfect peakrate behavior, enter:
#t cq d i s ca d dd e ve t h 0r o o tt b fr a t e1 m b i tb u r s t1 0 k bl a t e n c y7 0 m sp e a k r a t e2 m b i t m i n b u r s t1 5 4 0

HTB - Hierarchy Token Bucket

To control the use of the outbound bandwidth on a given link use HTB: 1. rate - You can set the allowed bandwidth. 2. ceil - You can set burst bandwidth allowed when buckets are present. 3. prio - You can set priority for additional bandwidth. So classes with lower prios are offered the bandwidth first. For example, you can give lower prio for DNS traffic and higher for HTTP downloads. 4. iptables and tc: You need to use iptables and tc as follows to control outbound HTTP traffic.

Example: HTTP Outbound Traffic Shaping

First , delete existing rules for eth1:
#/ s b i n / t cq d i s cd e ld e ve t h 1r o o t

Turn on queuing discipline, enter:

#/ s b i n / t cq d i s ca d dd e ve t h 1r o o th a n d l e1 : 0h t bd e f a u l t1 0

Define a class with limitations i.e. set the allowed bandwidth to 512 Kilobytes and burst bandwidth to 640 Kilobytes for port 80:
#/ s b i n / t cc l a s sa d dd e ve t h 1p a r e n t1 : 0c l a s s i d1 : 1 0h t br a t e5 1 2 k b p sc e i l6 4 0 k b p sp r i o0

Please note that port 80 is NOT defined anywhere in above class. You will use iptables mangle rule as follows:
#/ s b i n / i p t a b l e sAO U T P U Ttm a n g l ept c ps p o r t8 0jM A R Ks e t m a r k1 0

To save your iptables rules, enter (RHEL specific command):

#/ s b i n / s e r v i c ei p t a b l e ss a v e

Finally, assign it to appropriate qdisc:

#t cf i l t e ra d dd e ve t h 1p a r e n t1 : 0p r i o0p r o t o c o li ph a n d l e1 0f wf l o w i d1 : 1 0

Here is another example for port 80 and 22:

/ s b i n / t cq d i s ca d dd e ve t h 0r o o th a n d l e1 :h t b / s b i n / t cc l a s sa d dd e ve t h 0p a r e n t1 :c l a s s i d1 : 1h t br a t e1 0 2 4 k b p s / s b i n / t cc l a s sa d dd e ve t h 0p a r e n t1 : 1c l a s s i d1 : 5h t br a t e5 1 2 k b p sc e i l6 4 0 k b p sp r i o1 / s b i n / t cc l a s sa d dd e ve t h 0p a r e n t1 : 1c l a s s i d1 : 6h t br a t e1 0 0 k b p sc e i l1 6 0 k b p sp r i o0 / s b i n / t cf i l t e ra d dd e ve t h 0p a r e n t1 : 0p r i o1p r o t o c o li ph a n d l e5f wf l o w i d1 : 5 / s b i n / t cf i l t e ra d dd e ve t h 0p a r e n t1 : 0p r i o0p r o t o c o li ph a n d l e6f wf l o w i d1 : 6 / s b i n / i p t a b l e sAO U T P U Ttm a n g l ept c ps p o r t8 0jM A R Ks e t m a r k5 / s b i n / i p t a b l e sAO U T P U Ttm a n g l ept c ps p o r t2 2jM A R Ks e t m a r k6

How Do I Monitor And Test Speed On Sever?

Use the following tools
#/ s b i n / t csdc l a s ss h o wd e ve t h 0 #/ s b i n / i p t a b l e stm a n g l envL #i p t r a f #w a t c h/ s b i n / t csdc l a s ss h o wd e ve t h 0

To test download speed use lftp or wget command line tools. References: Read tc, tc-tbf and tc-htb command man pages. Linux Advanced Routing & Traffic Control TwitterFacebookGoogle+PDF versionFound an error/typo on this page? Help us! Featured Articles: 30 Cool Open Source Software I Discovered in 2013 30 Handy Bash Shell Aliases For Linux / Unix / Mac OS X Top 30 Nmap Command Examples For Sys/Network Admins 25 PHP Security Best Practices For Sys Admins 20 Linux System Monitoring Tools Every SysAdmin Should Know 20 Linux Server Hardening Security Tips Linux: 20 Iptables Examples For New SysAdmins Top 20 OpenSSH Server Best Security Practices Top 20 Nginx WebServer Best Security Practices 20 Examples: Make Sure Unix / Linux Configuration Files Are Free From Syntax Errors 15 Greatest Open Source Terminal Applications Of 2012 My 10 UNIX Command Line Mistakes Top 10 Open Source Web-Based Project Management Software Top 5 Email Client For Linux, Mac OS X, and Windows Users The Novice Guide To Buying A Linux Laptop

Cpanel VPS Servers

hostgator.in/20%_Discount 99.9% Uptime, Unlimited Domains and 24/7 Tech Support. Sign Up Now!

{ 4 comments read them below or add one } 1 Catalin(ux) M. BOIE April 15, 2010 at 5:51 am For nice ncurses display of classes, you can use lqdump from lqkit (I am the author). RPM, tgz, source: http://kernel.embedromix.ro/us/ Screenshot: http://kernel.embedromix.ro/us/lqkit/ss/lqdump_ss1.png Reply 2 Guy Egozy November 4, 2010 at 11:26 pm For simplicity sake you may also want to check out trickle. Ive successfully used it in bash scripts for upload capping but it should also work for services. Reply 3 ute May 24, 2012 at 10:29 pm What happens if a rule like this: tc qdisc add dev eth0 root handle 1: htb tc class add dev eth0 parent 1: classid 1:1 htb rate 24kbps ceil 128kbps tc class add dev eth0 parent 1: classid 1:2 htb rate 24kbps ceil 128kbps tc filter add dev eth0 parent 1:0 prio 1 protocol ip handle 5 fw flowid 1:1 tc filter add dev eth0 parent 1:0 prio 1 protocol ip handle 6 fw flowid 1:2 iptables -A OUTPUT -t mangle -p tcp -o etho -m iprange src-range 192.168.0.100192.168.0.200 sport 80 -j MARK set-mark 5 iptables -A OUTPUT -t mangle -p tcp -o eth0 -m iprange src-range 192.168.0.100192.168.0.200 sport 443 -j MARK set-mark 6 Is the above rules will limit the range of 1 ip in iptables are trying to access port 80 and 443 at 24 kbps up to 128kbps in mark 5 and 6 with iptables if possible . Or any ip within range will fight for a bandwidth of 24128kbps? Please give me a simple explanation. Reply 4 rahul June 23, 2012 at 12:19 pm hello, I have a cent os 6 server. i created a vlan in my server. so it is possible that ithis tc configurations run on vlans properly. Thanks. Reply

Leave a Comment Name * E-mail *

Notify me of followup comments via e-mail

Submit

Tagged as: Arch Linux Shape Traffic, bandwidth allocation, CentOS Linux Shape Traffic, Debian Linux Shape Traffic, Fedora Linux Shape Traffic, Linux shape port 80 traffic, Linux tc throttle http, Linux tc throttle port 80 traffic, maximum rate, OpenSuse Linux Shape Traffic, Redhat Linux Shape Traffic, RHEL Linux Shape Traffic, Slackware Linux Shape Traffic, Suse Linux Shape Traffic, tc command, token bucket, Ubuntu Linux Shape Traffic Previous Faq: Linux: Set OR Change The Library Path Next Faq: UNIX / Linux: PGP TarBall File Signature Keys Verification

To search, type and hit enter

nixCraft
Follow
+ 10,579

+1

Related Faqs

Linux FTP Server Traffic Control And Throttle Port 21

How do I view my Linux or UNIX server bandwidth usage?

Linux: Check Network Connection Command

Linux: See Bandwidth Usage Per Process With Nethogs Tool

CentOS / RHEL: Install iftop To Display Bandwidth Usage Per interface By Host

Network: Monitor Outgoing Bandwidth Latency / Jitter

FreeBSD Enable PF ALTQ Firewall Support

dhcpdump: Monitor DHCP Traffic For Debugging Purpose

Linux Configure Firewall Using Shorewall Under RHEL / CentOS

axfr-get: fatal: unable to parse AXFR results: protocol error and Solution
nixCraft
Like

42,638 people like nixCraft.

Facebook social plugin

Latest posts from our blog

10 Linux/Unix Bash and KSH Shell Job Control Examples Download of The Day: FreeBSD 10 ISO DVD / CD Images 30 Cool Open Source Software I Discovered in 2013 Download Of The Day: Fedora Linux 20 (Heisenbug) CD / DVD ISO Valve SteamOS: A Linux-based Gaming Operating System Announced

Tweets
nixCraft Linux Blog @nixcraft

Follow 11 Mar

Awesome! I just lost like an hour to this game gabrielecirulli.github.io/2048/ #evilgame Expand nixCraft Linux Blog @nixcraft [Updated] Linux Add a Swap File Without Creating New Partitions cyberciti.biz/faq/linux-add- Expand nixCraft Linux Blog @nixcraft Linux / Unix: chroot Command Examples cyberciti.biz/faq/unix-linux Expand nixCraft Linux Blog @nixcraft
9 Mar 10 Mar 11 Mar

Minify and Compress CSS and Javascript files at a Linux/Unix shell prompt without using online tools cyberciti.biz/faq/linux-unix Expand nixCraft Linux Blog @nixcraft
9 Mar

CentOS Install Lighttpd Web-server With yum Command cyberciti.biz/faq/centos-ins Expand

Tweet to @nixcraft

Subscribe to nixCraft
Learn something new about Linux/Unix by email Enter your email address:

Subscribe

2000-2014 nixCraft. All rights reserved. Privacy Policy - Terms of Service - Questions or Comments - We are proudly powered by Linux + Nginx + WordPress. The content is copyrighted to nixCraft and may not be reproduced on other websites.