tc Trafic shapping help requested
Bryan O'Neal
Bryan.ONeal at TheONealAndAssociates.com
Thu Feb 25 10:08:09 MST 2016
You can filter by port with the option like "sport 80" but so far I have
not found a way to say "not port 80" ingress traffic I know ingress shaping
is not as robust but I thought you could put policies around it.
Still learning this stuff - I will chat with Gorz today :)
On Thu, Feb 25, 2016 at 12:37 AM, Todd Millecam <tyggna at gmail.com> wrote:
> you might be able to filter by port, like you do with by ip, but I've
> never tried it
>
> On Thu, Feb 25, 2016 at 12:32 AM, Todd Millecam <tyggna at gmail.com> wrote:
>
>> Also, tc doesn't support port-specific operations as that's all handled
>> in a different space of the kernel. Only iptables can do port-specific
>> traffic shaping. You'd have to do something really clever like direct all
>> non port 22 traffic from specified ip to a tap interface off of a bridge
>> and then use tc on that interface, but if you can't mess with iptables
>> without lots of paperwork, I imagine making virtual network adapters public
>> is also not a possibility.
>>
>> On Thu, Feb 25, 2016 at 12:26 AM, Todd Millecam <tyggna at gmail.com> wrote:
>>
>>> well, for that, then it's a:
>>> match ip src/dst 10.208.208.0/21
>>> appended onto your tc.
>>> To emulate loss, you'd use netem as well and just append a loss 1% to
>>> the end.
>>>
>>> Lastly, to get a proper range you'd want to change delay 100ms to the
>>> average and then the range, so like:
>>> delay 175ms 75ms loss 1%
>>>
>>> It's all in the same tc module, so man tc-netem will be a lot more
>>> helpful than me.
>>>
>>> On Wed, Feb 24, 2016 at 6:17 PM, Bryan O'Neal <
>>> Bryan.ONeal at theonealandassociates.com> wrote:
>>>
>>>> Can't mess with IP tables on the server. Well I could but that would
>>>> require a week of paperwork ;)
>>>>
>>>> Something like match ip src 10.208.208.0/21 match ip should work in tc
>>>> but how do I say not port? I know I can say sport but not sure about port
>>>> and I have no idea how to say "not port"
>>>>
>>>> as for latency range delay takes 2 arguments so it would be netem delay
>>>> 100ms 150ms would be from 100ms-250ms delay. IIRC
>>>>
>>>> Also you are using outbound/root, which I know is more full featured.
>>>> Trying to get something to work on inbound... I think I may just be too
>>>> tired and should probably call it a day and try tomorrow... Unless an
>>>> expert show up with a magic pill for me so I don't have to think at 7am :)
>>>>
>>>> On Wed, Feb 24, 2016 at 6:06 PM, Todd Millecam <tyggna at gmail.com>
>>>> wrote:
>>>>
>>>>> tc qdisc add dev eth0 root netem delay 100ms
>>>>> iptables -A INPUT -m statistic --mode random --probability 0.01 -j DROP
>>>>>
>>>>>
>>>>> That should get you started
>>>>>
>>>>>
>>>>> On Wed, Feb 24, 2016 at 5:52 PM, Bryan O'Neal <
>>>>> Bryan.ONeal at theonealandassociates.com> wrote:
>>>>>
>>>>>> I am looking for a tc command that will add 100-250ms of latency
>>>>>> to all traffic that is not on port 22
>>>>>> to/from an ip range like 10.208.208.0/21.
>>>>>>
>>>>>> Bonus:
>>>>>> I would also like 0-1% packet loss
>>>>>> I would like this on inbound (ingress) not outbound (root) traffic
>>>>>>
>>>>>> Any one able to help?
>>>>>>
>>>>>> ---------------------------------------------------
>>>>>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>>>>>> To subscribe, unsubscribe, or to change your mail settings:
>>>>>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>>>>
>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> Todd Millecam
>>>>>
>>>>> ---------------------------------------------------
>>>>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>>>>> To subscribe, unsubscribe, or to change your mail settings:
>>>>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>>>
>>>>
>>>>
>>>> ---------------------------------------------------
>>>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>>>> To subscribe, unsubscribe, or to change your mail settings:
>>>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>>
>>>
>>>
>>>
>>> --
>>> Todd Millecam
>>>
>>
>>
>>
>> --
>> Todd Millecam
>>
>
>
>
> --
> Todd Millecam
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20160225/87549d46/attachment.html>
More information about the PLUG-discuss
mailing list