In Linux we can use the tool tc (traffic control) to manage the traffic and provide some QoS. In this example, we are going to classify traffic according to the following:
- 10.65.18.0/24 will have priority 100 and classification as 1:10
- 10.65.20.0/24 will have priority 50 and classification as 1:20
- SSH traffic will have a priority of 10 and classified as 1:2
To classify networks we can use the route classifier on tc. To classify traffic depending on it's packets, protocol or ports we can use the u32 classifier.
First thing, we will prepare the interface we want to use. There are 3 different classful qdiscs (HTB, CBQ, PRIO). In our example we will use HTB on eth0:
$ sudo tc qdisc add dev eth0 root handle 1:0 htbWe add a qdisc (queuing discipline) to eth0, handling the top of the classifier chain 1:0 using the classful disc htb.
Now, we are going to specify that traffic to 10.65.18.0/24 will be classified as 1:10 with priority 100:
$ sudo tc filter add dev eth0 parent 1:0 protocol ip prio \ 100 route to 10 classid 1:10We are adding a filter to eth0, specifying the ip protocol and route to realm 10 using the class id 1:10. After that, we need to create the realm 10 with ip route.
$ sudo ip route add 10.65.18.0/24 via 10.65.17.1 dev \ eth0 realm 10
Now, we will do the same for the next network with priority 50:
$ sudo tc filter add dev eth0 parent 1:0 protocol ip prio \ 50 route to 20 classid 1:20
$ sudo ip route add 10.65.20.0/24 via 10.65.17.1 dev \ eth0 realm 20
Now we will classify and prioritize the ssh traffic. With u32 we can specify attributes from the packets as the documentation states, but we will make it simple specifying destination port and protocol number (TCP is protocol 0x6):
$ sudo tc filter add dev eth0 parent 1:0 prio 10 u32 \Next post will give information about how to limit traffic bandwidth for each class.
match tcp dst 22 0xffff \
match ip protocol 0x6 0xff \
flowid 1:2
For more information you can visit The Linux Documentation Project and Linux Advanced Routing & Traffic Control.
No comments:
Post a Comment