Chinaunix首页 | 论坛 | 博客
  • 博客访问: 435067
  • 博文数量: 121
  • 博客积分: 10
  • 博客等级: 民兵
  • 技术积分: 540
  • 用 户 组: 普通用户
  • 注册时间: 2012-01-16 16:28
文章分类

全部博文(121)

文章存档

2021年(3)

2018年(1)

2017年(5)

2016年(9)

2015年(23)

2014年(80)

我的朋友

分类: 系统运维

2014-01-28 14:34:36

需要对网关做流量控制,针对IP和网段做控制,也有结合iptables实现方式,可能也有针对内外网的服务器,规则明白了,都很容易。
可以查看这篇参考文章,讲的很详细,下面是我改写的shell脚本,非iptables方式:


  1. #!/bin/bash
  2. # Set the following values to somewhat less than your actual download
  3. # and uplink speed. In kilobits. Also set the device that is to be shaped.
  4. #INGOING traffic (gateway)
  5. IN=eth0
  6. #what ip do you want to limit
  7. INET="192.168.138."
  8. IPS="100"
  9. IPE="254"
  10. #Total DOWNLINK
  11. DOWN="100mbit"
  12. #ensure rate speed of DOWNLINK
  13. DOWNLOADrate="100kbit"
  14. #Allow max rate speed of DOWNLINK
  15. DOWNLOADceil="250kbit"
  16. start(){
  17.     #clean eth1 eth0 existing down- and uplink qdiscs, hide errors
  18.     /sbin/tc qdisc del dev $IN root 2>/dev/null
  19.     # install root htb of downlink and uplink
  20.     # main class
  21.     /sbin/tc qdisc add dev $IN root handle 1: htb
  22.     /sbin/tc class add dev $IN parent 1: classid 1:1 htb rate $DOWN ceil $DOWN
  23.     #simgle ip limit
  24.     /sbin/tc class add dev $IN parent 1:1 classid 1:2 htb rate $DOWNLOADrate ceil $DOWNLOADrate
  25.     /sbin/tc qdisc add dev $IN parent 1:2 sfq perturb 2
  26.     /sbin/tc filter add dev $IN protocol ip parent 1: prio 49 u32 match ip dst 192.168.138.10 flowid 1:2
  27.     /sbin/tc filter add dev $IN protocol ip parent 1: prio 49 u32 match ip dst 192.168.2.0/32 flowid 1:2
  28.     #net1 limit
  29.     for (( i=$IPS; i<=$IPE; i=i+1 ))
  30.     do
  31.         #####Control DOWNLINK
  32.         /sbin/tc class add dev $IN parent 1:1 classid 1:1$i htb rate $DOWNLOADrate ceil $DOWNLOADceil
  33.         /sbin/tc qdisc add dev $IN parent 1:1$i sfq perturb 1$i
  34.         /sbin/tc filter add dev $IN protocol ip parent 1: prio 50 u32 match ip dst $INET$i flowid 1:1$i
  35.     done
  36.     #net2 limit
  37.     #for (( i=$IPS; i<=$IPE; i=i+1 ))
  38.     #do
  39.     # #####Control DOWNLINK
  40.     # /sbin/tc class add dev $IN parent 1:1 classid 1:2$i htb rate $DOWNLOADrate ceil $DOWNLOADceil
  41.     # /sbin/tc qdisc add dev $IN parent 1:2$i sfq perturb 2$i
  42.     # /sbin/tc filter add dev $IN protocol ip parent 1: prio 50 u32 match ip dst $INET$i flowid 1:2$i
  43.     #done
  44.     #Other traffic
  45.     /sbin/tc filter add dev $IN protocol ip parent 1: prio 2 u32 match ip dst 0.0.0.0/32 flowid 1:1
  46. }
  47. stop(){
  48.     echo -n "(Delete all qdisc......)"
  49.     (/sbin/tc qdisc del dev $IN root 2>/dev/null && echo "ok.Delete sucessfully!") || echo "error."
  50. }
  51. #show status
  52. status() {
  53.     echo "1.show qdisc $IN:----------------------------------------------"
  54.     /sbin/tc -s qdisc show dev $IN
  55.     echo "2.show class $IN:----------------------------------------------"
  56.     N1=`/sbin/tc class show dev $IN | wc -l`
  57.     if [ $N1 == 0 ];then
  58.         echo "NULL, OFF Limiting "
  59.     else
  60.         /sbin/tc -s class show dev $IN
  61.         echo "It work"
  62.     fi
  63. }
  64. #show help
  65. usage() {
  66.     echo "(usage): `basename $0` [start | stop | restart | status ]"
  67.     echo "help:"
  68.     echo "start -- TC Flow Control start"
  69.     echo "stop -- TC Flow Control stop"
  70.     echo "restart -- TC Flow Control restart"
  71.     echo "status -- TC Show all TC Qdisc and class"
  72. }
  73. case "$1" in
  74.     start)
  75.         ( start && echo "Flow Control! TC started!" ) || echo "error."
  76.         exit 0
  77.         ;;

  78.     stop)
  79.         ( stop && echo "Flow Control TC stopped!" ) || echo "error."
  80.         exit 0
  81.         ;;
  82.     restart)
  83.         stop
  84.         start
  85.         echo "Flow Control restart"
  86.         ;;
  87.     status)
  88.         status
  89.         ;;

  90.     *) usage
  91.         exit 1
  92.         ;;
  93. esac

测试:
开启流量控制TC:

  1. # ./tc_last.sh start
有限制的IP:192.168.138.131

  1. # ifconfig eth0
  2. eth0 Link encap:Ethernet HWaddr 00:0C:29:DA:56:1C
  3.           inet addr:192.168.138.131 Bcast:192.168.138.255 Mask:255.255.255.0
  4.           UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
  5.           RX packets:1811422 errors:0 dropped:0 overruns:0 frame:0
  6.           TX packets:1083449 errors:0 dropped:0 overruns:0 carrier:0
  7.           collisions:0 txqueuelen:1000
  8.           RX bytes:943250761 (899.5 MiB) TX bytes:87045802 (83.0 MiB)

  9. # wget http://ftp13.enet.com.cn:88/pub/multimedia/video/uvs9_trial_e_rtm.rar
  10. --2013-08-08 17:44:01-- http://ftp13.enet.com.cn:88/pub/multimedia/video/uvs9_trial_e_rtm.rar
  11. Resolving ftp13.enet.com.cn... 122.224.6.16
  12. Connecting to ftp13.enet.com.cn|122.224.6.16|:88... connected.
  13. HTTP request sent, awaiting response... 200 OK
  14. Length: 180175741 (172M) [application/octet-stream]
  15. Saving to: `uvs9_trial_e_rtm.rar.17

无限制IP:192.168.138.99


  1. # ifconfig eth0
  2. eth0 Link encap:Ethernet HWaddr 00:0C:29:88:EC:85
  3.           inet addr:192.168.138.99 Bcast:192.168.138.255 Mask:255.255.255.0
  4.           UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
  5.           RX packets:88578 errors:0 dropped:0 overruns:0 frame:0
  6.           TX packets:43771 errors:0 dropped:0 overruns:0 carrier:0
  7.           collisions:0 txqueuelen:1000
  8.           RX bytes:19401052 (18.5 MiB) TX bytes:6876868 (6.5 MiB)

  9. # wget http://ftp13.enet.com.cn:88/pub/multimedia/video/uvs9_trial_e_rtm.rar
  10. --2013-07-16 22:57:10-- http://ftp13.enet.com.cn:88/pub/multimedia/video/uvs9_trial_e_rtm.rar
  11. Resolving ftp13.enet.com.cn... 122.224.6.16
  12. Connecting to ftp13.enet.com.cn|122.224.6.16|:88... connected.
  13. HTTP request sent, awaiting response... 200 OK
  14. Length: 180175741 (172M) [application/octet-stream]
  15. Saving to: `uvs9_trial_e_rtm.rar.2

效果还是很显著的,就是和设置的流量范围有偏差,有待继续研究!


阅读(757) | 评论(0) | 转发(0) |
给主人留下些什么吧!~~