输入方向的流量控制
概述
Linux中的QoS分为入口(Ingress)部分和出口(Egress)部分,入口部分主要用于进行入口流量限速(policing),出口部分主要
用于队列调度(queuing scheduling)。
大多数排队规则(qdisc)都是用于输出方向的,输入方向只有一个排队规则,即ingress qdisc。ingress qdisc本身的功能很有限,
但可用于重定向incoming packets。通过Ingress qdisc把输入方向的数据包重定向到虚拟设备ifb,而ifb的输出方向可以配置
多种qdisc,就可以达到对输入方向的流量做队列调度的目的。
Q: 为什么大多数的流量控制都是在输出方向的?
A: It is easiest to create traffic control rules for traffic flowing out of an interface, since we can control when the system
sends data, but controlling when we receive data requires an additional intermediate queue to be created to buffer
incoming data.
原理图如下:
Ingress qdisc
The ingress qdisc itself does not require any parameters. It differs from other qdiscs in that it does not occupy the
root of a device. Attach it like this:
# tc qdisc add dev eth0 ingress
This allows you to have other, sending qdiscs on your device besides the ingress qdisc.
About the ingress qdisc
Ingress qdisc (known as ffff:) can't have any children classes. (hence the existence of IMQ)
The only thing you can do with the ingress qdisc is attach filters.
About filtering on the ingress qdisc
Since there are no classes to which to direct the packets, the only reasonable option is to drop the packets.
With clever use of filtering, you can limit particular traffic signatures to particular uses of your bandwidth.
入口流量的限速
# tc qdisc add dev eth0 ingress
# tc filter add dev eth0 parent ffff: protocol ip prio 10 u32 match ip src 0.0.0.0/0 police rate 2048kbps burst 1m drop flowid :1
ifb
IFB — Intermediate Functional Block device。
Q: How can we use qdisc (e.g., netem) on incoming traffic?
A: You need to use IFB. This network device allows attaching queueing disciplines to incoming packets.
To use an IFB, you must have IFB support in your kernel (configuration option CONFIG_IFB). Assuming that
you have a modular kernel, the name of the IFB module is ifb and may be loaded using the command
modprobe ifb (if you have modprobe installed) or insmod /path/to/module/ifb.
ip link set ifb0 up
ip link set ifb1 up
By default, two IFB devices(ifb0 and ifb1) are created.
IFB allows for queueing incoming traffic for shaping instead of dropping.
ifb模块需要手动加载。
# modprobe ifb
启用虚拟设备ifb0。
# ip link set dev ifb0 up
使用ifb0做输入方向的重定向。
tc filter add dev eth0 parent fff: protocol ip u32 match u32 0 0 flowid 1:1 action mirred egress redirect dev ifb0
使用ifb0做输出方向的重定向。
tc filter add dev eth0 parent 1: protocol ip u32 match u32 0 0 flowid 1:1 action mirred egress redirect dev ifb0
实例
用ingress qdisc和ifb做ingress方向的队列调度。
# modprobe ifb
# ip link set dev ifb0 up txqueuelen 1000
# tc qdisc add dev eth1 ingress
# tc filter add dev eth1 parent ffff: protocol ip u32 match u32 0 0 flowid 1:1 action mirred egress redirect dev ifb0
# tc qdisc add dev ifb0 root netem delay 50ms loss 1%
Author
zhangskd @ csdn
Reference
[1] http://lartc.org/howto/index.html
[2] http://www.linuxfoundation.org/collaborate/workgroups/networking/ifb