linux 限速问题

hackerdmf

网络环境为 200台客户机  代理服务器 提供上网服务
外网三条线路 eth1 电信10m  eth2网通100m  eth3铁通10m
内网eth0
现在iptables已经做好了三线路由策略。
不知道怎么限速 本人不懂 tc模块使用
简单懂iptables
使用版本为 centos el5

[root@www tmp]# uname -r
2.6.18-53.el5
需要实现 单ip上传和下载限速功能。

hackerdmf

#!/bin/bash
#
#lvhe888@163.com
#
# 定义上下带宽
# 注意是 Kbit
DOWNLOAD=800Kbit
UPLOAD=160Kbit
# 定义内网IP段
INET=192.168.0.
# 定义限制的IP范围
IPS=1
IPE=253
# 定义本服务器IP
ServerIP=254
# 定义进出设备
IDEV=eth0
ODEV=ppp0
#
#
#
/sbin/tc qdisc del dev $IDEV root handle 10:
/sbin/tc qdisc del dev $ODEV root handle 20:
#
/sbin/tc qdisc add dev $IDEV root handle 10: cbq bandwidth 100Mbit avpkt 1000
/sbin/tc qdisc add dev $ODEV root handle 20: cbq bandwidth 1Mbit avpkt 1000
#
/sbin/tc class add dev $IDEV parent 10:0 classid 10:1 cbq bandwidth 100Mbit rate 100Mbit allot 1514 weight 1Mbit prio 8 maxburst 20 avpkt 1000
/sbin/tc class add dev $ODEV parent 20:0 classid 20:1 cbq bandwidth 1Mbit rate 1Mbit allot 1514 weight 10Kbit prio 8 maxburst 20 avpkt 1000
#
# 不限制内网从本服务器下载。
# 注意如本服务器上有代理，用户可通过代理绕过带宽限制，
# 可取消以下三句限制从本服务器下载。
/sbin/tc class add dev $IDEV parent 10:1 classid 10:10 cbq bandwidth 100Mbit rate 95Mbit allot 1514 weight 20Kbit prio 5 maxburst 20 avpkt 1000 bounded
/sbin/tc qdisc add dev $IDEV parent 10:10 sfq quantum 1514b perturb 15
/sbin/tc filter add dev $IDEV parent 10:0 protocol ip prio 50 u32 match ip src $INET$ServerIP flowid 10:10
#
#限制下载速度
COUNTER=$IPS
while [ $COUNTER -le $IPE ]
do
# 以下三句限制各IP的下载带宽
/sbin/tc class add dev $IDEV parent 10:1 classid 10:1$COUNTER cbq bandwidth 100Mbit rate $DOWNLOAD allot 1514 weight 20Kbit prio 5 maxburst 20 avpkt 1000 bounded
/sbin/tc qdisc add dev $IDEV parent 10:1$COUNTER sfq quantum 1514b perturb 15
/sbin/tc filter add dev $IDEV parent 10:0 protocol ip prio 100 u32 match ip dst $INET$COUNTER flowid 10:1$COUNTER
COUNTER=` expr $COUNTER + 1 `
done
#
#限制上传速度
COUNTER=$IPS
while [ $COUNTER -le $IPE ]
do
# 以下三句限制各IP的上传带宽
/sbin/tc class add dev $ODEV parent 20:1 classid 20:1$COUNTER cbq bandwidth 1Mbit rate $UPLOAD allot 1514 weight 4Kbit prio 5 maxburst 20 avpkt 1000 bounded
/sbin/tc qdisc add dev $ODEV parent 20:1$COUNTER sfq quantum 1514b perturb 15
/sbin/tc filter add dev $ODEV parent 20:0 protocol ip prio 100 handle $COUNTER fw classid 20:1$COUNTER
COUNTER=` expr $COUNTER + 1 `
done
#特殊照顾的IP在以上范围的用户
NIP=78
#192.168.0.78 这家伙天天BT
ND=200Kbit
NU=50Kbit
/sbin/tc class change dev $IDEV parent 10:1 classid 10:1$NIP bandwidth 100Mbit rate $ND allot 1514 weight 20Kbit prio 5 maxburst 20 avpkt 1000 bounded
/sbin/tc class change dev $ODEV parent 20:1 classid 20:1$NIP cbq bandwidth 1Mbit rate $NU allot 1514 weight 4Kbit prio 5 maxburst 20 avpkt 1000 bounded
#
NIP=1
# 192.168.0.1 增加我自已的带宽
ND=1500Kbit
NU=500Kbit
/sbin/tc class change dev $IDEV parent 10:1 classid 10:1$NIP bandwidth 100Mbit rate $ND allot 1514 weight 20Kbit prio 5 maxburst 20 avpkt 1000 bounded
/sbin/tc class change dev $ODEV parent 20:1 classid 20:1$NIP cbq bandwidth 1Mbit rate $NU allot 1514 weight 4Kbit prio 5 maxburst 20 avpkt 1000 bounded
# ...................
#
#
# 修改防火墙，增加上传限制
COUNTER=$IPS
while [ $COUNTER -lt $IPE ]
do
iptables -t mangle -A PREROUTING -i $IDEV -s $INET$COUNTER -j MARK --set-mark $COUNTER
COUNTER=` expr $COUNTER + 1 `
done

此脚本执行 服务器出现错误


RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
。。。。
。。。。
。。。。
。。。。

We have an error talking to the kernel
RTNETLINK answers: No such file or directory
RTNETLINK answers: Invalid argument
We have an error talking to the kernel
RTNETLINK answers: No such file or directory
RTNETLINK answers: Invalid argument
We have an error talking to the kernel
RTNETLINK answers: No such file or directory
RTNETLINK answers: Invalid argument
We have an error talking to the kernel
Error: Qdisc "bandwidth" is classless.
RTNETLINK answers: No such file or directory
Error: Qdisc "bandwidth" is classless.
RTNETLINK answers: No such file or directory
[root@www tmp]#

剑次狼

Qdisc设置错误，看你最开始的错误信息，看是脚本里第几行报错

hackerdmf

最开始执行 提示
[root@www tmp]# ./1
RTNETLINK answers: Invalid argument
RTNETLINK answers: File exists
RTNETLINK answers: No such file or directory
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
.....
....

剑次狼

你能贴下网卡和TC版本相关信息
ifconfig
tc -V
cat /proc/version

hackerdmf

[root@www ~]# ifconfig | more
eth0      Link encap:Ethernet  HWaddr 00:02:E3:37:97:4F
          inet addr:192.168.0.1  Bcast:192.168.0.255  Mask:255.255.255.0
          inet6 addr: fe80::202:e3ff:fe37:974f/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:144851014 errors:0 dropped:85 overruns:0 frame:0
          TX packets:172392033 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:1510937036 (1.4 GiB)  TX bytes:2502671727 (2.3 GiB)
          Interrupt:177

eth1      Link encap:Ethernet  HWaddr 00:02:E3:37:97:23
          inet addr:192.168.8.11  Bcast:192.168.8.255  Mask:255.255.255.0
          inet6 addr: fe80::202:e3ff:fe37:9723/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:21412668 errors:0 dropped:0 overruns:0 frame:0
          TX packets:19137965 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:3523882289 (3.2 GiB)  TX bytes:3408786185 (3.1 GiB)
          Interrupt:185

eth2      Link encap:Ethernet  HWaddr 00:02:E3:37:95:06
          inet addr:221.11.92.54  Bcast:221.11.92.63  Mask:255.255.255.224
          inet6 addr: fe80::202:e3ff:fe37:9506/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:152801618 errors:1082 dropped:0 overruns:0 frame:11114
          TX packets:125157756 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:3451083841 (3.2 GiB)  TX bytes:2329016365 (2.1 GiB)
          Interrupt:193

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:71 errors:0 dropped:0 overruns:0 frame:0
          TX packets:71 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:9545 (9.3 KiB)  TX bytes:9545 (9.3 KiB)

[root@www ~]# tc -v
Option "-v" is unknown, try "tc -help".
[root@www ~]# rpm -qa *tc*
patch-2.5.4-29.2.2
distcache-1.4.5-14.1
tcp_wrappers-7.6-40.4.el5
tcl-8.4.13-3.fc6
fontconfig-2.4.1-6.el5
tcsh-6.14-12.el5
tmpwatch-2.9.7-1.1.el5.1
logwatch-7.3-5
libXfontcache-1.0.2-3.1
fetchmail-6.3.6-1.1.el5
tcpdump-3.9.4-11.el5
[root@www ~]#

[root@www ~]# cat /proc/version
Linux version 2.6.18-53.el5 (mockbuild@builder6.centos.org) (gcc version 4.1.2 20070626 (Red Hat 4.1.2-14)) #1 SMP Mon Nov 12 02:22:48 EST 2007
[root@www ~]#

剑次狼

看你脚本里写的

# 定义进出设备
IDEV=eth0
ODEV=ppp0

但是你真实设备是eth2和3是出口，你直接用这个脚本运行当然报错说没说这个设备模块。。。。

hackerdmf

对了 那我已经修改过了 不好意思
我只用了eth0 和eth2 做测试

hackerdmf

#!/bin/bash
DOWNLOAD=800Kbit
UPLOAD=160Kbit
INET=192.168.0.
IPS=2
IPE=253
ServerIP=1
IDEV=eth2
ODEV=eth0

chenyx

tc -s qdisc show dev eth0看看