Hello all,
How do I impose bandwidth restrictions on incoming packets across an entire subnet using tc in Alma Linux 8, 9, and later?
Thanks, Jenn
Hi,
You can use the tc (traffic control) utility combined with an ifb (Intermediate Functional Block) device to limit incoming traffic rates for an entire subnet. The following commands provide a step-by-step process to set this up:
Load and activate the IFB module
modprobe ifb
ip link set dev ifb0 up
Clear any existing traffic control configurations
tc qdisc del dev enp1s0 root
tc qdisc del dev ifb0 root
tc qdisc del dev enp1s0 ingress
Attach an ingress qdisc to the network interface
tc qdisc add dev enp1s0 ingress
Redirect incoming subnet traffic to the IFB device
# tc filter add dev enp1s0 parent ffff: protocol ip prio 1 u32 match ip src 192.0.2.0/255.255.255.0 action mirred egress redirect dev ifb0
Set up HTB shaping on the IFB interface
# tc qdisc add dev ifb0 root handle 1: htb default 30
# tc class add dev ifb0 parent 1: classid 1:1 htb rate 20mbit ceil 20mbit
Apply traffic filtering and shaping rules
tc filter add dev ifb0 protocol ip parent 1: prio 1 u32 match ip src 192.0.2.0/255.255.255.0 flowid 1:1
Here are examples where the tc command was executed on the server, followed by transferring a file via scp to verify the speed under a 20 Mb/s restriction.
# scp TestFile root@192.168.1.1:/root
root@192.0.2.50's password:
TestFile 100% 200MB 2.3MB/s 01:11
# scp TestFile root@192.158.1.1:/root
root@192.0.2.50's password:
sample_40MB_file3 100% 40MB 2.4MB/s 00:20
Let me know if it solves at your end.
Richard 