Emmanuel Noobadmin
2011-Sep-20 18:20 UTC
[CentOS-virt] Network traffic control/shaping of guest interfaces
I've been using tc/htb for network control previously to control bandwidth available to different services running on their own IPs on a unvirtualized host. Now, I have put them into their own guest VM. I would like to be able to do something similar to ensure the more crucial service gets more bandwidth as well as ensuring ssh always get reserved bandwidth. However, when I try the good old tc/htb commands on the host, it fails to do anything useful. My script that works on the non-virtualized setup was this TCADD="tc class add dev eth0 parent" $TCADD 1:0 classid 1:1 htb rate 1250kbps ceil 1250kbps $TCADD 1:1 classid 1:10 htb rate 25kbps ceil 150kbps prio 0 $TCADD 1:1 classid 1:11 htb rate 100kbps ceil 300kbps prio 1 $TCADD 1:1 classid 1:12 htb rate 300kbps ceil 600kbps prio 1 $TCADD 1:1 classid 1:19 htb rate 75kbps ceil 150kbps prio 2 TFADD="tc filter add dev eth0 protocol ip parent" $TFADD 1:0 prio 0 u32 match ip dport 10022 0xffff flowid 1:10 $TFADD 1:0 prio 1 u32 match ip dst <public ip ipaddress 1> flowid 1:11 $TFADD 1:0 prio 1 u32 match ip dst <public ip address 2> flowid 1:12 I can't put the restrictions within the guest because I don't want the individual VM admins to be able to stop the script from running. On my new host, I have bridged networking with br0, eth0 and guests running off vnet<n>. I've tried applying tc on br0, eth0, vnet<n> but they don't seem to have any effect based on a 20MB FTP test. I've been googling for a while to find an solution but haven't hit on anything apart from using yet another firewall/router sitting between everything and the Internet. Is there any other solution apart from that?
Nenad Opsenica
2011-Sep-20 18:29 UTC
[CentOS-virt] Network traffic control/shaping of guest interfaces
On 09/20/2011 08:20 PM, Emmanuel Noobadmin wrote:> I can't put the restrictions within the guest because I don't want the > individual VM admins to be able to stop the script from running. > > On my new host, I have bridged networking with br0, eth0 and guests > running off vnet<n>. > I've tried applying tc on br0, eth0, vnet<n> but they don't seem to > have any effect based on a 20MB FTP test. > > I've been googling for a while to find an solution but haven't hit on > anything apart from using yet another firewall/router sitting between > everything and the Internet. Is there any other solution apart from > that?I would convert bridged setup on host to the routed one. Then you will have several separate interfaces on host, each one used for communication with only one guest and it will be easy to attach tc to them. Regards, Nenad