Linux服务器 使用tc命令对网卡流量上下行限速

一、安装wondershaper软件

由于CentOS7第三方库内才有这个软件，先安装第三方库

yum install epel-release -y
yum install wondershaper -y

将上行带宽限制为1M，下行带宽限制为10M

wondershaper eth0 1024 10240

清除原有规则 (两个参数可以是任何字符)

wondershaper clean clean

查看已有规则 (查看eth0的规则)

wondershaper eth0

参数详解

一般为3个参数，第一个参数为网卡名，第二个上行速度（出）限制，第三个参数为下行速度（入）限制。

---

二、不愿意下载软件或者没有下载条件的可以使用下面这种步骤，代码是wondershaper软件内的

1. 创建一个文件，并添加可执行权限

touch wondershaper && chmod +x wondershaper

2. 复制代码下方代码到刚刚创建的文件内，并放入/usr/bin目录下

vi wondershaper
mv wondershaper /usr/sbin

#!/bin/bash 
function show_help {
  echo "Usage: $0 [device] clean|[upload speed in Kb/s] [download speed in Kb/s]"
  echo "Example: $0 eth0 20 500"
  exit
}

if [ $# -eq 0 ]; then
    show_help;
fi

if [ $# -eq 1 ]; then
  tc -s qdisc ls dev $1
  tc -s class ls dev $1
  exit
fi

if [ $# -eq 2 ]; then
  tc qdisc del dev $2 root    2> /dev/null > /dev/null
  tc qdisc del dev $2 ingress 2> /dev/null > /dev/null
  echo Wondershaper queues have been cleared.
  exit
fi

if [ $# -ne 3 ]; then
    show_help;
fi

DOWNLINK=$3
UPLINK=$2
DEV=$1

# low priority source netmasks
NOPRIOHOSTSRC=

# low priority destination netmasks
NOPRIOHOSTDST=

# low priority source ports
NOPRIOPORTSRC=

# low priority destination ports
NOPRIOPORTDST=

# clean existing down- and uplink qdiscs, hide errors
tc qdisc del dev $DEV root    2> /dev/null > /dev/null
tc qdisc del dev $DEV ingress 2> /dev/null > /dev/null

if [ "$1" = "stop" ] 
then 
    exit
fi

tc qdisc add dev $DEV root handle 1: cbq avpkt 1000 bandwidth 10mbit 

tc class add dev $DEV parent 1: classid 1:1 cbq rate ${UPLINK}kbit \
allot 1500 prio 5 bounded isolated 

tc class add dev $DEV parent 1:1 classid 1:10 cbq rate ${UPLINK}kbit \
   allot 1600 prio 1 avpkt 1000

tc class add dev $DEV parent 1:1 classid 1:20 cbq rate $[9*$UPLINK/10]kbit \
   allot 1600 prio 2 avpkt 1000

tc class add dev $DEV parent 1:1 classid 1:30 cbq rate $[8*$UPLINK/10]kbit \
   allot 1600 prio 2 avpkt 1000

tc qdisc add dev $DEV parent 1:10 handle 10: sfq perturb 10
tc qdisc add dev $DEV parent 1:20 handle 20: sfq perturb 10
tc qdisc add dev $DEV parent 1:30 handle 30: sfq perturb 10

tc filter add dev $DEV parent 1:0 protocol ip prio 10 u32 \
      match ip tos 0x10 0xff  flowid 1:10

tc filter add dev $DEV parent 1:0 protocol ip prio 11 u32 \
        match ip protocol 1 0xff flowid 1:10

tc filter add dev $DEV parent 1:0 protocol ip prio 10 u32 \
   match ip protocol 17 0xff \
   match ip sport 4666 0xffff \
   flowid 1:30 

tc filter add dev $DEV parent 1: protocol ip prio 12 u32 \
   match ip protocol 6 0xff \
   match u8 0x05 0x0f at 0 \
   match u16 0x0000 0xffc0 at 2 \
   flowid 1:10

for a in $NOPRIOPORTDST
do
    tc filter add dev $DEV parent 1: protocol ip prio 14 u32 \
       match ip dport $a 0xffff flowid 1:30
done

for a in $NOPRIOPORTSRC
do
    tc filter add dev $DEV parent 1: protocol ip prio 15 u32 \
       match ip sport $a 0xffff flowid 1:30
done

for a in $NOPRIOHOSTSRC
do
    tc filter add dev $DEV parent 1: protocol ip prio 16 u32 \
       match ip src $a flowid 1:30
done

for a in $NOPRIOHOSTDST
do
    tc filter add dev $DEV parent 1: protocol ip prio 17 u32 \
       match ip dst $a flowid 1:30
done

tc filter add dev $DEV parent 1: protocol ip prio 18 u32 \
   match ip dst 0.0.0.0/0 flowid 1:20

tc qdisc add dev $DEV handle ffff: ingress

tc filter add dev $DEV parent ffff: protocol ip prio 50 u32 match ip src \
   0.0.0.0/0 police rate ${DOWNLINK}kbit burst 10k drop flowid :1