Creating Classes of Network Traffic
…with RHEL 7
References:
Prioritisation of Outbound Network Traffic
Scenario
-
Any class of traffic may consume all available bandwidth.
-
If there are simultaneous competing traffic classes then:
-
High priority traffic gets to use all the available bandwidth except what is guaranteed to the lower classes.
-
Medium priority traffic gets its guaranteed rate. If there is no high priority traffic then the medium traffic will expand and consume the entire bandwidth available.
-
Low priority traffic gets its guaranteed rate. Only when there is no high or medium priority traffic, the low priority traffic will expand and consume the entire bandwidth available.
-
Low priority traffic classes will loose their additional allocation of bandwidth over their guaranteed bandwidth whenever there is higher priority traffic.
Solution Design
With RHEL 7 Traffic Control to create three classes of traffic:
-
High priority
- Application traffic
- Services that directory support the application; dns, ldap, ntp.
-
Medium priority (default class)
- Infrastructure services; software updates via Red Hat Satellite.
- Maintenance services; ssh.
-
Low priority
- Forwarding Logs
The maximum rate of high priority traffic and the ceiling for all three classes of traffic is being set to an unrealistically high number to ensure the server will use all available bandwidth. Just as what would happen if there were no traffic prioritisation rules. It is thought “900mbit” is an unrealistic rate for the target links we intend to use.
The “burst” attribute is used to adjust the responsiveness of maintaining adherence to the rates. The default will be used and the system will set a value which is a little sluggish/lazy but it should affect changes within seconds.
Limitations
- Only outbound traffic is being limited in this solution. Our focus is on controlling the uploading of “Log” traffic.
Implementation
The “Traffic Control” command “/usr/sbin/tc” comes with the “iproute” package.
Show the Traffic Classes
tc class show ens5
tc -s class show ens5
tc filter show dev ens5 parent 1:
Delete existing traffic control rules
tc qdisc delete dev ens5 root
Create the Traffic Classes and set the default class.
tc qdisc add dev ens5 root handle 1: htb default 20
tc class add dev ens5 parent 1: classid 1:1 htb rate 900mbit
tc class add dev ens5 parent 1:1 classid 1:10 htb rate 900mbit ceil 900mbit prio 1
tc class add dev ens5 parent 1:1 classid 1:20 htb rate 10mbit ceil 900mbit prio 2
tc class add dev ens5 parent 1:1 classid 1:30 htb rate 1kbit ceil 900mbit prio 3
Make the queue scheduling fair to minimise starvation when under heavy load.
tc qdisc add dev ens5 parent 1:10 handle 10: sfq perturb 10
tc qdisc add dev ens5 parent 1:20 handle 20: sfq perturb 10
tc qdisc add dev ens5 parent 1:30 handle 30: sfq perturb 10
Select traffic for the High priority class.
tc filter add dev ens5 parent 1: protocol ip u32 match ip dport 53 0xffff flowid 1:10
tc filter add dev ens5 parent 1: protocol ip u32 match ip dport 123 0xffff flowid 1:10
tc filter add dev ens5 parent 1: protocol ip u32 match ip dport 389 0xffff flowid 1:10
tc filter add dev ens5 parent 1: protocol ip u32 match ip dport <application_ports> 0xffff flowid 1:10
Select traffic for the Medium priority class.
tc filter add dev ens5 parent 1: protocol ip u32 match ip dport 22 0xffff flowid 1:20
tc filter add dev ens5 parent 1: protocol ip u32 match ip dst <satellite> 0xffff flowid 1:20
Select traffic for the Low priority class.
tc filter add dev ens5 parent 1: protocol ip u32 match ip dport 514 0xffff flowid 1:30
Written with StackEdit.
No comments:
Post a Comment