How to limit bandwidth on specific network interface

Limit bandwidth on specific network interface using wondershaper.

Installation

Display wondershaper description.

$ apt-cache search wondershaper
wondershaper - Easy to use traffic shaping script

Install wondershaper traffic shaping script.

$ sudo apt install wondershaper

Documentation

Inspect documentation.

$ zless /usr/share/doc/wondershaper/README.Debian.gz
How to set up the wondershaper on a Debian system

Outline:

STEP 0 Read this entire document before continuing, also, prerequisites
STEP 1 Gather data
STEP 2 Pre-test
STEP 3 Enable the wondershaper
STEP 4 Post-test
STEP 5 Controling the wondershaper
STEP 6 Permanent setup
STEP 7 Monitoring the wondershaper
STEP 8 Send email to [email protected]

[...]

Usage

Set 2 Mbit/s download and 1 Mbit/s upload on eth0 interface.

$ sudo wondershaper eth0 2048 1024

Clear traffic shaping on eth0 interface.

$ sudo wondershaper eth0 clear
Wondershaper queues have been cleared.

Permanent configuration

Edit network interfaces configuration to limit bandwidth on specific network interface at system boot.

$ cat /etc/network/interfaces
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

source /etc/network/interfaces.d/*

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
allow-hotplug eth0
iface eth0 inet dhcp
      up /usr/sbin/wondershaper eth0 2048 1024
      down /usr/sbin/wondershaper clear eth0

Impact on the operating system

Define traffic shaping on interface.

$ sudo wondershaper eth0 2048 1024

Impact on the system.

$ /sbin/tc qdisc show dev eth0
qdisc cbq 1: root refcnt 2 rate 10Mbit (bounded,isolated) prio no-transmit
qdisc sfq 30: parent 1:30 limit 127p quantum 1514b depth 127 divisor 1024 perturb 10sec 
qdisc sfq 10: parent 1:10 limit 127p quantum 1514b depth 127 divisor 1024 perturb 10sec 
qdisc sfq 20: parent 1:20 limit 127p quantum 1514b depth 127 divisor 1024 perturb 10sec 
qdisc ingress ffff: parent ffff:fff1 ---------------- 
$ /sbin/tc class  show dev eth0
class cbq 1: root rate 10Mbit (bounded,isolated) prio no-transmit
class cbq 1:1 parent 1: rate 1024Kbit (bounded,isolated) prio 5
class cbq 1:10 parent 1:1 leaf 10: rate 1024Kbit prio 1
class cbq 1:20 parent 1:1 leaf 20: rate 921Kbit prio 2
class cbq 1:30 parent 1:1 leaf 30: rate 819Kbit prio 2
$ /sbin/tc filter show dev eth0
filter parent 1: protocol ip pref 10 u32 chain 0 
filter parent 1: protocol ip pref 10 u32 chain 0 fh 800: ht divisor 1 
filter parent 1: protocol ip pref 10 u32 chain 0 fh 800::800 order 2048 key ht 800 bkt 0 flowid 1:10 not_in_hw 
  match 00100000/00ff0000 at 0
filter parent 1: protocol ip pref 10 u32 chain 0 fh 800::801 order 2049 key ht 800 bkt 0 flowid 1:30 not_in_hw 
  match 00110000/00ff0000 at 8
  match 123a0000/ffff0000 at 20
filter parent 1: protocol ip pref 11 u32 chain 0 
filter parent 1: protocol ip pref 11 u32 chain 0 fh 801: ht divisor 1 
filter parent 1: protocol ip pref 11 u32 chain 0 fh 801::800 order 2048 key ht 801 bkt 0 flowid 1:10 not_in_hw 
  match 00010000/00ff0000 at 8
filter parent 1: protocol ip pref 12 u32 chain 0 
filter parent 1: protocol ip pref 12 u32 chain 0 fh 802: ht divisor 1 
filter parent 1: protocol ip pref 12 u32 chain 0 fh 802::800 order 2048 key ht 802 bkt 0 flowid 1:10 not_in_hw 
  match 00060000/00ff0000 at 8
  match 05000000/0f00ffc0 at 0
filter parent 1: protocol ip pref 18 u32 chain 0 
filter parent 1: protocol ip pref 18 u32 chain 0 fh 803: ht divisor 1 
filter parent 1: protocol ip pref 18 u32 chain 0 fh 803::800 order 2048 key ht 803 bkt 0 flowid 1:20 not_in_hw 
  match 00000000/00000000 at 16

Clear traffic shaping on interface.

$ sudo wondershaper clear eth0
Wondershaper queues have been cleared.

Impact on the system.

$ /sbin/tc qdisc show dev eth0
qdisc pfifo_fast 0: root refcnt 2 bands 3 priomap  1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1
$ /sbin/tc filter show dev eth0
nil
$ /sbin/tc class  show dev eth0
nil

This is enough to determine whether traffic shaping is configured on specific network interface.

Internal commands

Define traffic shaping on interface.

$ sudo bash -x /usr/sbin/wondershaper eth0 2048 1024
+ '[' 3 -eq 0 ']'
+ '[' 3 -eq 1 ']'
+ '[' 3 -eq 2 ']'
+ '[' 3 -ne 3 ']'
+ DOWNLINK=2048
+ UPLINK=1024
+ DEV=eth0
+ NOPRIOHOSTSRC=
+ NOPRIOHOSTDST=
+ NOPRIOPORTSRC=
+ NOPRIOPORTDST=
+ /sbin/tc qdisc del dev eth0 root
+ /sbin/tc qdisc del dev eth0 ingress
+ /sbin/tc qdisc add dev eth0 root handle 1: cbq avpkt 1000 bandwidth 10mbit
+ /sbin/tc class add dev eth0 parent 1: classid 1:1 cbq rate 1024kbit allot 1500 prio 5 bounded isolated
+ /sbin/tc class add dev eth0 parent 1:1 classid 1:10 cbq rate 1024kbit allot 1600 prio 1 avpkt 1000
+ /sbin/tc class add dev eth0 parent 1:1 classid 1:20 cbq rate 921kbit allot 1600 prio 2 avpkt 1000
+ /sbin/tc class add dev eth0 parent 1:1 classid 1:30 cbq rate 819kbit allot 1600 prio 2 avpkt 1000
+ /sbin/tc qdisc add dev eth0 parent 1:10 handle 10: sfq perturb 10
+ /sbin/tc qdisc add dev eth0 parent 1:20 handle 20: sfq perturb 10
+ /sbin/tc qdisc add dev eth0 parent 1:30 handle 30: sfq perturb 10
+ /sbin/tc filter add dev eth0 parent 1:0 protocol ip prio 10 u32 match ip tos 0x10 0xff flowid 1:10
+ /sbin/tc filter add dev eth0 parent 1:0 protocol ip prio 11 u32 match ip protocol 1 0xff flowid 1:10
+ /sbin/tc filter add dev eth0 parent 1:0 protocol ip prio 10 u32 match ip protocol 17 0xff match ip sport 4666 0xffff flowid 1:30
+ /sbin/tc filter add dev eth0 parent 1: protocol ip prio 12 u32 match ip protocol 6 0xff match u8 0x05 0x0f at 0 match u16 0x0000 0xffc0 at 2 flowid 1:10
+ /sbin/tc filter add dev eth0 parent 1: protocol ip prio 18 u32 match ip dst 0.0.0.0/0 flowid 1:20
+ /sbin/tc qdisc add dev eth0 handle ffff: ingress
+ /sbin/tc filter add dev eth0 parent ffff: protocol ip prio 50 u32 match ip src 0.0.0.0/0 police rate 2048kbit burst 10k drop flowid :1

Clear traffic shaping on interface.

$ sudo bash -x /usr/sbin/wondershaper clear eth0
+ '[' 2 -eq 0 ']'
+ '[' 2 -eq 1 ']'
+ '[' 2 -eq 2 ']'
+ /sbin/tc qdisc del dev eth0 root
+ /sbin/tc qdisc del dev eth0 ingress
+ echo Wondershaper queues have been cleared.
Wondershaper queues have been cleared.
+ exit