Rate limiting is a crucial network management technique that helps control the amount of data transmitted over a network interface. This is particularly useful in preventing network congestion, managing bandwidth allocation, and ensuring fair usage among multiple users or services. In this guide, we’ll walk you through the steps to set rate limits on a Linux network interface.

Prerequisites

Before you begin, ensure you have:

• A Linux-based system (any modern distribution will work).
• Root or sudo privileges to execute network configuration commands.

Step 1: Install tc (Traffic Control)

The tc command, part of the iproute2 package, is the primary tool used for traffic control in Linux. Most modern distributions come with iproute2 installed. You can check if it’s installed by running:

tc --version

If tc is not installed, you can install it using your package manager. For example, on Debian-based systems (like Ubuntu):

sudo apt update
sudo apt install iproute2

On Red Hat-based systems (like CentOS):

sudo yum install iproute

Step 2: Identify Your Network Interface

First, identify the network interface you want to apply the rate limit to. You can list all network interfaces using:

ip link show

Suppose the interface you want to manage is eth0.

Step 3: Apply Rate Limits Using tc

Basic Rate Limiting

To set a simple rate limit, you can use the htb (Hierarchical Token Bucket) qdisc (queueing discipline). For example, to limit the outgoing traffic on eth0 to 1 Mbps:

1. Add the htb qdisc to the interface: sudo tc qdisc add dev eth0 root handle 1: htb default 30
2. Create a class under the htb qdisc with a rate limit: sudo tc class add dev eth0 parent 1: classid 1:1 htb rate 1mbit
3. Add a filter to direct traffic to the class: sudo tc filter add dev eth0 protocol ip parent 1:0 prio 1 u32 match ip src 0.0.0.0/0 flowid 1:1

Ingress Rate Limiting

Ingress traffic (incoming traffic) can also be rate-limited. This requires the use of the police action. For example, to limit the incoming traffic to 1 Mbps:

1. Add the ingress qdisc: sudo tc qdisc add dev eth0 handle ffff: ingress
2. Apply the rate limit using the police action: sudo tc filter add dev eth0 parent ffff: protocol ip u32 match u32 0 0 police rate 1mbit burst 10k drop flowid :1

Step 4: Verify Configuration

You can verify the configuration using the tc command:

tc qdisc show dev eth0
tc class show dev eth0
tc filter show dev eth0

These commands will display the current qdiscs, classes, and filters applied to eth0.

Step 5: Remove Rate Limits

If you need to remove the rate limits, you can delete the qdisc:

sudo tc qdisc del dev eth0 root
sudo tc qdisc del dev eth0 ingress

Conclusion

Setting rate limits on a Linux network interface using tc is a powerful way to manage network traffic. By following the steps outlined in this guide, you can effectively control the bandwidth usage on your network interfaces, ensuring better performance and fairer distribution of network resources.

For more advanced configurations, you can explore other qdiscs like fq_codel, tbf, and netem which provide additional features and finer control over network traffic.