https://www.cnblogs.com/mr-amazing/p/4900523.html
http://www.cnblogs.com/weifeng1463/p/6805994.html
[root@iZbp1fna7ky0qz2jbj7gfpZ html]# cat /etc/sysconfig/iptables
# Generated by iptables-save v1.4.7 on Sat Jul 14 17:24:49 2018
*filter
:INPUT ACCEPT [191:18142]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [203:18851]
-A INPUT -p tcp -m limit --limit 30/sec --limit-burst 3 -j ACCEPT
-A INPUT -p tcp -j DROP
-A OUTPUT -p tcp -m limit --limit 30/sec --limit-burst 3 -j ACCEPT
-A OUTPUT -p tcp -j DROP
COMMIT
# Completed on Sat Jul 14 17:24:49 2018
Linux下限制网卡的带宽,可用来模拟服务器带宽耗尽,从而测试服务器在此时的访问效果。
1、安装iproute
yum -y install iproute
2、限制eth0网卡的带宽为50kbit:
/sbin/tc qdisc add dev eth0 root tbf rate 50kbit latency 50ms burst 1000
3、限制带宽为50kbit后,在百兆局域网中wget下载一个大文件:
[root@localhost ~]# wget http://192.168.1.7/test.zip
--19:40:27-- http://192.168.1.7/test.zip
Connecting to 192.168.1.7:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 23862312 (23M) [application/zip]
Saving to: `test.zip'
37% [=======> ] 8,994,816 457K/s eta 27s
下载速度为457K/s,限制效果达到。
4、解除eth0网卡的带宽限制:
/sbin/tc qdisc del dev eth0 root tbf
5、对比:未作带宽限制情况下,在百兆局域网中wget下载一个大文件:
[root@localhost ~]# wget http://192.168.1.7/test.zip
--19:44:33-- http://192.168.1.7/test.zip
Connecting to 192.168.1.7:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 23862312 (23M) [application/zip]
Saving to: `test.zip'
100%[==========>] 23,862,312 6.14M/s in 3.7s
19:44:36 (6.16 MB/s) - `test.zip' saved [23862312/23862312]
下载速度为6.16MB/s。
linux下针对源地址可以做流量的限速:
# iptables -A INPUT -p tcp -s 192.168.80.12 -m limit --limit 30/sec --limit-burst 3 -j ACCEPT
# iptables -A INPUT -p tcp -s 192.168.80.12 -j DROP
# iptables -A OUTPUT -p tcp -d 192.168.80.12 -m limit --limit 30/sec --limit-burst 3 -j ACCEPT
# iptables -A OUTPUT -p tcp -d 192.168.80.12 -m limit --limit 30/sec --limit-burst 3 -j ACCEPT
#iptables -A OUTPUT -p tcp -d 192.168.80.12 -j DROP
iptables -A INPUT -p tcp -s 192.168.80.15 -m limit --limit 5/sec --limit-burst 3 -j ACCEPT
iptables -A INPUT -p tcp -s 192.168.80.15 -j DROP
iptables -A OUTPUT -p tcp -s 192.168.80.15 -m limit --limit 5/sec --limit-burst 3 -j ACCEPT
iptables -A OUTPUT -p tcp -s 192.168.80.15 -j DROP
Linux下限制网卡的带宽
2010年9月6日
10:40
Q: Iptables限制包的流速
A: 由-m limit --limit <[!]limitnum> --limit-burst <burstnum>
--limit: 速率限制/sec /minute /hour
--limit-burst: 最大的连接数。这个是用来限制最大可用数的。因为:
1. 如果当前包速超过limit限定的值的时,超速部分将直接跳过当前规则,进
入下一条规则的匹配。
2. 如果当前没有包来,则limit会将该单位时间内的剩余量累计入下个单位时
间,但最大值不超过--limit-burst指定的值。
实例:从10.226.52.1上下载一个大文件,比较限速前与限速后的下载速度。。
限制速度前 (10M/s):过程如下所示
-bash-3.1#wget http://10.226.52.1/5GB.zip
--16:38:38-- http://10.226.52.1/5GB.zip
Connecting to 10.226.52.1:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 5362862509 (5.0G) [application/octet-stream]
Saving to: `5GB.zip'
2% [ ] 113,341,300 10.0M/s eta 9m 43s
限制速度后:
-bash-3.1# iptables -A INPUT -p tcp -s 10.226.52.1 -m limit --limit 30/sec --limit-burst 3 -j ACCEPT
-bash-3.1# iptables -A INPUT -p tcp -s 10.226.52.1 -j DROP (加这条的原因是INPUT链上的默认规则是ACCEPT)
-bash-3.1# iptables -A OUTPUT -p tcp -d 10.226.52.1 -m limit --limit 30/sec --limit-burst 3 -j ACCEPT
-bash-3.1# iptables -A OUTPUT -p tcp -d 10.226.52.1 -j DROP
-bash-3.1# wget http://10.226.52.1/5GB.zip
--10:08:32-- http://10.226.52.1/5GB.zip
Connecting to 10.226.52.1:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 5362862509 (5.0G) [application/octet-stream]
Saving to: `5GB.zip'
0% [ ] 461,912 14.1K/s eta 5d 19h
将上面的30/3改成5/5网速就限制在了7K/s左右
第三种:
#ethtool -s eth0 speed 10 将千兆网卡改成10兆的网卡
