[CentOS-virt] Network traffic control/shaping of guest interfaces

Tue Sep 20 18:20:05 UTC 2011
Emmanuel Noobadmin <centos.admin at gmail.com>

I've been using tc/htb for network control previously to control
bandwidth available to different services running on their own IPs on
a unvirtualized host.

Now, I have put them into their own guest VM. I would like to be able
to do something similar to ensure the more crucial service gets more
bandwidth as well as ensuring ssh always get reserved bandwidth.
However, when I try the good old tc/htb commands on the host, it fails
to do anything useful.

My script that works on the non-virtualized setup was this

TCADD="tc class add dev eth0 parent"
$TCADD 1:0 classid 1:1 htb rate 1250kbps ceil 1250kbps
$TCADD 1:1 classid 1:10 htb rate 25kbps ceil 150kbps prio 0
$TCADD 1:1 classid 1:11 htb rate 100kbps ceil 300kbps prio 1
$TCADD 1:1 classid 1:12 htb rate 300kbps ceil 600kbps prio 1
$TCADD 1:1 classid 1:19 htb rate 75kbps ceil 150kbps prio 2

TFADD="tc filter add dev eth0 protocol ip parent"
$TFADD 1:0 prio 0 u32 match ip dport 10022 0xffff flowid 1:10
$TFADD 1:0 prio 1 u32 match ip dst <public ip ipaddress 1> flowid 1:11
$TFADD 1:0 prio 1 u32 match ip dst <public ip address 2> flowid 1:12

I can't put the restrictions within the guest because I don't want the
individual VM admins to be able to stop the script from running.

On my new host, I have bridged networking with br0, eth0 and guests
running off vnet<n>.
I've tried applying tc on br0, eth0, vnet<n> but they don't seem to
have any effect based on a 20MB FTP test.

I've been googling for a while to find an solution but haven't hit on
anything apart from using yet another firewall/router sitting between
everything and the Internet. Is there any other solution apart from