Master Linux TC: Control Bandwidth with HTB, Classes, and Filters

TC Overview

Linux traffic control (TC) provides a hierarchical framework for shaping, scheduling, and policing network traffic. It is built from three components:

Queueing disciplines (qdisc) – define how packets are queued and transmitted. The default pfifo queues packets FIFO, while advanced qdiscs such as RED, SFQ, token‑bucket, and HTB implement more sophisticated behavior.

Classes – represent bandwidth allocation policies. Each class can be assigned a guaranteed rate, a maximum ceil, optional burst / cburst values, and a priority prio.

Filters – classify packets into classes. Filters can match on fwmark, u32 criteria, or Netfilter marks set by iptables.

TC primarily controls egress (outbound) traffic; inbound shaping is limited.

Practical Example

Assume eth0 is the external interface. The following commands create a root HTB qdisc with a 2 Mbit guaranteed rate and a 4 Mbit ceiling for the whole server, then add a child class for a specific application and attach a fair‑queueing discipline.

Add a root HTB qdisc. The handle 1: is used as a namespace for subsequent classes.

# tc qdisc add dev eth0 root handle 1: htb default 1

Create a parent class (classid 1:30 ) with the desired rate and ceiling.

# tc class add dev eth0 parent 1:0 classid 1:30 htb rate 2mbit ceil 4mbit prio 2

Add a child class (classid 1:31 ) for the application, limiting it to 0.5 Mbit guaranteed and 2 Mbit maximum.

# tc class add dev eth0 parent 1:30 classid 1:31 htb rate 0.5mbit ceil 2mbit prio 3

Attach an SFQ qdisc to the child class to prevent a single flow from monopolising the bandwidth.

# tc qdisc add dev eth0 parent 1:31 handle 31: sfq perturb 10

Insert a filter that matches packets marked with 31 and directs them to the child class.

# tc filter add dev eth0 parent 1: protocol ip prio 31 handle 31 fw flowid 1:31

Mark the relevant packets with iptables (or a u32 filter) so the TC filter can recognise them.

# iptables -t mangle -I FORWARD -i !eth1 -p tcp --sport 80 -s 192.0.2.10 -j MARK --set-mark 31

Key Parameters

rate – guaranteed bandwidth for the class.

ceil – maximum bandwidth the class may borrow.

burst and cburst – amount of data that can be sent at the interface’s peak rate before the token‑bucket limits apply. The values must be at least as large as the largest child‑class burst.

prio – lower numbers have higher priority when bandwidth is contested.

Burst and cburst

The burst parameter allows a class to transmit a short amount of data at the line’s physical maximum, improving responsiveness for bursty traffic such as web browsing. cburst works similarly for the ceiling value. Both must be equal to or larger than the corresponding values of any child class.

Command Reference

tc qdisc add dev DEV root handle ID: htb [default CLASS]
 tc class add dev DEV parent PARENT classid CLASSID htb rate RATE ceil CEIL [prio PRIO] [burst BURST] [cburst CBURST]
 tc filter add dev DEV parent PARENT protocol ip prio PRIO u32 match ip dst IP/NET flowid CLASSID
 tc -s qdisc show dev DEV
 tc -s class show dev DEV
 tc -s filter show dev DEV