Linux – Network Traffic Priority by IP


I'm using Ubuntu 12.10 and looking for a way to shape network traffic based on the IP address. I have a LAN, lets say from – The server is at All IPs should have the maximum possible network speeds (all ports, but Samba is the actual culprit). The moment a specific IP or IP range (eg: connects, the full speed should be given to that IP, all other IPs speed should be reduced to the minimum. Once the IPs traffic is finished, the rest of the connected IPs' speed should be restored.

I pretty much have a server and if my own PC connects to it, I want full speed. Only if I'm not using the server, the rest should have full access.

I've found some solutions online with tc, but they all limit specific IPs with a certain speed. I however want all people to have the max speed, except if a certain IP is connected. So basically my IP should have the highest priority and the rest the lowest priority.

Can anyone help me out with a script or maybe a program that already exists?

Best Answer

tc is the way to go. The trick is to prioritize traffic without limiting it., section 9.5.3 "The PRIO qdisc"; by default it creates 3 queues but you can ignore the 3rd one. The simplest approach would be:

Create the queue disciplines (qdisc)

tc qdisc add dev eth0 root handle 1: prio

tc qdisc add dev eth0 parent 1:1 handle 10: sfq
tc qdisc add dev eth0 parent 1:2 handle 20: sfq
tc qdisc add dev eth0 parent 1:3 handle 30: sfq

They all have the same queue algorithm; then assign your servers (IP in this case) to handle 10: and the rest to 20: :

tc filter add dev eth0 protocol ip parent 1:1 prio 1 u32 match ip dst flowid 10:
tc filter add dev eth0 protocol ip parent 1:2 prio 2 flowid 20:

(Disclaimer: it's a been a while since I touched this stuff, you may have to experiment with the values after parent and flowid)

Using ranges that are powers of 2 is a lot easier than decimal limits. The /25 after the IP address ignores the last 7 bits of the IP address, hence a range from 0 to 127. Use a /26 to limit the range to 0..63, if necessary.

On the same page, Hierarchical Token Bucket is discussed, which is a more finegrained way of distributing bandwidth. The trick is to create to 2 classes with a skewed bandwidth ratio, say 1:10 (100 mbit vs 1000 mbit). This will leave some bandwidth to your other clients.