Skip to content

Port based traffic limit


  1. qdisc is the core of Linux traffic control system. qdisc is also known as queuing discipline.
  2. class
  3. filter
  4. HTB (Hierarchical Token Bucket)


  1. Establish HTB queue on network card eth0.
  2. Create subclasses for HTB queue.
  3. Create filters to direct traffic from source and destination ports to subclasses.

Specific steps

I. Machine initialization (Additions, one-time only)

Enable kernel module:

modprobe sch_htb
lsmod |grep sch_htb

If you need to load this module on startup, add it to /etc/modules.

echo 'sch_htb' >> /etc/modules

Enable statistics function:

echo 1 >/sys/module/sch_htb/parameters/htb_rate_est

II. Limit initialization (Add qdisc and default class, one-time only)

tc qdisc add dev eth0 root handle 1: htb default ffff
tc class add dev eth0 parent 1:1 classid 1:ffff htb rate 8gbit burst 25kb cburst 25kb

III. Dynamically add or delete limit configuration classes

Port: 8899

Limit: 10000b

IV. Check

V. How to uninstall sch_htb module

Parameter explanation


  • Network hardware can only send one packet at a time. This only depends on the hardware rate. Shared link software can use this ability to dynamically generate multiple connections running at different speeds. Therefore, rate and ceil are not an instantaneous measure, but an average value of sending packets at a certain time. The actual situation is how to make a traffic class with small traffic provide the maximum rate to other classes at a certain time. The burst and cburst parameters control how much data can be sent to the required other classes at the maximum hardware speed without effort.
  • If cburst is less than a theoretical data packet, the burst it forms will not exceed the ceil rate. Similarly, the highest rate of TBF is also like this.
  • You may ask, why do we need bursts? Because it can easily improve the response speed on a congested link. For example, WWW traffic is bursty. You visit the homepage and get and read it in bursts. During idle time, burst will be charged again.
  • Note: burst and cburst must be at least as large as the value of their subclasses.
  • Recommended kernel version > 4.x