1TC(8) Linux TC(8)
2
3
4
6 tc - show / manipulate traffic control settings
7
9 tc [ OPTIONS ] qdisc [ add | change | replace | link | delete ] dev DEV
10 [ parent qdisc-id | root ] [ handle qdisc-id ] [ ingress_block
11 BLOCK_INDEX ] [ egress_block BLOCK_INDEX ] qdisc [ qdisc specific pa‐
12 rameters ]
13
14 tc [ OPTIONS ] class [ add | change | replace | delete ] dev DEV parent
15 qdisc-id [ classid class-id ] qdisc [ qdisc specific parameters ]
16
17 tc [ OPTIONS ] filter [ add | change | replace | delete | get ] dev DEV
18 [ parent qdisc-id | root ] [ handle filter-id ] protocol protocol prio
19 priority filtertype [ filtertype specific parameters ] flowid flow-id
20
21 tc [ OPTIONS ] filter [ add | change | replace | delete | get ] block
22 BLOCK_INDEX [ handle filter-id ] protocol protocol prio priority fil‐
23 tertype [ filtertype specific parameters ] flowid flow-id
24
25 tc [ OPTIONS ] chain [ add | delete | get ] dev DEV [ parent qdisc-id |
26 root ] filtertype [ filtertype specific parameters ]
27
28 tc [ OPTIONS ] chain [ add | delete | get ] block BLOCK_INDEX filter‐
29 type [ filtertype specific parameters ]
30
31
32 tc [ OPTIONS ] [ FORMAT ] qdisc { show | list } [ dev DEV ] [ root |
33 ingress | handle QHANDLE | parent CLASSID ] [ invisible ]
34
35 tc [ OPTIONS ] [ FORMAT ] class show dev DEV
36
37 tc [ OPTIONS ] filter show dev DEV
38
39 tc [ OPTIONS ] filter show block BLOCK_INDEX
40
41 tc [ OPTIONS ] chain show dev DEV
42
43 tc [ OPTIONS ] chain show block BLOCK_INDEX
44
45
46 tc [ OPTIONS ] monitor [ file FILENAME ]
47
48
49 OPTIONS := { [ -force ] -b[atch] [ filename ] | [ -n[etns] name ] | [
50 -N[umeric] ] | [ -nm | -nam[es] ] | [ { -cf | -c[onf] } [ filename ] ]
51 [ -t[imestamp] ] | [ -t[short] | [ -o[neline] ] }
52
53 FORMAT := { -s[tatistics] | -d[etails] | -r[aw] | -i[ec] | -g[raph] |
54 -j[json] | -p[retty] | -col[or] }
55
56
58 Tc is used to configure Traffic Control in the Linux kernel. Traffic
59 Control consists of the following:
60
61
62 SHAPING
63 When traffic is shaped, its rate of transmission is under con‐
64 trol. Shaping may be more than lowering the available bandwidth
65 - it is also used to smooth out bursts in traffic for better
66 network behaviour. Shaping occurs on egress.
67
68
69 SCHEDULING
70 By scheduling the transmission of packets it is possible to im‐
71 prove interactivity for traffic that needs it while still guar‐
72 anteeing bandwidth to bulk transfers. Reordering is also called
73 prioritizing, and happens only on egress.
74
75
76 POLICING
77 Whereas shaping deals with transmission of traffic, policing
78 pertains to traffic arriving. Policing thus occurs on ingress.
79
80
81 DROPPING
82 Traffic exceeding a set bandwidth may also be dropped forthwith,
83 both on ingress and on egress.
84
85
86 Processing of traffic is controlled by three kinds of objects: qdiscs,
87 classes and filters.
88
89
91 qdisc is short for 'queueing discipline' and it is elementary to under‐
92 standing traffic control. Whenever the kernel needs to send a packet to
93 an interface, it is enqueued to the qdisc configured for that inter‐
94 face. Immediately afterwards, the kernel tries to get as many packets
95 as possible from the qdisc, for giving them to the network adaptor
96 driver.
97
98 A simple QDISC is the 'pfifo' one, which does no processing at all and
99 is a pure First In, First Out queue. It does however store traffic when
100 the network interface can't handle it momentarily.
101
102
104 Some qdiscs can contain classes, which contain further qdiscs - traffic
105 may then be enqueued in any of the inner qdiscs, which are within the
106 classes. When the kernel tries to dequeue a packet from such a class‐
107 ful qdisc it can come from any of the classes. A qdisc may for example
108 prioritize certain kinds of traffic by trying to dequeue from certain
109 classes before others.
110
111
113 A filter is used by a classful qdisc to determine in which class a
114 packet will be enqueued. Whenever traffic arrives at a class with sub‐
115 classes, it needs to be classified. Various methods may be employed to
116 do so, one of these are the filters. All filters attached to the class
117 are called, until one of them returns with a verdict. If no verdict was
118 made, other criteria may be available. This differs per qdisc.
119
120 It is important to notice that filters reside within qdiscs - they are
121 not masters of what happens.
122
123 The available filters are:
124
125 basic Filter packets based on an ematch expression. See tc-ematch(8)
126 for details.
127
128 bpf Filter packets using (e)BPF, see tc-bpf(8) for details.
129
130 cgroup Filter packets based on the control group of their process. See
131 tc-cgroup(8) for details.
132
133 flow, flower
134 Flow-based classifiers, filtering packets based on their flow
135 (identified by selectable keys). See tc-flow(8) and tc-flower(8)
136 for details.
137
138 fw Filter based on fwmark. Directly maps fwmark value to traffic
139 class. See tc-fw(8).
140
141 route Filter packets based on routing table. See tc-route(8) for de‐
142 tails.
143
144 rsvp Match Resource Reservation Protocol (RSVP) packets.
145
146 tcindex
147 Filter packets based on traffic control index. See tc-tcin‐
148 dex(8).
149
150 u32 Generic filtering on arbitrary packet data, assisted by syntax
151 to abstract common operations. See tc-u32(8) for details.
152
153 matchall
154 Traffic control filter that matches every packet. See tc-
155 matchall(8) for details.
156
157
159 Qdiscs may invoke user-configured actions when certain interesting
160 events take place in the qdisc. Each qevent can either be unused, or
161 can have a block attached to it. To this block are then attached fil‐
162 ters using the "tc block BLOCK_IDX" syntax. The block is executed when
163 the qevent associated with the attachment point takes place. For exam‐
164 ple, packet could be dropped, or delayed, etc., depending on the qdisc
165 and the qevent in question.
166
167 For example:
168
169 tc qdisc add dev eth0 root handle 1: red limit 500K avpkt 1K \
170 qevent early_drop block 10
171 tc filter add block 10 matchall action mirred egress mirror dev
172 eth1
173
174
176 The classless qdiscs are:
177
178 choke CHOKe (CHOose and Keep for responsive flows, CHOose and Kill for
179 unresponsive flows) is a classless qdisc designed to both iden‐
180 tify and penalize flows that monopolize the queue. CHOKe is a
181 variation of RED, and the configuration is similar to RED.
182
183 codel CoDel (pronounced "coddle") is an adaptive "no-knobs" active
184 queue management algorithm (AQM) scheme that was developed to
185 address the shortcomings of RED and its variants.
186
187 [p|b]fifo
188 Simplest usable qdisc, pure First In, First Out behaviour. Lim‐
189 ited in packets or in bytes.
190
191 fq Fair Queue Scheduler realises TCP pacing and scales to millions
192 of concurrent flows per qdisc.
193
194 fq_codel
195 Fair Queuing Controlled Delay is queuing discipline that com‐
196 bines Fair Queuing with the CoDel AQM scheme. FQ_Codel uses a
197 stochastic model to classify incoming packets into different
198 flows and is used to provide a fair share of the bandwidth to
199 all the flows using the queue. Each such flow is managed by the
200 CoDel queuing discipline. Reordering within a flow is avoided
201 since Codel internally uses a FIFO queue.
202
203 fq_pie FQ-PIE (Flow Queuing with Proportional Integral controller En‐
204 hanced) is a queuing discipline that combines Flow Queuing with
205 the PIE AQM scheme. FQ-PIE uses a Jenkins hash function to clas‐
206 sify incoming packets into different flows and is used to pro‐
207 vide a fair share of the bandwidth to all the flows using the
208 qdisc. Each such flow is managed by the PIE algorithm.
209
210 gred Generalized Random Early Detection combines multiple RED queues
211 in order to achieve multiple drop priorities. This is required
212 to realize Assured Forwarding (RFC 2597).
213
214 hhf Heavy-Hitter Filter differentiates between small flows and the
215 opposite, heavy-hitters. The goal is to catch the heavy-hitters
216 and move them to a separate queue with less priority so that
217 bulk traffic does not affect the latency of critical traffic.
218
219 ingress
220 This is a special qdisc as it applies to incoming traffic on an
221 interface, allowing for it to be filtered and policed.
222
223 mqprio The Multiqueue Priority Qdisc is a simple queuing discipline
224 that allows mapping traffic flows to hardware queue ranges using
225 priorities and a configurable priority to traffic class mapping.
226 A traffic class in this context is a set of contiguous qdisc
227 classes which map 1:1 to a set of hardware exposed queues.
228
229 multiq Multiqueue is a qdisc optimized for devices with multiple Tx
230 queues. It has been added for hardware that wishes to avoid
231 head-of-line blocking. It will cycle though the bands and ver‐
232 ify that the hardware queue associated with the band is not
233 stopped prior to dequeuing a packet.
234
235 netem Network Emulator is an enhancement of the Linux traffic control
236 facilities that allow to add delay, packet loss, duplication and
237 more other characteristics to packets outgoing from a selected
238 network interface.
239
240 pfifo_fast
241 Standard qdisc for 'Advanced Router' enabled kernels. Consists
242 of a three-band queue which honors Type of Service flags, as
243 well as the priority that may be assigned to a packet.
244
245 pie Proportional Integral controller-Enhanced (PIE) is a control
246 theoretic active queue management scheme. It is based on the
247 proportional integral controller but aims to control delay.
248
249 red Random Early Detection simulates physical congestion by randomly
250 dropping packets when nearing configured bandwidth allocation.
251 Well suited to very large bandwidth applications.
252
253 rr Round-Robin qdisc with support for multiqueue network devices.
254 Removed from Linux since kernel version 2.6.27.
255
256 sfb Stochastic Fair Blue is a classless qdisc to manage congestion
257 based on packet loss and link utilization history while trying
258 to prevent non-responsive flows (i.e. flows that do not react to
259 congestion marking or dropped packets) from impacting perfor‐
260 mance of responsive flows. Unlike RED, where the marking proba‐
261 bility has to be configured, BLUE tries to determine the ideal
262 marking probability automatically.
263
264 sfq Stochastic Fairness Queueing reorders queued traffic so each
265 'session' gets to send a packet in turn.
266
267 tbf The Token Bucket Filter is suited for slowing traffic down to a
268 precisely configured rate. Scales well to large bandwidths.
269
271 In the absence of classful qdiscs, classless qdiscs can only be at‐
272 tached at the root of a device. Full syntax:
273
274 tc qdisc add dev DEV root QDISC QDISC-PARAMETERS
275
276 To remove, issue
277
278 tc qdisc del dev DEV root
279
280 The pfifo_fast qdisc is the automatic default in the absence of a con‐
281 figured qdisc.
282
283
285 The classful qdiscs are:
286
287 ATM Map flows to virtual circuits of an underlying asynchronous
288 transfer mode device.
289
290 CBQ Class Based Queueing implements a rich linksharing hierarchy of
291 classes. It contains shaping elements as well as prioritizing
292 capabilities. Shaping is performed using link idle time calcula‐
293 tions based on average packet size and underlying link band‐
294 width. The latter may be ill-defined for some interfaces.
295
296 DRR The Deficit Round Robin Scheduler is a more flexible replacement
297 for Stochastic Fairness Queuing. Unlike SFQ, there are no built-
298 in queues -- you need to add classes and then set up filters to
299 classify packets accordingly. This can be useful e.g. for using
300 RED qdiscs with different settings for particular traffic. There
301 is no default class -- if a packet cannot be classified, it is
302 dropped.
303
304 DSMARK Classify packets based on TOS field, change TOS field of packets
305 based on classification.
306
307 ETS The ETS qdisc is a queuing discipline that merges functionality
308 of PRIO and DRR qdiscs in one scheduler. ETS makes it easy to
309 configure a set of strict and bandwidth-sharing bands to imple‐
310 ment the transmission selection described in 802.1Qaz.
311
312 HFSC Hierarchical Fair Service Curve guarantees precise bandwidth and
313 delay allocation for leaf classes and allocates excess bandwidth
314 fairly. Unlike HTB, it makes use of packet dropping to achieve
315 low delays which interactive sessions benefit from.
316
317 HTB The Hierarchy Token Bucket implements a rich linksharing hierar‐
318 chy of classes with an emphasis on conforming to existing prac‐
319 tices. HTB facilitates guaranteeing bandwidth to classes, while
320 also allowing specification of upper limits to inter-class shar‐
321 ing. It contains shaping elements, based on TBF and can priori‐
322 tize classes.
323
324 PRIO The PRIO qdisc is a non-shaping container for a configurable
325 number of classes which are dequeued in order. This allows for
326 easy prioritization of traffic, where lower classes are only
327 able to send if higher ones have no packets available. To facil‐
328 itate configuration, Type Of Service bits are honored by de‐
329 fault.
330
331 QFQ Quick Fair Queueing is an O(1) scheduler that provides near-op‐
332 timal guarantees, and is the first to achieve that goal with a
333 constant cost also with respect to the number of groups and the
334 packet length. The QFQ algorithm has no loops, and uses very
335 simple instructions and data structures that lend themselves
336 very well to a hardware implementation.
337
339 Classes form a tree, where each class has a single parent. A class may
340 have multiple children. Some qdiscs allow for runtime addition of
341 classes (CBQ, HTB) while others (PRIO) are created with a static number
342 of children.
343
344 Qdiscs which allow dynamic addition of classes can have zero or more
345 subclasses to which traffic may be enqueued.
346
347 Furthermore, each class contains a leaf qdisc which by default has
348 pfifo behaviour, although another qdisc can be attached in place. This
349 qdisc may again contain classes, but each class can have only one leaf
350 qdisc.
351
352 When a packet enters a classful qdisc it can be classified to one of
353 the classes within. Three criteria are available, although not all
354 qdiscs will use all three:
355
356 tc filters
357 If tc filters are attached to a class, they are consulted first
358 for relevant instructions. Filters can match on all fields of a
359 packet header, as well as on the firewall mark applied by ipta‐
360 bles.
361
362 Type of Service
363 Some qdiscs have built in rules for classifying packets based on
364 the TOS field.
365
366 skb->priority
367 Userspace programs can encode a class-id in the 'skb->priority'
368 field using the SO_PRIORITY option.
369
370 Each node within the tree can have its own filters but higher level
371 filters may also point directly to lower classes.
372
373 If classification did not succeed, packets are enqueued to the leaf
374 qdisc attached to that class. Check qdisc specific manpages for de‐
375 tails, however.
376
377
379 All qdiscs, classes and filters have IDs, which can either be specified
380 or be automatically assigned.
381
382 IDs consist of a major number and a minor number, separated by a colon
383 - major:minor. Both major and minor are hexadecimal numbers and are
384 limited to 16 bits. There are two special values: root is signified by
385 major and minor of all ones, and unspecified is all zeros.
386
387
388 QDISCS A qdisc, which potentially can have children, gets assigned a
389 major number, called a 'handle', leaving the minor number name‐
390 space available for classes. The handle is expressed as '10:'.
391 It is customary to explicitly assign a handle to qdiscs expected
392 to have children.
393
394
395 CLASSES
396 Classes residing under a qdisc share their qdisc major number,
397 but each have a separate minor number called a 'classid' that
398 has no relation to their parent classes, only to their parent
399 qdisc. The same naming custom as for qdiscs applies.
400
401
402 FILTERS
403 Filters have a three part ID, which is only needed when using a
404 hashed filter hierarchy.
405
406
408 The following parameters are widely used in TC. For other parameters,
409 see the man pages for individual qdiscs.
410
411
412 RATES Bandwidths or rates. These parameters accept a floating point
413 number, possibly followed by either a unit (both SI and IEC
414 units supported), or a float followed by a '%' character to
415 specify the rate as a percentage of the device's speed (e.g. 5%,
416 99.5%). Warning: specifying the rate as a percentage means a
417 fraction of the current speed; if the speed changes, the value
418 will not be recalculated.
419
420 bit or a bare number
421 Bits per second
422
423 kbit Kilobits per second
424
425 mbit Megabits per second
426
427 gbit Gigabits per second
428
429 tbit Terabits per second
430
431 bps Bytes per second
432
433 kbps Kilobytes per second
434
435 mbps Megabytes per second
436
437 gbps Gigabytes per second
438
439 tbps Terabytes per second
440
441
442 To specify in IEC units, replace the SI prefix (k-, m-, g-, t-)
443 with IEC prefix (ki-, mi-, gi- and ti-) respectively.
444
445
446 TC store rates as a 32-bit unsigned integer in bps internally,
447 so we can specify a max rate of 4294967295 bps.
448
449
450 TIMES Length of time. Can be specified as a floating point number fol‐
451 lowed by an optional unit:
452
453 s, sec or secs
454 Whole seconds
455
456 ms, msec or msecs
457 Milliseconds
458
459 us, usec, usecs or a bare number
460 Microseconds.
461
462
463 TC defined its own time unit (equal to microsecond) and stores
464 time values as 32-bit unsigned integer, thus we can specify a
465 max time value of 4294967295 usecs.
466
467
468 SIZES Amounts of data. Can be specified as a floating point number
469 followed by an optional unit:
470
471 b or a bare number
472 Bytes.
473
474 kbit Kilobits
475
476 kb or k
477 Kilobytes
478
479 mbit Megabits
480
481 mb or m
482 Megabytes
483
484 gbit Gigabits
485
486 gb or g
487 Gigabytes
488
489
490 TC stores sizes internally as 32-bit unsigned integer in byte,
491 so we can specify a max size of 4294967295 bytes.
492
493
494 VALUES Other values without a unit. These parameters are interpreted
495 as decimal by default, but you can indicate TC to interpret them
496 as octal and hexadecimal by adding a '0' or '0x' prefix respec‐
497 tively.
498
499
501 The following commands are available for qdiscs, classes and filter:
502
503 add Add a qdisc, class or filter to a node. For all entities, a par‐
504 ent must be passed, either by passing its ID or by attaching di‐
505 rectly to the root of a device. When creating a qdisc or a fil‐
506 ter, it can be named with the handle parameter. A class is named
507 with the classid parameter.
508
509
510 delete A qdisc can be deleted by specifying its handle, which may also
511 be 'root'. All subclasses and their leaf qdiscs are automati‐
512 cally deleted, as well as any filters attached to them.
513
514
515 change Some entities can be modified 'in place'. Shares the syntax of
516 'add', with the exception that the handle cannot be changed and
517 neither can the parent. In other words, change cannot move a
518 node.
519
520
521 replace
522 Performs a nearly atomic remove/add on an existing node id. If
523 the node does not exist yet it is created.
524
525
526 get Displays a single filter given the interface DEV, qdisc-id, pri‐
527 ority, protocol and filter-id.
528
529
530 show Displays all filters attached to the given interface. A valid
531 parent ID must be passed.
532
533
534 link Only available for qdiscs and performs a replace where the node
535 must exist already.
536
537
539 The tc utility can monitor events generated by the kernel such as
540 adding/deleting qdiscs, filters or actions, or modifying existing ones.
541
542 The following command is available for monitor :
543
544 file If the file option is given, the tc does not listen to kernel
545 events, but opens the given file and dumps its contents. The
546 file has to be in binary format and contain netlink messages.
547
548
550 -b, -b filename, -batch, -batch filename
551 read commands from provided file or standard input and invoke
552 them. First failure will cause termination of tc.
553
554
555 -force don't terminate tc on errors in batch mode. If there were any
556 errors during execution of the commands, the application return
557 code will be non zero.
558
559
560 -o, -oneline
561 output each record on a single line, replacing line feeds with
562 the '\' character. This is convenient when you want to count
563 records with wc(1) or to grep(1) the output.
564
565
566 -n, -net, -netns <NETNS>
567 switches tc to the specified network namespace NETNS. Actually
568 it just simplifies executing of:
569
570 ip netns exec NETNS tc [ OPTIONS ] OBJECT { COMMAND | help }
571
572 to
573
574 tc -n[etns] NETNS [ OPTIONS ] OBJECT { COMMAND | help }
575
576
577 -N, -Numeric
578 Print the number of protocol, scope, dsfield, etc directly in‐
579 stead of converting it to human readable name.
580
581
582 -cf, -conf <FILENAME>
583 specifies path to the config file. This option is used in con‐
584 junction with other options (e.g. -nm).
585
586
587 -t, -timestamp
588 When tc monitor runs, print timestamp before the event message
589 in format:
590 Timestamp: <Day> <Month> <DD> <hh:mm:ss> <YYYY> <usecs> usec
591
592
593 -ts, -tshort
594 When tc monitor runs, prints short timestamp before the event
595 message in format:
596 [<YYYY>-<MM>-<DD>T<hh:mm:ss>.<ms>]
597
598
600 The show command has additional formatting options:
601
602
603 -s, -stats, -statistics
604 output more statistics about packet usage.
605
606
607 -d, -details
608 output more detailed information about rates and cell sizes.
609
610
611 -r, -raw
612 output raw hex values for handles.
613
614
615 -p, -pretty
616 for u32 filter, decode offset and mask values to equivalent fil‐
617 ter commands based on TCP/IP. In JSON output, add whitespace to
618 improve readability.
619
620
621 -iec print rates in IEC units (ie. 1K = 1024).
622
623
624 -g, -graph
625 shows classes as ASCII graph. Prints generic stats info under
626 each class if -s option was specified. Classes can be filtered
627 only by dev option.
628
629
630 -c[color][={always|auto|never}
631 Configure color output. If parameter is omitted or always, color
632 output is enabled regardless of stdout state. If parameter is
633 auto, stdout is checked to be a terminal before enabling color
634 output. If parameter is never, color output is disabled. If
635 specified multiple times, the last one takes precedence. This
636 flag is ignored if -json is also given.
637
638
639 -j, -json
640 Display results in JSON format.
641
642
643 -nm, -name
644 resolve class name from /etc/iproute2/tc_cls file or from file
645 specified by -cf option. This file is just a mapping of classid
646 to class name:
647
648 # Here is comment
649 1:40 voip # Here is another comment
650 1:50 web
651 1:60 ftp
652 1:2 home
653
654 tc will not fail if -nm was specified without -cf option but
655 /etc/iproute2/tc_cls file does not exist, which makes it possi‐
656 ble to pass -nm option for creating tc alias.
657
658
659 -br, -brief
660 Print only essential data needed to identify the filter and ac‐
661 tion (handle, cookie, etc.) and stats. This option is currently
662 only supported by tc filter show and tc actions ls commands.
663
664
666 tc -g class show dev eth0
667 Shows classes as ASCII graph on eth0 interface.
668
669 tc -g -s class show dev eth0
670 Shows classes as ASCII graph with stats info under each class.
671
672
674 tc was written by Alexey N. Kuznetsov and added in Linux 2.2.
675
677 tc-basic(8), tc-bfifo(8), tc-bpf(8), tc-cake(8), tc-cbq(8), tc-
678 cgroup(8), tc-choke(8), tc-codel(8), tc-drr(8), tc-ematch(8), tc-
679 ets(8), tc-flow(8), tc-flower(8), tc-fq(8), tc-fq_codel(8), tc-
680 fq_pie(8), tc-fw(8), tc-hfsc(7), tc-hfsc(8), tc-htb(8), tc-mqprio(8),
681 tc-pfifo(8), tc-pfifo_fast(8), tc-pie(8), tc-red(8), tc-route(8), tc-
682 sfb(8), tc-sfq(8), tc-stab(8), tc-tbf(8), tc-tcindex(8), tc-u32(8),
683 User documentation at http://lartc.org/, but please direct bugreports
684 and patches to: <netdev@vger.kernel.org>
685
686
688 Manpage maintained by bert hubert (ahu@ds9a.nl)
689
690
691
692iproute2 16 December 2001 TC(8)