Since you didn't include the classifiers it's hard to deduct what traffic you exactly mean in each class.
For instance, outgoing http or ssh traffic is very important for interactivity, incoming http not so much.
I would guarantee certain bandwidth for each service by saying: I have x kbps for incoming httpd traffic, and it gets divided equally among the users. If you have 10 or 100 users, it's fair." If you have high priority users or low priority users in each of these services you need to have additional classes and classifiers for them.
(Also I hope you know you can only shape outgoing traffic from an interface, NOT the incoming. That means if you want to limit the uplink, you have to work either with the outgoing interface to the internet or use the Intermediate Queuing Device. The lartc.org Guide is a very good resource.)
The chosen answer is incorrect/incomplete. I faced a similar issue, the chosen answer gave some help, but not enough.
First, the following command is not really needed.
tc qdisc del dev eth0 root
It will 'delete' the root qdisc, but inmediately gets substituted by a pfifo_fast one (so you don't lose connectivity).
The second command:
tc qdisc add dev eth0 root handle 1: prio
Will substitute the pfifo_fast qdisc with the prio one. By default, the prio queue has 3 bands (0, 1, 2) each managed by one class (1:1, 1:2 and 1:3).
The packets will be sent to one of those bands using the TOS field of the IP package. This configuration is shown when you execute:
tc qdisc ls
looking at the 'priomap' values.
Then, you add a netem qdisc:
tc qdisc add dev eth0 parent 1:1 handle 2: netem delay 500ms
With this command you delay all traffic going to the 1:1 band (until the filter is in place).
But there are two caveats:
- Your traffic can have a different TOS value and then being sent to another band.
- The prio qdisc can be configured so the traffic goes to another band.
The following solved my issue to not be affected by the netem while the filter is not applied. Instead of the above steps, I did:
tc qdisc add dev eth0 root handle 1: prio priomap 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2
This will send all traffic by default to the band 1:3.
Then, I added the rule to delay traffic:
tc qdisc add dev eth0 parent 1:1 handle 10: netem delay 100ms 10ms
This creates the qdisc in the band 0, but since all traffic goes to band 3, it didn't affect me.
Afterwards, I added the filter:
tc filter add dev eth0 protocol ip parent 1:0 prio 1 u32 match ip dst 10.0.0.1/32 match ip dport 80 0xffff flowid 1:1
Now with the filter, only the chosen IP/port will be affected, since we redirect the chosen traffic to the band 0.
All the other traffic continues unaffected since it continues to flow to band 3.
Best Answer
I figured out the answer. Following are the sequence of commands to recover.