Most Linux distributions come with the command tc for traffic control.

You can read more about tc’s qdisc in the article at the end of this article.

The command to simulate a weak network is given here directly.

It works directly on the specified physical NIC.

1
2
# 200m Latency 30ms Jitter + 10% packet loss + 10% repetition + 10% disorder
tc qdisc add dev ens256 root netem delay 200ms 30ms loss 10% duplicate 10% reorder 10%

Works on the specified port under the NIC, here is an example of port 2000.

1
2
3
4
tc qdisc add dev ens256 root handle 1: htb
tc class add dev ens256 parent 1: classid 1:10 htb rate 10000mbit
tc qdisc add dev ens256 parent 1:10 handle 10: netem delay 200ms 30ms loss 10% duplicate 10% reorder 10%
tc filter add dev ens256 parent 1:0 protocol ip prio 1 u32 match ip dport 2000 0xffff flowid 1:10

In a more complex case, if the current machine is a routing device, the egress NIC is ens192, the internal network is ens256, the network segment is 192.168.200.0/24, and traffic control is performed on all data coming to and from port 2000 of this segment.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
tc qdisc del dev ens192 root
tc qdisc add dev ens192 root handle 1: htb
tc class add dev ens192 parent 1: classid 1:10 htb rate 10000mbit
tc qdisc add dev ens192 parent 1:10 handle 10: netem delay 150ms 30ms
tc filter add dev ens192 parent 1:0 protocol ip prio 1 u32 match ip src 192.168.200.0/24 match ip sport 2000 0xffff flowid 1:10

tc qdisc del dev ens256 root
tc qdisc add dev ens256 root handle 1: htb
tc class add dev ens256 parent 1: classid 1:10 htb rate 10000mbit
tc qdisc add dev ens256 parent 1:10 handle 10: netem delay 150ms 30ms
tc filter add dev ens256 parent 1:0 protocol ip prio 1 u32 match ip dst 192.168.200.0/24 match ip dport 2000 0xffff flowid 1:10

Alternatively, all forwarded traffic except for port 22/3389 associated with 192.168.200.0/24 is dropped.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
tc qdisc del dev ens192 root
tc qdisc add dev ens192 root handle 1: htb
tc class add dev ens192 parent 1: classid 1:1 htb rate 10000mbit
tc class add dev ens192 parent 1: classid 1:2 htb rate 10000mbit
tc filter add dev ens192 parent 1: protocol ip prio 1 u32 match ip src 192.168.200.0/24 match ip sport 22 0xffff flowid 1:1
tc filter add dev ens192 parent 1: protocol ip prio 2 u32 match ip src 192.168.200.0/24 match ip sport 3389 0xffff flowid 1:1
tc filter add dev ens192 parent 1: protocol ip prio 3 u32 match ip src 192.168.200.0/24 flowid 1:2
tc qdisc add dev ens192 parent 1:2 handle 20: netem delay 100ms 15ms loss 2% duplicate 2% reorder 2%

tc qdisc del dev ens224 root
tc qdisc add dev ens224 root handle 1: htb
tc class add dev ens224 parent 1: classid 1:1 htb rate 10000mbit
tc class add dev ens224 parent 1: classid 1:2 htb rate 10000mbit
tc filter add dev ens224 parent 1: protocol ip prio 1 u32 match ip dst 192.168.200.0/24 match ip dport 22 0xffff flowid 1:1
tc filter add dev ens224 parent 1: protocol ip prio 2 u32 match ip dst 192.168.200.0/24 match ip dport 3389 0xffff flowid 1:1
tc filter add dev ens224 parent 1: protocol ip prio 3 u32 match ip dst 192.168.200.0/24 flowid 1:2
tc qdisc add dev ens224 parent 1:2 handle 10: netem delay 100ms 15ms loss 2% duplicate 2% reorder 2%

Remove traffic control rules:

1
tc qdisc del dev ens256 root

View Status.

1
2
3
tc -s qdisc show dev ens256
tc -s class show dev ens256
tc -s filter show dev ens256

Other related commands:

1
2
# delete filter 
tc filter del dev ens256 parent 1: handle 800::800 prio 1 protocol ip u32

Reference: