Hello, i’m having trouble with policy base routing, and can use some help.
I am planning to limit bandwidth of certain IPs to 64kbit during night hours. On the network IP hosts are assigned a DHCP ip address based on mac which corresponds to the range where I need to limit bandwidth at night.
I have a traffic-policy shaper that works, however, the syntax of the that command only allows one destination address. To work around this, I am attempting to use PBR to mark packets from a specific destination address range. It does not seem to work, from what I can tell the PBR policy is not marking the packets or the traffic-policy is not matching the packets.
The router has NAT on the local subnet and I am filtering by local destination IP address
My configuration is below, how is the route policy processed and when? what would cause it not to match the marked packets?
address-group ADDR_RANGE_NIGHT_LIMIT {
address XX.XX.XX.100-XX.XX.XX.199
}
route POLICY_NIGHT_LIMIT_MARK {
description "This marks pakets on in the group for matching in shaper"
rule 100 {
destination {
group {
address-group ADDR_RANGE_NIGHT_LIMIT
}
}
set {
mark 8000
}
}
}
shaper POLICY_NIGHT_LIMIT {
class 100 {
bandwidth 64kbit
description "rate limit policy for devices DHCP assined in the range"
match MATCH_ADDR_MARK {
mark 8000
}
}
default {
bandwidth 1000Mbit
}
}
ethernet eth0 {
address dhcp
description WAN
duplex auto
firewall {
in {
name WAN-IN-4
}
local {
name WAN-LOCAL
}
}
policy {
route POLICY_NIGHT_LIMIT_MARK
}
smp-affinity auto
speed auto
}
ethernet eth1 {
address xx.xx.0.xx/24
description LAN_PRIVATE
duplex auto
firewall {
in {
name LAN_PRIVATE-IN
}
out {
name LAN_PRIVATE-OUT
}
}
policy {
route POLICY_NIGHT_LIMIT_MARK
}
smp-affinity auto
speed auto
traffic-policy {
out POLICY_NIGHT_LIMIT
}
}
type or paste code here
type or paste code here