Dear sir,
I am trying to set the mark packet in policy route for CDN bandwidth but it has some issues
I wants to find where is the wrong configuration in my router
eth3 vif 350 is WAN interface
eth0 is Lan interface
my source ip address is 192.168.20.18/29 where i wants to allow 100mbit bandwidth as CDN and 20mbps for international
my router configuration look like following firewall {
vyos@vyos# sh firewall
all-ping enable
broadcast-ping disable
config-trap disable
group {
network-group CDN-LIST {
network 103.211.148.0/22
network 103.94.252.192/26
network 43.228.195.0/25
network 103.94.254.192/26
network 43.228.192.192/26
network 43.228.195.128/26
network 103.94.252.128/26
network 103.94.254.128/26
network 43.228.194.0/25
}
}
ipv6-receive-redirects disable
ipv6-src-route disable
ip-src-route disable
log-martians enable
receive-redirects disable
send-redirects enable
source-validation disable
syn-cookies enable
twa-hazards-protection disable
[edit]
vyos@vyos# sh policy route
route CDN-ADD {
rule 100 {
destination {
group {
network-group CDN-LIST
}
}
set {
mark 20
}
source {
}
}
}
[edit]
vyos@vyos#
limiter ISP-IN {
class 10 {
bandwidth 20mbit
burst 2mbit
match HOST-20MB-IN {
ip {
destination {
address 192.168.20.18/32
}
}
}
}
default {
bandwidth 200mbit
}
}
shaper CDN {
class 11 {
bandwidth 100mbit
burst 2mbit
match CDN-BYPASS {
ip {
destination {
address 192.168.20.18/32
}
source {
address 192.168.20.18/32
}
}
mark 10
}
}
default {
bandwidth 100%
}
}
shaper ISP-OUT {
bandwidth auto
class 10 {
bandwidth 20mbit
match HOST-20M {
ip {
source {
address 192.168.20.18/32
}
}
}
}
default {
bandwidth 100%
}
}
[edit]
traffic policy applied in wan interface for international bandwidth
for CDN trafffic policy applied in eth0 as shaper
policy route applied in eth0 lan
regards
Arun tamrakar
Policy is applied to WAN interface, and matches on LAN addresses.
If sNAT is involved, you can’t match on LAN addresses.
(You could move policy to LAN interface, or use packet markings)
Also, using limiting is bad practice. Either use ifb to redirect, so you can use shaping instead. Or move policy to LAN interface, so policy applies to outgoing packets and can use shaping
Dear sir,
still i have issues in this script i wans to sperate band intl and CDN please help me what is the error in my configurations. please find my configuration as bellow
Dear all,
here is the configuration for packet mark and in this way i wants to allow 50mbit of band with CDN google
and 10mbit for others , but it has error so, please help me to resolve this issues
my configuration as bellow
all-ping enable
broadcast-ping disable
config-trap disable
group {
network-group PEERING {
network 43.228.195.0/25
network 103.94.252.192/26
network 103.94.254.192/26
network 43.228.192.192/26
network 43.228.195.128/26
network 103.94.252.128/26
network 103.94.254.128/26
network 103.155.68.0/24
}
}
ipv6-receive-redirects disable
ipv6-src-route disable
ip-src-route disable
log-martians enable
receive-redirects disable
send-redirects enable
source-validation disable
syn-cookies enable
twa-hazards-protection disable
[edit]
vyos@vyos#
policy route
vyos@vyos# sh policy route
route CDN-PAIRING {
rule 100 {
set {
mark 20000
}
source {
group {
network-group PEERING
}
}
}
}
[edit]
vyos@vyos#
traffice policy
vyos@vyos# sh traffic-policy
shaper DN-LINK {
bandwidth auto
class 100 {
bandwidth 10mbit
match office-traffic {
ip {
destination {
address 172.18.0.2/32
}
}
}
priority 1
queue-type fair-queue
}
class 101 {
bandwidth 50mbit
match GGC {
mark 20000
}
match Office-cdn {
ip {
destination {
address 172.18.0.2/32
}
}
}
priority 0
queue-type fair-queue
}
default {
bandwidth 512kbit
}
}
[edit]
vyos@vyos#
eth2 is wan and eth4 is lan
[edit]
vyos@vyos# sh interfaces ethernet eth2
address 192.168.15.2/30
duplex auto
hw-id 90:e2:ba:8b:48:28
policy {
route CDN-PAIRING
}
smp-affinity auto
speed auto
[edit]
vyos@vyos# sh interfaces ethernet eth4
address 172.18.0.1/24
duplex auto
hw-id 00:e0:4c:84:d3:8f
smp-affinity auto
speed auto
traffic-policy {
out DN-LINK
}
[edit]
best regards
arun Tamrakar