Hallo there if you check my Thread you will see i have a example there… The example at the bottom limits the user to 1800kbps…
set traffic-policy shaper CLIENT_QOS class 100 bandwidth ‘35%’
set traffic-policy shaper CLIENT_QOS class 100 burst ‘2kb’
set traffic-policy shaper CLIENT_QOS class 100 ceiling ‘100%’
set traffic-policy shaper CLIENT_QOS default bandwidth ‘65%’
set traffic-policy shaper CLIENT_QOS default burst ‘2kb’
set traffic-policy shaper CLIENT_QOS default ceiling ‘100%’
set traffic-policy shaper CLIENT_QOS class 100 queue-type ‘fq-codel’
set traffic-policy shaper EGRESS_QOS bandwidth ‘1800kbit’
set traffic-policy shaper EGRESS_QOS class 100 bandwidth ‘35%’
set traffic-policy shaper EGRESS_QOS class 100 burst ‘2kb’
set traffic-policy shaper EGRESS_QOS class 100 ceiling ‘100%’
set traffic-policy shaper EGRESS_QOS class 100 match CLIENT1 ip source address ‘192.168.4.70/24’
set traffic-policy shaper EGRESS_QOS class 100 queue-type ‘fq-codel’
set traffic-policy shaper EGRESS_QOS default bandwidth ‘65%’
set traffic-policy shaper EGRESS_QOS default burst ‘2kb’
set traffic-policy shaper EGRESS_QOS default ceiling ‘100%’
set traffic-policy shaper EGRESS_QOS default queue-type ‘fq-codel’
set interfaces ethernet eth0 traffic-policy out ‘EGRESS_QOS’
I have been offline for a few days, but now I’m back in business
I have tried to understand the QOS documentation, but am struggling with the nomenclature
Lets say that I want to ratelimit a /25 on a subnet for the sake of the lab.
172.25.1.0/24 is the network
172.25.1.0/25 should be ratelimited to 5Mbit / ip number.
172.25.1.128/25 should user the default bandwith on the interface, in this lab 10Mbit
vyos@vyos# show interfaces
ethernet eth0 {
address dhcp
duplex auto
hw-id 52:54:00:ed:ee:f1
smp-affinity auto
speed auto
traffic-policy {
out EGRESS-LAB
}
}
ethernet eth1 {
address 172.25.1.1/24
duplex auto
hw-id 52:54:00:cc:06:f7
smp-affinity auto
speed auto
}
loopback lo {
}
vyos@vyos# show traffic-policy
shaper EGRESS-LAB {
bandwidth auto
class 10 {
bandwidth 5mbit
burst 15kb
ceiling 100%
match CL10 {
ip {
source {
address 172.25.1.0/25
}
}
}
queue-type fq-codel
}
default {
bandwidth 10mbit
burst 15kb
ceiling 100%
queue-type fq-codel
}
}
My assumption in this config above should be that:
172.25.1.10/32 should match CL10 and be shaped at 5Mbit
172.25.1.200/32 should use the default bandwith 10Mbit
If you find something confusing in the documentation, please let us know, we’ll try to fix it. Or you can also edit it yourself.
Your configuration is ok. But please note that by setting the policy’s bandwidth to auto, you have a lot of bandwidth available. When defining the bandwidth of the policy, you should define the speed of the slowest link your traffic might have to go through in its long way to its destination address.
Regarding class’ bandwidth command, in case the link gets really full, your class 10 traffic will always have its reservation of 5mbit, no matter how busy the link is. And the same goes for default: In case the link gets full, your default traffic will always have its reservation of 10mbit, no matter how busy the link is. That’s ok, that’s just what bandwidth for a class does.
You are also setting a ceiling of 100% for both class 10 and default, which means that, once the bandwidth limit for the class (or default) is reached, and there is still more traffic for that class, and the link is available, then the traffic for that class will be allowed to use up to 100% of the link.
If you find something confusing in the documentation, please let us know, we’ll try to fix it. Or you can also edit it yourself.
It’s not the dokumentation that is confusing I guess. It’s that I am used with another platform
Regarding class’ bandwidth command, in case the link gets really full, your class 10 traffic will always have its reservation of 5mbit, no matter how busy the link is. And the same goes for default : In case the link gets full, your default traffic will always have its reservation of 10mbit, no matter how busy the link is. That’s ok, that’s just what bandwidth for a class does.
Oh, I tried to shape the traffic down to 5mbit for class 10.
Here I guess that I am misunderstanding the documentation.
You are also setting a ceiling of 100% for both class 10 and default , which means that, once the bandwidth limit for the class (or default ) is reached, and there is still more traffic for that class, and the link is available, then the traffic for that class will be allowed to use up to 100% of the link.
So in this example I should lower the ceiling instead of the bandwidth to shape/limit the bandwidth?
It’s a strange use case perhaps, but I have a subnet should have “full bandwidth” and one that has only the shaped bandwidth per client.
vyos@vyos# show traffic-policy
shaper DOWNLOAD {
bandwidth 15mbit
class 12 {
bandwidth 8mbit
ceiling 8mbit
match LAN {
ip {
source {
address 192.168.1.0/24
}
}
}
}
default {
bandwidth 1kbit
ceiling 100%
}
}
This is my WAN interface config
vyos@vyos# show interfaces ethernet eth0
address dhcp
description WAN
firewall {
in {
name WAN_IN
}
local {
name WAN_LOCAL
}
}
hw-id 00:a0:c9:69:80:7b
traffic-policy {
out DOWNLOAD
}
No traffic shaping is done. My speedtest should give me 8mbit but it doesn’t work. I get full speed.
[Rephrase to make sense]
Our usecase is perhaps somewhat strange…
We have two subnets in the lab.
Subnet one should have access to full bandwidh
Subnet two should be shaped/limited to 5mbit / client even if the link isn’t congested.
[/Rephrase]
@fegauthier Maybe it’s just an easy confusion. You say you are showing your “download policy”, but I see you are applying an outbound policy to your WAN interface. So your outgoing traffic is the one that will be shaped, and normally that traffic is considered “Upload”, not “Download”. Maybe that is the reason?
set traffic-policy shaper UPLOAD bandwidth '10mbit'
set traffic-policy shaper UPLOAD class 12 bandwidth '5mbit'
set traffic-policy shaper UPLOAD class 12 ceiling '5mbit'
set traffic-policy shaper UPLOAD class 12 match LAN ip source address '192.168.1.0/24'
set traffic-policy shaper UPLOAD default bandwidth '1kbit'
set traffic-policy shaper UPLOAD default ceiling '100%'
A quick little map how the “lab” is set up. And the text over the clients is the goal, the red text are what is happening with the below config
I can get the “default policy” on OUTSIDE to get my upload to limit 100Mbit.
But I can’t get the CL10 to match the subnet…
interfaces {
ethernet eth0 {
address dhcp
description OUTSIDE
duplex auto
hw-id 52:54:00:ed:ee:f1
smp-affinity auto
speed auto
traffic-policy {
out EGRESS-LAB
}
}
ethernet eth1 {
address 172.25.1.1/24
description INSIDE
duplex auto
hw-id 52:54:00:cc:06:f7
smp-affinity auto
speed auto
}
loopback lo {
}
}
traffic-policy {
shaper EGRESS-LAB {
bandwidth 1gbit # Default bandwidth on the uplink
class 10 {
bandwidth 5mbit # A unique value to see of matched
burst 15kb
ceiling 2% # A unique value to see of matched
match CL10 {
ip {
source {
address 172.25.1.0/25 # Here I try to match the first subnet?
}
source {
}
}
}
queue-type fq-codel
}
default {
bandwidth 50mbit # A unique value just to see if I hit this default policy
burst 15kb
ceiling 10% # A unique value just to see if I hit this default policy
queue-type fq-codel
}
}
}
I know the bandwidth and ceiling values are wrong, but I used unique values just to see what I matched.
Yes, it seems you are not matching the criteria of the class and you are getting into default.
Why does your configuration show a second empty source for matching class 10?
I’m not sure if that has anything to do…
In the diagram, I also see the addresses of your two clients are in the same subnet. I guess that’s just in the diagram, but telling you just in case something is mixed in your tests too.