I tested the OUT policy with Crux 1.2.5 and I could see the policy was not being applied to eth2 vif 35 pppoe 0.
I tested it with Rolling (and its new PPPoE syntax) and it did apply:
vyos@vyos:~$ show config comma | match pppoe
set interfaces pppoe pppoe0 authentication password 'MYPASSWORD'
set interfaces pppoe pppoe0 authentication user 'MYUSER'
set interfaces pppoe pppoe0 default-route 'auto'
set interfaces pppoe pppoe0 mtu '1492'
set interfaces pppoe pppoe0 source-interface 'eth2.35'
set interfaces pppoe pppoe0 traffic-policy out 'OUT'
vyos@vyos:~$
vyos@vyos:~$ show queueing pppoe pppoe0
pppoe0 Queueing:
Class Policy Sent Dropped Overlimit Backlog
root shaper 0 0 0 0
10 fair-queue 0 0 0 0
11 fair-queue 0 0 0 0
default fair-queue 0 0 0 0
vyos@vyos:~$
vyos@vyos:~$ tc qdisc show dev pppoe0
qdisc htb 1: root refcnt 2 r2q 313 default c direct_packets_stat 0 direct_qlen 3
qdisc sfq 8005: parent 1:a limit 127p quantum 1518b depth 127 divisor 1024
qdisc sfq 8004: parent 1:c limit 127p quantum 1518b depth 127 divisor 1024
qdisc sfq 8006: parent 1:b limit 127p quantum 1518b depth 127 divisor 1024
vyos@vyos:~$
So, apparently, this is a bug in Crux.
@fegauthier If you would like this exact configuration to be working in Crux, would you please submit a Bug Report at phabricator.vyos.io describing what the problem is (and saying it only affects Crux) so that it could be considered by VyOS maintainers?
1 Like
I just update VyOS to the 1.3 version.
This is my shaping configuration :
set traffic-policy shaper IN bandwidth '500mbit'
set traffic-policy shaper IN class 10 bandwidth '25mbit'
set traffic-policy shaper IN class 10 match VLAN10 ip destination address '192.168.10.1/24'
set traffic-policy shaper IN class 11 bandwidth '25mbit'
set traffic-policy shaper IN class 11 match VLAN11 ip destination address '192.168.11.1/24'
set traffic-policy shaper IN default bandwidth '500mbit'
set traffic-policy shaper OUT bandwidth '500mbit'
set traffic-policy shaper OUT class 10 bandwidth '50mbit'
set traffic-policy shaper OUT class 10 match VLAN10 ip source address '192.168.10.1/24'
set traffic-policy shaper OUT class 11 bandwidth '50mbit'
set traffic-policy shaper OUT class 11 match VLAN11 ip source address '192.168.11.1/24'
set traffic-policy shaper OUT default bandwidth '500mbit'
set interfaces input ifb0 traffic-policy out 'IN'
set interfaces pppoe pppoe0 redirect 'ifb0'
set interfaces pppoe pppoe0 traffic-policy out 'OUT'
Still no shaping when I do a SpeedTest but queuing is showing some sent data
pppoe0 Queueing:
Class Policy Sent Dropped Overlimit Backlog
root shaper 297483269 0 103549 0
10 fair-queue 18960 0 0 0
11 fair-queue 17224 0 0 0
default fair-queue 297447085 0 0 0
You have allocated again the whole link bandwidth to the default class. That could be ok only if you were not allocating shares of the bandwidth to other classes too (remember that the resulting value of adding together every class bandwidth should not be higher than the bandwidth set for the whole link).
Anyway, that is a just a good recommendation for an accurate performance, but that will not stop shaping from taking place, so you must have another problem there.
In order to troubleshoot, let’s step back a bit and focus only on the OUT policy, we can forget the IN one for the time being.
I understand your PPPoE session is established and you can send data through your pppoe0 interface.
- Run the following configuration commands so that no traffic-policy can affect the interface now:
del interfaces pppoe pppoe0 traffic-policy
commit
-
Measure the real bandwidth for the outbound traffic of your pppoe0 interface.
-
Let us know the speed you get (value and units).
This is a screenshot of the Ookla SpeedTest CLI running directly from the VyOS terminal.
My internet plan is supposed to be 500Mbps for Download and 500 Mbps for Upload.
Ok. Let’s keep going step by step.
-
Set correctly the network address for VLAN10 and VLAN11 matching. I mean they should read 192.168.10.0/24 and 192.168.11.0/24 instead of 192.168.10.1/24 and 192.168.11.1/24.
-
Enable your OUT policy
set interfaces pppoe pppoe0 traffic-policy out 'OUT'
commit
-
Go to a host with an address within 192.168.10.0/24 or 192.168.11.0/24. That host is connected to your VyOS router and will use its PPPoE connection to reach the Internet.
-
Run the test from the host and share the results.
This is my OUT policy
set traffic-policy shaper OUT bandwidth '500mbit'
set traffic-policy shaper OUT class 10 bandwidth '50mbit'
set traffic-policy shaper OUT class 10 match VLAN10 ip source address '192.168.10.0/24'
set traffic-policy shaper OUT class 11 bandwidth '50mbit'
set traffic-policy shaper OUT class 11 match VLAN11 ip source address '192.168.11.0/24'
set traffic-policy shaper OUT default bandwidth '1kbit'
set traffic-policy shaper OUT default ceiling 100%
This is the command that I used to enable it on my pppoe connection
set interfaces pppoe pppoe0 traffic-policy out OUT
I used my cellphone to connect to the VLAN10 network. The IP address that the DHCP server assign me is 192.168.10.10.
This is the SpeedTest result from my cellphone
This is what show queueing pppoe pppoe0 show
pppoe0 Queueing:
Class Policy Sent Dropped Overlimit Backlog
root shaper 124279391 0 53296 0
10 fair-queue 16880 0 0 0
11 fair-queue 0 0 0 0
default fair-queue 124262511 0 0 0
Weird.
In my lab it works perfectly. I wonder if that phone goes through the VyOS pppoe0 interface in order to reach that “speedtest” server.
- Share the results of the following operational commands:
show interfaces
show ip route | grep pppoe0
tc class show dev pppoe0
- On your phone: traceroute to the speedtest server (or another Internet address) and share the results.
show interfaces returns
Codes: S - State, L - Link, u - Up, D - Down, A - Admin Down
Interface IP Address S/L Description
--------- ---------- --- -----------
eth0 - A/D
eth1 - A/D
eth2 - u/u BELL_FIBER
eth2.35 - u/u BELL_VLAN
eth3 172.16.10.1/24 u/u LAN
eth4 172.16.11.1/24 u/u WLAN
eth4.10 192.168.10.1/24 u/u VLAN10
eth4.11 192.168.11.1/24 u/u VLAN11
eth5 172.16.12.1/24 u/u SERVER
eth6 - A/D
lo 127.0.0.1/8 u/u
::1/128
pppoe0 174.89.118.143/32 u/u
show ip route | grep pppoe0 returns
S>* 0.0.0.0/0 [1/0] is directly connected, pppoe0, 03:33:42
C>* 10.11.20.169/32 is directly connected, pppoe0, 03:33:42
tc class show dev pppoe0 returns
class htb 1:1 root rate 500Mbit ceil 500Mbit burst 1500b cburst 1500b
class htb 1:a parent 1:1 leaf 8041: prio 0 rate 50Mbit ceil 50Mbit burst 15Kb cburst 1600b
class htb 1:b parent 1:1 leaf 8042: prio 0 rate 50Mbit ceil 50Mbit burst 15Kb cburst 1600b
class htb 1:c parent 1:1 leaf 8040: prio 0 rate 1Kbit ceil 500Mbit burst 15Kb cburst 1500b
This is a screenshot of the traceroute from my cellphone
Even more weird.
Your policy looks like being applied now but not working. We must be missing some little detail there. It works perfectly in my lab.
Let’s change some values to see if shaping is somehow visible on Upload results.
-
Preserve last configuration.
-
Check the client keeps being 192.168.10.10.
-
Enter the following configuration commands.
set traffic-policy shaper OUT class 10 bandwidth 1mbit
commit
-
Test the client speed and share the results.
-
Enter the following configuration commands.
set traffic-policy shaper OUT class 10 bandwidth 100mbit
commit
- Test the client speed and share the results.
Still nothing…
set traffic-policy shaper OUT class 10 bandwidth 1mbit
set traffic-policy shaper OUT class 10 bandwidth 100mbit
Do I need to reboot the computer to see if the shaper policy will apply?
Reboot is not needed. Committing changes is enough.
…but with such a weird scenario, I definitely would give it a go.
If the reboot does not help, could you show me the exact version? I think you were using version 1.3 now.
show version
And also send again the whole configuration you are using now?
In the meantime, maybe you could test a new basic configuration (only for Shape) starting from scratch and also using a different client? That might help us to isolate issues.
Even with reboot, the issue still persist.
show version returns
Version: VyOS 1.3-rolling-202007070117
Release Train: equuleus
Built by: autobuild@vyos.net
Built on: Tue 07 Jul 2020 01:17 UTC
Build UUID: 5aa1bd9e-1016-4db3-8b11-6254cd85a94d
Build Commit ID: c7b0a8897cfa85
Architecture: x86_64
Boot via: installed image
System type: bare metal
Hardware vendor: Gigabyte Technology Co., Ltd.
Hardware model: B365M DS3H
Hardware S/N: Unknown
Hardware UUID: Unknown
Copyright: VyOS maintainers and contributors
This is my whole configuration commands
set firewall all-ping 'enable'
set firewall broadcast-ping 'enable'
set firewall config-trap 'disable'
set firewall ipv6-receive-redirects 'disable'
set firewall ipv6-src-route 'disable'
set firewall ip-src-route 'disable'
set firewall log-martians 'enable'
set firewall name LAN_IN default-action 'drop'
set firewall name LAN_IN rule 10 action 'accept'
set firewall name LAN_IN rule 10 state established 'enable'
set firewall name LAN_IN rule 10 state related 'enable'
set firewall name WAN_IN default-action 'drop'
set firewall name WAN_IN rule 10 action 'accept'
set firewall name WAN_IN rule 10 state established 'enable'
set firewall name WAN_IN rule 10 state related 'enable'
set firewall name WAN_IN rule 11 action 'accept'
set firewall name WAN_IN rule 11 description 'Allow HTTPS'
set firewall name WAN_IN rule 11 destination address '172.16.12.5'
set firewall name WAN_IN rule 11 destination port '443'
set firewall name WAN_IN rule 11 log 'disable'
set firewall name WAN_IN rule 11 protocol 'tcp'
set firewall name WAN_IN rule 11 state new 'enable'
set firewall name WAN_LOCAL default-action 'drop'
set firewall name WAN_LOCAL rule 10 action 'accept'
set firewall name WAN_LOCAL rule 10 state established 'enable'
set firewall name WAN_LOCAL rule 10 state related 'enable'
set firewall name WAN_LOCAL rule 20 action 'accept'
set firewall name WAN_LOCAL rule 20 icmp type-name 'echo-request'
set firewall name WAN_LOCAL rule 20 protocol 'icmp'
set firewall name WAN_LOCAL rule 20 state new 'enable'
set firewall name WAN_LOCAL rule 30 action 'drop'
set firewall name WAN_LOCAL rule 30 destination port '22'
set firewall name WAN_LOCAL rule 30 protocol 'tcp'
set firewall name WAN_LOCAL rule 30 recent count '4'
set firewall name WAN_LOCAL rule 30 recent time '60'
set firewall name WAN_LOCAL rule 30 state new 'enable'
set firewall name WAN_LOCAL rule 31 action 'accept'
set firewall name WAN_LOCAL rule 31 destination port '22'
set firewall name WAN_LOCAL rule 31 protocol 'tcp'
set firewall name WAN_LOCAL rule 31 state new 'enable'
set firewall name WAN_LOCAL rule 32 action 'accept'
set firewall name WAN_LOCAL rule 32 destination port '443'
set firewall name WAN_LOCAL rule 32 protocol 'tcp'
set firewall name WAN_LOCAL rule 32 state new 'enable'
set firewall receive-redirects 'disable'
set firewall send-redirects 'enable'
set firewall source-validation 'disable'
set firewall syn-cookies 'enable'
set firewall twa-hazards-protection 'disable'
set interfaces ethernet eth0 duplex 'auto'
set interfaces ethernet eth0 hw-id 'f4:e9:d4:84:52:50'
set interfaces ethernet eth0 smp-affinity 'auto'
set interfaces ethernet eth0 speed 'auto'
set interfaces ethernet eth1 duplex 'auto'
set interfaces ethernet eth1 hw-id 'f4:e9:d4:84:52:52'
set interfaces ethernet eth1 smp-affinity 'auto'
set interfaces ethernet eth1 speed 'auto'
set interfaces ethernet eth2 description 'BELL_FIBER'
set interfaces ethernet eth2 duplex 'auto'
set interfaces ethernet eth2 hw-id 'b4:2e:99:84:b6:21'
set interfaces ethernet eth2 mtu '1508'
set interfaces ethernet eth2 smp-affinity 'auto'
set interfaces ethernet eth2 speed 'auto'
set interfaces ethernet eth2 vif 35 description 'BELL_VLAN'
set interfaces ethernet eth2 vif 35 mtu '1508'
set interfaces ethernet eth3 address '172.16.10.1/24'
set interfaces ethernet eth3 description 'LAN'
set interfaces ethernet eth3 duplex 'auto'
set interfaces ethernet eth3 firewall in
set interfaces ethernet eth3 hw-id '68:1c:a2:13:48:c5'
set interfaces ethernet eth3 smp-affinity 'auto'
set interfaces ethernet eth3 speed 'auto'
set interfaces ethernet eth4 address '172.16.11.1/24'
set interfaces ethernet eth4 description 'WLAN'
set interfaces ethernet eth4 duplex 'auto'
set interfaces ethernet eth4 firewall in
set interfaces ethernet eth4 hw-id '68:1c:a2:13:48:c6'
set interfaces ethernet eth4 smp-affinity 'auto'
set interfaces ethernet eth4 speed 'auto'
set interfaces ethernet eth4 vif 10 address '192.168.10.1/24'
set interfaces ethernet eth4 vif 10 description 'VLAN10'
set interfaces ethernet eth4 vif 11 address '192.168.11.1/24'
set interfaces ethernet eth4 vif 11 description 'VLAN11'
set interfaces ethernet eth5 address '172.16.12.1/24'
set interfaces ethernet eth5 description 'SERVER'
set interfaces ethernet eth5 duplex 'auto'
set interfaces ethernet eth5 firewall in
set interfaces ethernet eth5 hw-id '68:1c:a2:13:48:c7'
set interfaces ethernet eth5 smp-affinity 'auto'
set interfaces ethernet eth5 speed 'auto'
set interfaces ethernet eth6 duplex 'auto'
set interfaces ethernet eth6 hw-id '68:1c:a2:13:48:c8'
set interfaces ethernet eth6 smp-affinity 'auto'
set interfaces ethernet eth6 speed 'auto'
set interfaces loopback lo
set interfaces pppoe pppoe0 authentication password 'PASSWORD'
set interfaces pppoe pppoe0 authentication user 'USERNAME'
set interfaces pppoe pppoe0 default-route 'force'
set interfaces pppoe pppoe0 firewall in name 'WAN_IN'
set interfaces pppoe pppoe0 firewall local name 'WAN_LOCAL'
set interfaces pppoe pppoe0 mtu '1500'
set interfaces pppoe pppoe0 source-interface 'eth2.35'
set interfaces pppoe pppoe0 traffic-policy out 'OUT'
set nat destination rule 10 description 'Port Forward HTTPS'
set nat destination rule 10 destination port '443'
set nat destination rule 10 inbound-interface 'pppoe0'
set nat destination rule 10 protocol 'tcp'
set nat destination rule 10 translation address '172.16.12.5'
set nat source rule 100 outbound-interface 'pppoe0'
set nat source rule 100 translation address 'masquerade'
set service dhcp-server shared-network-name LAN subnet 172.16.10.0/24 default-router '172.16.10.1'
set service dhcp-server shared-network-name LAN subnet 172.16.10.0/24 dns-server '1.1.1.1'
set service dhcp-server shared-network-name LAN subnet 172.16.10.0/24 dns-server '8.8.8.8'
set service dhcp-server shared-network-name LAN subnet 172.16.10.0/24 lease '86400'
set service dhcp-server shared-network-name LAN subnet 172.16.10.0/24 range 0 start '172.16.10.10'
set service dhcp-server shared-network-name LAN subnet 172.16.10.0/24 range 0 stop '172.16.10.254'
set service dhcp-server shared-network-name SERVER subnet 172.16.12.0/24 default-router '172.16.12.1'
set service dhcp-server shared-network-name SERVER subnet 172.16.12.0/24 dns-server '1.1.1.1'
set service dhcp-server shared-network-name SERVER subnet 172.16.12.0/24 dns-server '8.8.8.8'
set service dhcp-server shared-network-name SERVER subnet 172.16.12.0/24 lease '86400'
set service dhcp-server shared-network-name SERVER subnet 172.16.12.0/24 range 0 start '172.16.12.10'
set service dhcp-server shared-network-name SERVER subnet 172.16.12.0/24 range 0 stop '172.16.12.254'
set service dhcp-server shared-network-name SERVER subnet 172.16.12.0/24 static-mapping GloboMine ip-address '172.16.12.4'
set service dhcp-server shared-network-name SERVER subnet 172.16.12.0/24 static-mapping GloboMine mac-address '32:08:c6:1b:fe:4e'
set service dhcp-server shared-network-name SERVER subnet 172.16.12.0/24 static-mapping LaPetiteReplique ip-address '172.16.12.3'
set service dhcp-server shared-network-name SERVER subnet 172.16.12.0/24 static-mapping LaPetiteReplique mac-address '36:38:9e:c2:6c:34'
set service dhcp-server shared-network-name SERVER subnet 172.16.12.0/24 static-mapping Proxmox ip-address '172.16.12.10'
set service dhcp-server shared-network-name SERVER subnet 172.16.12.0/24 static-mapping Proxmox mac-address 'e2:f7:fa:62:2c:6c'
set service dhcp-server shared-network-name SERVER subnet 172.16.12.0/24 static-mapping ReverseProxy ip-address '172.16.12.5'
set service dhcp-server shared-network-name SERVER subnet 172.16.12.0/24 static-mapping ReverseProxy mac-address '66:16:fc:66:06:c7'
set service dhcp-server shared-network-name VLAN10 subnet 192.168.10.0/24 default-router '192.168.10.1'
set service dhcp-server shared-network-name VLAN10 subnet 192.168.10.0/24 dns-server '1.1.1.1'
set service dhcp-server shared-network-name VLAN10 subnet 192.168.10.0/24 dns-server '8.8.8.8'
set service dhcp-server shared-network-name VLAN10 subnet 192.168.10.0/24 lease '86400'
set service dhcp-server shared-network-name VLAN10 subnet 192.168.10.0/24 range 0 start '192.168.10.10'
set service dhcp-server shared-network-name VLAN10 subnet 192.168.10.0/24 range 0 stop '192.168.10.254'
set service dhcp-server shared-network-name VLAN11 subnet 192.168.11.0/24 default-router '192.168.11.1'
set service dhcp-server shared-network-name VLAN11 subnet 192.168.11.0/24 dns-server '1.1.1.1'
set service dhcp-server shared-network-name VLAN11 subnet 192.168.11.0/24 dns-server '8.8.8.8'
set service dhcp-server shared-network-name VLAN11 subnet 192.168.11.0/24 lease '86400'
set service dhcp-server shared-network-name VLAN11 subnet 192.168.11.0/24 range 0 start '192.168.11.10'
set service dhcp-server shared-network-name VLAN11 subnet 192.168.11.0/24 range 0 stop '192.168.11.254'
set service dhcp-server shared-network-name WLAN subnet 172.16.11.0/24 default-router '172.16.11.1'
set service dhcp-server shared-network-name WLAN subnet 172.16.11.0/24 dns-server '1.1.1.1'
set service dhcp-server shared-network-name WLAN subnet 172.16.11.0/24 dns-server '8.8.8.8'
set service dhcp-server shared-network-name WLAN subnet 172.16.11.0/24 lease '86400'
set service dhcp-server shared-network-name WLAN subnet 172.16.11.0/24 range 0 start '172.16.11.10'
set service dhcp-server shared-network-name WLAN subnet 172.16.11.0/24 range 0 stop '172.16.11.254'
set service dns dynamic interface pppoe0 service cloudflare host-name 'HOSTNAME'
set service dns dynamic interface pppoe0 service cloudflare login 'EMAIL'
set service dns dynamic interface pppoe0 service cloudflare password 'PASSWORD'
set service dns dynamic interface pppoe0 service cloudflare protocol 'cloudflare'
set service dns dynamic interface pppoe0 service cloudflare zone 'globomine.ca'
set service dns dynamic interface pppoe0 use-web skip 'Current IP Address: '
set service dns dynamic interface pppoe0 use-web url 'http://checkip.dyndns.com/'
set service ssh port '22'
set system config-management commit-revisions '100'
set system console device ttyS0 speed '9600'
set system host-name 'vyos'
set system login user vyos authentication encrypted-password 'PASSWORD'
set system login user vyos authentication plaintext-password ''
set system ntp server 0.pool.ntp.org
set system ntp server 1.pool.ntp.org
set system ntp server 2.pool.ntp.org
set system syslog global facility all level 'info'
set system syslog global facility protocols level 'debug'
set system task-scheduler
set system time-zone 'UTC'
set traffic-policy shaper OUT bandwidth '500mbit'
set traffic-policy shaper OUT class 10 bandwidth '50mbit'
set traffic-policy shaper OUT class 10 burst '15k'
set traffic-policy shaper OUT class 10 match VLAN10 ip source address '192.168.10.0/24'
set traffic-policy shaper OUT class 10 queue-type 'fair-queue'
set traffic-policy shaper OUT class 11 bandwidth '50mbit'
set traffic-policy shaper OUT class 11 burst '15k'
set traffic-policy shaper OUT class 11 match VLAN11 ip source address '192.168.11.0/24'
set traffic-policy shaper OUT class 11 queue-type 'fair-queue'
set traffic-policy shaper OUT default bandwidth '1kbit'
set traffic-policy shaper OUT default burst '15k'
set traffic-policy shaper OUT default ceiling '100%'
set traffic-policy shaper OUT default queue-type 'fair-queue'
I will try with a different client
Regarding this problem, it is already reported, you can follow it up here.
I tried with a Fresh Install and the problem is still the same. I applied the traffic-policy on my LAN. My computer is connected to the LAN network. When I do a speedtest, No shaping is done at all…
Shaper config
set traffic-policy shaper OUT bandwidth '500mbit'
set traffic-policy shaper OUT class 10 bandwidth '50mbit'
set traffic-policy shaper OUT class 10 match VLAN10 ip source address '192.168.10.0/24'
set traffic-policy shaper OUT class 11 bandwidth '50mbit'
set traffic-policy shaper OUT class 11 match VLAN11 ip source address '192.168.11.0/24'
set traffic-policy shaper OUT class 12 bandwidth '50mbit'
set traffic-policy shaper OUT class 12 match LAN ip source address '172.16.10.0/24'
set traffic-policy shaper OUT default bandwidth '1kbit'
set traffic-policy shaper OUT default ceiling '100%'
My speedtest result
It’s very weird… No shaping at all…
All traffic goes to the default queue when I do the speedtest from my computer… Nothing on the queue 12
Class Policy Sent Dropped Overlimit Backlog
root shaper 1054123936 768 1323636 0
10 fair-queue 18852 0 0 0
11 fair-queue 0 0 0 0
12 fair-queue 0 0 0 0
default fair-queue 1054105084 768 0 0
Maybe a problem with the PPPoE? Because when I did traffic shaping with ethernet interface, everything was fine.
Yes, there seems to be a problem with PPPoE, but I have only seen it when redirecting its traffic to an IFB interface (report submitted). I have seen everything else working ok.
I would like to clone exactly your setup.
Can you create the simplest configuration where Shaper does not work for you (getting rid of Firewall, NAT, DHCP, etc. if possible)? Then share the complete configuration along with a connectivity diagram so that I can replicate it here. Please confirm you are using VyOS 1.3-rolling-202007070117 or what the version you are using now is.
Yesterday, I tried with the latest 1.3 version available. I build VyOS on my own. The linux kernel version is 4.19.131.
This is my configuration without traffic shaping
set interfaces ethernet eth0 hw-id 'f4:e9:d4:84:52:50'
set interfaces ethernet eth1 description 'FIBER'
set interfaces ethernet eth1 hw-id 'f4:e9:d4:84:52:52'
set interfaces ethernet eth1 mtu '1508'
set interfaces ethernet eth1 vif 35 description 'BELL_INTERNET_VLAN'
set interfaces ethernet eth1 vif 35 mtu '1508'
set interfaces ethernet eth2 address '172.16.10.1/24'
set interfaces ethernet eth2 description 'LAN'
set interfaces ethernet eth2 hw-id 'b4:2e:99:84:b6:21'
set interfaces ethernet eth3 hw-id '68:1c:a2:13:48:c5'
set interfaces ethernet eth4 address '172.16.11.1/24'
set interfaces ethernet eth4 description 'WLAN'
set interfaces ethernet eth4 hw-id '68:1c:a2:13:48:c6'
set interfaces ethernet eth4 vif 10 address '192.168.10.1/24'
set interfaces ethernet eth4 vif 10 description 'VLAN10'
set interfaces ethernet eth4 vif 11 address '192.168.11.1/24'
set interfaces ethernet eth4 vif 11 description 'VLAN11'
set interfaces ethernet eth5 address '172.16.12.1/24'
set interfaces ethernet eth5 description 'SERVER'
set interfaces ethernet eth5 hw-id '68:1c:a2:13:48:c7'
set interfaces ethernet eth6 hw-id '68:1c:a2:13:48:c8'
set interfaces loopback lo
set interfaces pppoe pppoe0 authentication password 'PASSWORD'
set interfaces pppoe pppoe0 authentication user 'USERNAME'
set interfaces pppoe pppoe0 default-route 'force'
set interfaces pppoe pppoe0 mtu '1500'
set interfaces pppoe pppoe0 source-interface 'eth1.35'
set nat source rule 100 outbound-interface 'pppoe0'
set nat source rule 100 translation address 'masquerade'
set service dhcp-server shared-network-name LAN subnet 172.16.10.0/24 default-router '172.16.10.1'
set service dhcp-server shared-network-name LAN subnet 172.16.10.0/24 dns-server '1.1.1.1'
set service dhcp-server shared-network-name LAN subnet 172.16.10.0/24 dns-server '8.8.8.8'
set service dhcp-server shared-network-name LAN subnet 172.16.10.0/24 lease '86400'
set service dhcp-server shared-network-name LAN subnet 172.16.10.0/24 range 0 start '172.16.10.10'
set service dhcp-server shared-network-name LAN subnet 172.16.10.0/24 range 0 stop '172.16.10.254'
set service dhcp-server shared-network-name SERVER subnet 172.16.12.0/24 default-router '172.16.12.1'
set service dhcp-server shared-network-name SERVER subnet 172.16.12.0/24 dns-server '1.1.1.1'
set service dhcp-server shared-network-name SERVER subnet 172.16.12.0/24 dns-server '8.8.8.8'
set service dhcp-server shared-network-name SERVER subnet 172.16.12.0/24 lease '86400'
set service dhcp-server shared-network-name SERVER subnet 172.16.12.0/24 range 0 start '172.16.12.10'
set service dhcp-server shared-network-name SERVER subnet 172.16.12.0/24 range 0 stop '172.16.12.254'
set service dhcp-server shared-network-name SERVER subnet 172.16.12.0/24 static-mapping GloboMine ip-address '172.16.12.4'
set service dhcp-server shared-network-name SERVER subnet 172.16.12.0/24 static-mapping GloboMine mac-address '32:08:c6:1b:fe:4e'
set service dhcp-server shared-network-name SERVER subnet 172.16.12.0/24 static-mapping LaPetiteReplique ip-address '172.16.12.3'
set service dhcp-server shared-network-name SERVER subnet 172.16.12.0/24 static-mapping LaPetiteReplique mac-address '36:38:9e:c2:6c:34'
set service dhcp-server shared-network-name SERVER subnet 172.16.12.0/24 static-mapping Proxmox ip-address '172.16.12.10'
set service dhcp-server shared-network-name SERVER subnet 172.16.12.0/24 static-mapping Proxmox mac-address 'e2:f7:fa:62:2c:6c'
set service dhcp-server shared-network-name SERVER subnet 172.16.12.0/24 static-mapping ReverseProxy ip-address '172.16.12.5'
set service dhcp-server shared-network-name SERVER subnet 172.16.12.0/24 static-mapping ReverseProxy mac-address '66:16:fc:66:06:c7'
set service dhcp-server shared-network-name VLAN10 subnet 192.168.10.0/24 default-router '192.168.10.1'
set service dhcp-server shared-network-name VLAN10 subnet 192.168.10.0/24 dns-server '1.1.1.1'
set service dhcp-server shared-network-name VLAN10 subnet 192.168.10.0/24 dns-server '8.8.8.8'
set service dhcp-server shared-network-name VLAN10 subnet 192.168.10.0/24 lease '86400'
set service dhcp-server shared-network-name VLAN10 subnet 192.168.10.0/24 range 0 start '192.168.10.10'
set service dhcp-server shared-network-name VLAN10 subnet 192.168.10.0/24 range 0 stop '192.168.10.254'
set service dhcp-server shared-network-name VLAN11 subnet 192.168.11.0/24 default-router '192.168.11.1'
set service dhcp-server shared-network-name VLAN11 subnet 192.168.11.0/24 dns-server '1.1.1.1'
set service dhcp-server shared-network-name VLAN11 subnet 192.168.11.0/24 dns-server '8.8.8.8'
set service dhcp-server shared-network-name VLAN11 subnet 192.168.11.0/24 lease '86400'
set service dhcp-server shared-network-name VLAN11 subnet 192.168.11.0/24 range 0 start '192.168.11.10'
set service dhcp-server shared-network-name VLAN11 subnet 192.168.11.0/24 range 0 stop '192.168.11.254'
set service dhcp-server shared-network-name WLAN subnet 172.16.11.0/24 default-router '172.16.11.1'
set service dhcp-server shared-network-name WLAN subnet 172.16.11.0/24 dns-server '1.1.1.1'
set service dhcp-server shared-network-name WLAN subnet 172.16.11.0/24 dns-server '8.8.8.8'
set service dhcp-server shared-network-name WLAN subnet 172.16.11.0/24 lease '86400'
set service dhcp-server shared-network-name WLAN subnet 172.16.11.0/24 range 0 start '172.16.11.10'
set service dhcp-server shared-network-name WLAN subnet 172.16.11.0/24 range 0 stop '172.16.11.254'
set service ssh port '22'
set system config-management commit-revisions '100'
set system console device ttyS0 speed '115200'
set system host-name 'vyos'
set system login user vyos authentication encrypted-password 'PASSWORD'
set system login user vyos authentication plaintext-password ''
set system ntp server 0.pool.ntp.org
set system ntp server 1.pool.ntp.org
set system ntp server 2.pool.ntp.org
set system syslog global facility all level 'info'
set system syslog global facility protocols level 'debug'
I added your traffic shaping command above.
Ok, so I will try that exact configuration with yesterday’s Rolling image.
Could you please send me something similar to a basic connectivity diagram?
It does not need to look nice, I just want to make sure we are in the same page when I test it.
I don’t have any diagram software so I will explain you.
WAN is plugged directly into the eth1. For now it’s a Broadcom SFP+ Card. So for now the WAN is a SFP+ GPON that is connected into the second port of the dual SFP+ NIC. The PPPoE is connected via the VLAN 35 of the eth1. It’s a specification of my ISP.
The eth2 is plugged into a TP-LINK 24x port unmanageable switch. eth2 = LAN. Only devices that are wired is connected to LAN directly.
The eth4 is plugged into a TP LINK unmanageable 5x port PoE. eth4 = WLAN. Two Ubiquiti AP are connected to the switch.
eth5 is plugged into my computer that act as a server.
