QoS - destination IP pools

WAN - eth0
LAN -eth1 > PPPoE0 > User > rate-limit 2048/1024

Now, I want all PPPoE users bypass rate-limit for selected destination IP Pools by using bandwidth of 10mbit per user.

Below is the configuration set: (Which is not working for selected destination IP Pools)

firewall {
group {
network-group PEERING-LIST {
network 173.194.0.0/16
network 74.125.0.0/16
network 202.177.244.0/24
network 124.155.0.0/16

policy {
route PEERING-LIST {
rule 100 {
destination {
group {
network-group PEERING-LIST
}
}
set {
mark 200

traffic-policy {
shaper PEERING {
bandwidth 10mbit
class 14 {
match PEERING-LIST {
mark 200
}
}
default {
bandwidth 10mbit
queue-type fair-queue

interfaces {
ethernet eth1 {
duplex auto
hw-id 00:25:90:37:41:1d
policy {
}
pppoe 0 {
default-route auto
mtu 1492
name-server auto
traffic-policy {
out PEERING

Hello @mahendra

Can you please share the configurations of both PPPoE client and server?

Please use

show configuration commands

Cheers

Hi,

Below is the configuration:

| Welcome to VyOS
Linux SLBB-NAS-TEST 4.19.89-amd64-vyos #1 SMP Fri Dec 20 15:24:48 UTC 2019 x86_64

The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Last login: Tue Jan 14 18:29:49 2020 from

???@SLBB-NAS-TEST:~$ show configuration

firewall {
all-ping enable
broadcast-ping disable
config-trap disable
group {
network-group PEERING-LIST {
network 173.194.0.0/16
network 74.125.0.0/16
network 216.58.0.0/16
}
}
ipv6-receive-redirects disable
ipv6-src-route disable
ip-src-route disable
log-martians enable
receive-redirects disable
send-redirects enable
source-validation disable
syn-cookies enable
twa-hazards-protection disable
}
interfaces {
ethernet eth0 {
address ??.??.??.??/30
duplex auto
hw-id 00:25:90:37:41:1c
smp-affinity auto
speed auto
}
ethernet eth1 {
duplex auto
hw-id 00:25:90:37:41:1d
pppoe 0 {
default-route auto
mtu 1492
name-server auto
traffic-policy {
out PEERING
}

    }
    smp-affinity auto
    speed auto
}
loopback lo {
}

}
nat {
source {
rule 300 {
outbound-interface eth0
source {
address 10.99.99.0/24
}
translation {
address masquerade
}
}
}
}
policy {
route PEERING-LIST {
rule 100 {
destination {
group {
network-group PEERING-LIST
}
}
set {
mark 200
}
}
}
}
protocols {
static {
route 0.0.0.0/0 {
next-hop ??.??.??.?? {
}
}
}
}
service {

https {
    api {
        keys {
            id 1 {
            }
        }
        port 7000
    }
}
pppoe-server {
    access-concentrator SLBB
    authentication {
        mode radius
        radius-server ??.??.??.?? {
            secret localkey
        }
        radius-settings {
            acct-timeout 0
            nas-identifier VYOS_SLBB_NAS
            nas-ip-address ??.??.??.??
            rate-limit {
                enable
            }
        }
    }
    client-ip-pool {
        start 10.99.99.2
        stop 10.99.99.250
    }
    dns-servers {
        server-1 8.8.8.8
    }
    interface eth1 {
    }
    local-ip ??.??.??.??
    service-name smartlink123
}
ssh {
}

}
system {
config-management {
commit-revisions 100

}
console {
    device ttyS0 {
        speed 9600
    }
}
host-name SLBB-NAS-TEST
login {
    user ??? {
        authentication {
            encrypted-password ****************
            plaintext-password ****************
        }
        level admin
    }
    user ???? {
        authentication {
            encrypted-password ****************
            plaintext-password ****************
        }
        level admin
    }
}
name-server 8.8.8.8
ntp {
    server 0.pool.ntp.org {
    }
    server 1.pool.ntp.org {
    }
    server 2.pool.ntp.org {
    }
}
syslog {
    global {
        facility all {
            level info
        }
        facility protocols {
            level debug
        }
    }
}
time-zone Asia/Kolkata

}
traffic-policy {
shaper PEERING {
bandwidth auto
class 14 {
bandwidth 10240kibps
burst 15k
match TESTING {
mark 200
}
queue-type fair-queue
}
default {
bandwidth 20480kibps
burst 15k
queue-type fair-queue
}
}
}

Hi @mahendra,

Can you please do

show configuration commands

for both the PPPoE Server and the PPPoE client?

That way I can check your configurations in my lab more easily.

Thank you

Hi Lorente,

Find below:

noc@SLBB-NAS-TEST:~$ show configuration commands
set firewall all-ping ‘enable’
set firewall broadcast-ping ‘disable’
set firewall config-trap ‘disable’
set firewall group network-group PEERING-LIST network ‘173.194.0.0/16’
set firewall group network-group PEERING-LIST network ‘74.125.0.0/16’
set firewall group network-group PEERING-LIST network ‘202.177.244.0/24’
set firewall group network-group PEERING-LIST network ‘124.155.0.0/16’
set firewall group network-group PEERING-LIST network ‘216.58.0.0/16’
set firewall ipv6-receive-redirects ‘disable’
set firewall ipv6-src-route ‘disable’
set firewall ip-src-route ‘disable’
set firewall log-martians ‘enable’
set firewall receive-redirects ‘disable’
set firewall send-redirects ‘enable’
set firewall source-validation ‘disable’
set firewall syn-cookies ‘enable’
set firewall twa-hazards-protection ‘disable’
set interfaces ethernet eth0 address ‘49.143.252.11/27’
set interfaces ethernet eth0 duplex ‘auto’
set interfaces ethernet eth0 hw-id ‘00:25:90:37:41:1c’
set interfaces ethernet eth0 smp-affinity ‘auto’
set interfaces ethernet eth0 speed ‘auto’
set interfaces ethernet eth1 duplex ‘auto’
set interfaces ethernet eth1 hw-id ‘00:25:90:37:41:1d’
set interfaces ethernet eth1 pppoe 0 default-route ‘auto’
set interfaces ethernet eth1 pppoe 0 mtu ‘1492’
set interfaces ethernet eth1 pppoe 0 name-server ‘auto’
set interfaces ethernet eth1 pppoe 0 traffic-policy out ‘PEERING’
set interfaces ethernet eth1 smp-affinity ‘auto’
set interfaces ethernet eth1 speed ‘auto’
set interfaces loopback lo
set nat source rule 300 outbound-interface ‘eth0’
set nat source rule 300 source address ‘10.99.99.0/24’
set nat source rule 300 translation address ‘masquerade’
set policy route PEERING-LIST rule 100 destination group network-group ‘PEERING-LIST’
set policy route PEERING-LIST rule 100 set mark ‘200’
set protocols static route 0.0.0.0/0 next-hop 49.143.252.1
set service https api keys id 1
set service https api port ‘7000’
set service pppoe-server access-concentrator ‘SLBB’
set service pppoe-server authentication mode ‘radius’
set service pppoe-server authentication radius-server 122.170.105.97 secret ‘localkey’
set service pppoe-server authentication radius-settings acct-timeout ‘0’
set service pppoe-server authentication radius-settings nas-identifier ‘VYOS_SLBB_NAS’
set service pppoe-server authentication radius-settings nas-ip-address ‘49.143.252.11’
set service pppoe-server authentication radius-settings rate-limit enable
set service pppoe-server client-ip-pool start ‘10.99.99.2’
set service pppoe-server client-ip-pool stop ‘10.99.99.250’
set service pppoe-server dns-servers server-1 ‘8.8.8.8’
set service pppoe-server interface eth1
set service pppoe-server local-ip ‘49.143.252.11’
set service pppoe-server service-name ‘smartlink123’
set service ssh
set system config-management commit-revisions ‘100’
set system console device ttyS0 speed ‘9600’
set system host-name ‘SLBB-NAS-TEST’
set system login user noc authentication encrypted-password ‘$6$wPdPXUEcZ$Q.aksYzaevq5676xF5n0bJRp8pcnvGIFRidSlXdFbuDrKEAy2YvGANw0sQikecpM5QzLHohjbLvBaAauFJdu50’
set system login user noc authentication plaintext-password ‘’
set system login user noc level ‘admin’
set system login user vyos authentication encrypted-password ‘$6$Du9fx1DRTx$RT.ekLj8O/RTgrnrLrEpRaSqWyBUa/dI7g/YRVLNU7O.oySOKw0CA6NNy0zbXD0lW.eKK6RXeCT65kIzyvYLt1’
set system login user vyos authentication plaintext-password ‘’
set system login user vyos level ‘admin’
set system name-server ‘8.8.8.8’
set system ntp server 0.pool.ntp.org
set system ntp server 1.pool.ntp.org
set system ntp server 2.pool.ntp.org
set system syslog global facility all level ‘info’
set system syslog global facility protocols level ‘debug’
set system time-zone ‘Asia/Kolkata’
set traffic-policy shaper PEERING bandwidth ‘auto’
set traffic-policy shaper PEERING class 14 bandwidth ‘10240kibps’
set traffic-policy shaper PEERING class 14 burst ‘15k’
set traffic-policy shaper PEERING class 14 match TESTING mark ‘200’
set traffic-policy shaper PEERING class 14 queue-type ‘fair-queue’
set traffic-policy shaper PEERING default bandwidth ‘20480kibps’
set traffic-policy shaper PEERING default burst ‘15k’
set traffic-policy shaper PEERING default queue-type ‘fair-queue’
noc@SLBB-NAS-TEST:~$

Hi @mahendra,

@Dmitry found what the problem is and created a task at Phabricator, so that feature will be added to VyOS.

So, in the meantime, if you want to bypass PPPoE rate limitation, it will require some manual configuration at the PPPoE server.

Besides marking packets as 222 through the CLI, you will need to edit /etc/accel-ppp/pppoe/pppoe.config file to add

[shaper]
fwmark=222
down-limiter=htb

That way you will bypass PPPoE rate limitation.

https://phabricator.vyos.net/T1993

Hi,

I made changes as required, but still same result. PPPoE user not bypassing destination IP pools rate-limit.

find below the configuration:

noc@SLBB-NAS-TEST:~$ show configuration commands
set firewall all-ping ‘enable’
set firewall broadcast-ping ‘disable’
set firewall config-trap ‘disable’
set firewall group network-group PeeringList network ‘173.194.0.0/16’
set firewall group network-group PeeringList network ‘216.58.0.0/16’
set firewall group network-group PeeringList network ‘103.5.187.0/24’
set firewall ipv6-receive-redirects ‘disable’
set firewall ipv6-src-route ‘disable’
set firewall ip-src-route ‘disable’
set firewall log-martians ‘enable’
set firewall receive-redirects ‘disable’
set firewall send-redirects ‘enable’
set firewall source-validation ‘disable’
set firewall syn-cookies ‘enable’
set firewall twa-hazards-protection ‘disable’
set interfaces ethernet eth0 address ‘49.143.252.11/27’
set interfaces ethernet eth0 hw-id ‘00:25:90:37:41:1c’
set interfaces ethernet eth1 duplex ‘auto’
set interfaces ethernet eth1 hw-id ‘00:25:90:37:41:1d’
set interfaces ethernet eth1 pppoe 0 default-route ‘auto’
set interfaces ethernet eth1 pppoe 0 mtu ‘1492’
set interfaces ethernet eth1 pppoe 0 name-server ‘auto’
set interfaces ethernet eth1 pppoe 0 traffic-policy out ‘PEER’
set interfaces loopback lo
set policy route Peering rule 100 destination group network-group ‘PeeringList’
set policy route Peering rule 100 set mark ‘222’
set protocols static route 0.0.0.0/0 next-hop 49.143.252.1
set service pppoe-server access-concentrator ‘SLBB’
set service pppoe-server authentication local-users username mahendra password ‘123456’
set service pppoe-server authentication local-users username mahendra rate-limit download ‘2048’
set service pppoe-server authentication local-users username mahendra rate-limit upload ‘1024’
set service pppoe-server authentication mode ‘local’
set service pppoe-server client-ip-pool start ‘139.5.98.2’
set service pppoe-server client-ip-pool stop ‘139.5.98.250’
set service pppoe-server dns-servers server-1 ‘8.8.8.8’
set service pppoe-server interface eth1
set service pppoe-server local-ip ‘139.5.98.1’
set service pppoe-server service-name ‘smartlink123’
set service ssh
set system config-management commit-revisions ‘100’
set system console device ttyS0 speed ‘115200’
set system host-name ‘SLBB-NAS-TEST’
set system login user noc authentication encrypted-password ‘$6$wPdPXUEcZ$Q.aksYzaevq5676xF5n0bJRp8pcnvGIFRidSlXdFbuDrKEAy2YvGANw0sQikecpM5QzLHohjbLvBaAauFJdu50’
set system login user noc authentication plaintext-password ‘’
set system login user noc level ‘admin’
set system login user vyos authentication encrypted-password ‘$6$Du9fx1DRTx$RT.ekLj8O/RTgrnrLrEpRaSqWyBUa/dI7g/YRVLNU7O.oySOKw0CA6NNy0zbXD0lW.eKK6RXeCT65kIzyvYLt1’
set system login user vyos authentication plaintext-password ‘’
set system login user vyos level ‘admin’
set system ntp server 0.pool.ntp.org
set system ntp server 1.pool.ntp.org
set system ntp server 2.pool.ntp.org
set system syslog global facility all level ‘info’
set system syslog global facility protocols level ‘debug’
set system time-zone ‘Asia/Kolkata’
set traffic-policy shaper PEER class 3 bandwidth ‘10mibit’
set traffic-policy shaper PEER class 3 match TEST mark ‘222’
set traffic-policy shaper PEER default bandwidth ‘10mibit’
set traffic-policy shaper PEER default queue-type ‘fair-queue’

noc@SLBB-NAS-TEST:~$ show pppoe-server sessions
ifname | username | ip | ip6 | ip6-dp | calling-sid | rate-limit | state | uptime | rx-bytes | tx-bytes
--------±---------±-----------±----±-------±------------------±-----------±-------±---------±---------±---------
ppp0 | mahendra | 139.5.98.2 | | | 00:0c:42:df:ae:0b | 2048/1024 | active | 00:05:17 | 2.8 MiB | 62.0 MiB

==============

generated by accel_pppoe.py

[modules]
log_syslog
pppoe
ippool
chap-secrets
auth_pap
auth_chap_md5
auth_mschap_v1
auth_mschap_v2
#pppd_compat
shaper

[shaper]
fwmark=222
down-limiter=htb

[core]
thread-count=4

[log]
syslog=accel-pppoe,daemon
copy=1
level=5

[client-ip-range]
disable

[ip-pool]
gw-ip-address=139.5.98.1
139.5.98.2-250

[dns]
dns1=8.8.8.8

[chap-secrets]
chap-secrets=/etc/accel-ppp/pppoe/chap-secrets

Please suggest.

Can we use input interface ???

Hi @mahendra, did you restart pppoe daemon after manually changing?
restart pppoe-server
check please also
sudo tc -s -d filter show dev ppp0
and also provide output of command
show policy route

Hi Dmitry,

Find below

noc@SLBB-NAS-TEST:// restart pppoe-server noc@SLBB-NAS-TEST:// show pppoe-server sessions
ifname | username | ip | ip6 | ip6-dp | calling-sid | rate-limit | state | uptime | rx-bytes | tx-bytes
--------±---------±—±----±-------±------------------±-----------±------±---------±---------±---------
| | | | | 00:0c:42:df:ae:0b | | start | 00:00:03 | 0 B | 0 B
noc@SLBB-NAS-TEST:// show pppoe-server sessions ifname | username | ip | ip6 | ip6-dp | calling-sid | rate-limit | state | uptime | rx-bytes | tx-bytes --------+----------+------------+-----+--------+-------------------+------------+--------+----------+----------+---------- ppp0 | mahendra | 139.5.98.2 | | | 00:0c:42:df:ae:0b | 2048/1024 | active | 00:00:04 | 68 B | 62 B noc@SLBB-NAS-TEST:// show pppoe-server sessions
ifname | username | ip | ip6 | ip6-dp | calling-sid | rate-limit | state | uptime | rx-bytes | tx-bytes
--------±---------±-----------±----±-------±------------------±-----------±-------±---------±---------±---------
ppp0 | mahendra | 139.5.98.2 | | | 00:0c:42:df:ae:0b | 2048/1024 | active | 00:00:04 | 68 B | 62 B
noc@SLBB-NAS-TEST:// show pppoe-server sessions ifname | username | ip | ip6 | ip6-dp | calling-sid | rate-limit | state | uptime | rx-bytes | tx-bytes --------+----------+------------+-----+--------+-------------------+------------+--------+----------+----------+---------- ppp0 | mahendra | 139.5.98.2 | | | 00:0c:42:df:ae:0b | 2048/1024 | active | 00:00:05 | 68 B | 62 B noc@SLBB-NAS-TEST:// sudo tc -s -d filter show dev ppp0
filter parent 1: protocol ip pref 90 fw chain 0
filter parent 1: protocol ip pref 90 fw chain 0 handle 0xde classid 1:
noc@SLBB-NAS-TEST://$ show policy route


Rulesets Information


IPv4 Policy Route “Peering”:

Inactive - Not applied to any interfaces or zones.

rule action proto packets bytes


100 set all 0 0
condition - saddr 0.0.0.0/0 daddr 0.0.0.0/0 /* Peering-100 */ MARK set 0xde

10000 drop all 0 0
condition - saddr 0.0.0.0/0 daddr 0.0.0.0/0

noc@SLBB-NAS-TEST://$

Use this command

set interfaces ethernet eth1 pppoe 0 policy route 'Peering'

set interfaces ethernet eth1 pppoe 0 policy route ‘Peering’
status is same, not bypassing destination IP Pools
173.194.0.0/16
216.58.0.0/16
103.5.187.0/24

noc@SLBB-NAS-TEST:~$ show configuration commands
set firewall all-ping ‘enable’
set firewall broadcast-ping ‘disable’
set firewall config-trap ‘disable’
set firewall group network-group PeeringList network ‘173.194.0.0/16’
set firewall group network-group PeeringList network ‘216.58.0.0/16’
set firewall group network-group PeeringList network ‘103.5.187.0/24’
set firewall ipv6-receive-redirects ‘disable’
set firewall ipv6-src-route ‘disable’
set firewall ip-src-route ‘disable’
set firewall log-martians ‘enable’
set firewall receive-redirects ‘disable’
set firewall send-redirects ‘enable’
set firewall source-validation ‘disable’
set firewall syn-cookies ‘enable’
set firewall twa-hazards-protection ‘disable’
set interfaces ethernet eth0 address ‘49.143.252.11/27’
set interfaces ethernet eth0 hw-id ‘00:25:90:37:41:1c’
set interfaces ethernet eth1 duplex ‘auto’
set interfaces ethernet eth1 hw-id ‘00:25:90:37:41:1d’
set interfaces ethernet eth1 pppoe 0 default-route ‘auto’
set interfaces ethernet eth1 pppoe 0 mtu ‘1492’
set interfaces ethernet eth1 pppoe 0 name-server ‘auto’
set interfaces ethernet eth1 pppoe 0 policy route ‘Peering’
set interfaces loopback lo
set policy route Peering rule 100 destination group network-group ‘PeeringList’
set policy route Peering rule 100 set mark ‘222’
set protocols static route 0.0.0.0/0 next-hop 49.143.252.1
set service pppoe-server access-concentrator ‘SLBB’
set service pppoe-server authentication local-users username mahendra password ‘123456’
set service pppoe-server authentication local-users username mahendra rate-limit download ‘2048’
set service pppoe-server authentication local-users username mahendra rate-limit upload ‘1024’
set service pppoe-server authentication mode ‘local’
set service pppoe-server client-ip-pool start ‘139.5.98.2’
set service pppoe-server client-ip-pool stop ‘139.5.98.250’
set service pppoe-server dns-servers server-1 ‘8.8.8.8’
set service pppoe-server interface eth1
set service pppoe-server local-ip ‘139.5.98.1’
set service pppoe-server service-name ‘smartlink123’
set service ssh
set system config-management commit-revisions ‘100’
set system console device ttyS0 speed ‘115200’
set system host-name ‘SLBB-NAS-TEST’
set system login user noc authentication encrypted-password ‘$6$wPdPXUEcZ$Q.aksYzaevq5676xF5n0bJRp8pcnvGIFRidSlXdFbuDrKEAy2YvGANw0sQikecpM5QzLHohjbLvBaAauFJdu50’
set system login user noc authentication plaintext-password ‘’
set system login user noc level ‘admin’
set system login user vyos authentication encrypted-password ‘$6$Du9fx1DRTx$RT.ekLj8O/RTgrnrLrEpRaSqWyBUa/dI7g/YRVLNU7O.oySOKw0CA6NNy0zbXD0lW.eKK6RXeCT65kIzyvYLt1’
set system login user vyos authentication plaintext-password ‘’
set system login user vyos level ‘admin’
set system ntp server 0.pool.ntp.org
set system ntp server 1.pool.ntp.org
set system ntp server 2.pool.ntp.org
set system syslog global facility all level ‘info’
set system syslog global facility protocols level ‘debug’
set system time-zone ‘Asia/Kolkata’
set traffic-policy shaper PEER bandwidth ‘auto’
set traffic-policy shaper PEER class 3 bandwidth ‘10mibit’
set traffic-policy shaper PEER class 3 burst ‘15k’
set traffic-policy shaper PEER class 3 match TEST mark ‘222’
set traffic-policy shaper PEER class 3 queue-type ‘fair-queue’
set traffic-policy shaper PEER default bandwidth ‘10mibit’
set traffic-policy shaper PEER default burst ‘15k’
set traffic-policy shaper PEER default queue-type ‘fair-queue’

Check again packets counters, running command show policy route
This works for me in our LAB.
I think you can also delete next

delete traffic-policy shaper PEER 

noc@SLBB-NAS-TEST:~$ show policy route


Rulesets Information


IPv4 Policy Route “Peering”:

Active on (pppoe0,ROUTE)

rule action proto packets bytes


100 set all 0 0
condition - saddr 0.0.0.0/0 daddr 0.0.0.0/0 /* Peering-100 */ MARK set 0xde

10000 drop all 0 0
condition - saddr 0.0.0.0/0 daddr 0.0.0.0/0

noc@SLBB-NAS-TEST:~$

NO, not working…

noc@SLBB-NAS-TEST:~$ show configuration commands
set firewall all-ping ‘enable’
set firewall broadcast-ping ‘disable’
set firewall config-trap ‘disable’
set firewall group network-group PeeringList network ‘173.194.0.0/16’
set firewall group network-group PeeringList network ‘216.58.0.0/16’
set firewall group network-group PeeringList network ‘103.5.187.0/24’
set firewall ipv6-receive-redirects ‘disable’
set firewall ipv6-src-route ‘disable’
set firewall ip-src-route ‘disable’
set firewall log-martians ‘enable’
set firewall receive-redirects ‘disable’
set firewall send-redirects ‘enable’
set firewall source-validation ‘disable’
set firewall syn-cookies ‘enable’
set firewall twa-hazards-protection ‘disable’
set interfaces ethernet eth0 address ‘49.143.252.11/27’
set interfaces ethernet eth0 hw-id ‘00:25:90:37:41:1c’
set interfaces ethernet eth1 duplex ‘auto’
set interfaces ethernet eth1 hw-id ‘00:25:90:37:41:1d’
set interfaces ethernet eth1 pppoe 0 default-route ‘auto’
set interfaces ethernet eth1 pppoe 0 mtu ‘1492’
set interfaces ethernet eth1 pppoe 0 name-server ‘auto’
set interfaces ethernet eth1 pppoe 0 policy route ‘Peering’
set interfaces loopback lo
set policy route Peering rule 100 destination group network-group ‘PeeringList’
set policy route Peering rule 100 set mark ‘222’
set protocols static route 0.0.0.0/0 next-hop 49.143.252.1
set service pppoe-server access-concentrator ‘SLBB’
set service pppoe-server authentication local-users username mahendra password ‘123456’
set service pppoe-server authentication local-users username mahendra rate-limit download ‘2048’
set service pppoe-server authentication local-users username mahendra rate-limit upload ‘1024’
set service pppoe-server authentication mode ‘local’
set service pppoe-server client-ip-pool start ‘139.5.98.2’
set service pppoe-server client-ip-pool stop ‘139.5.98.250’
set service pppoe-server dns-servers server-1 ‘8.8.8.8’
set service pppoe-server interface eth1
set service pppoe-server local-ip ‘139.5.98.1’
set service pppoe-server service-name ‘smartlink123’
set service ssh
set system config-management commit-revisions ‘100’
set system console device ttyS0 speed ‘115200’
set system host-name ‘SLBB-NAS-TEST’
set system login user noc authentication encrypted-password ‘$6$wPdPXUEcZ$Q.aksYzaevq5676xF5n0bJRp8pcnvGIFRidSlXdFbuDrKEAy2YvGANw0sQikecpM5QzLHohjbLvBaAauFJdu50’
set system login user noc authentication plaintext-password ‘’
set system login user noc level ‘admin’
set system login user vyos authentication encrypted-password ‘$6$SKdAJ9ZuzN6JD.3$NseWPH/wzbVSjJkSXHQwz3fWR0kV0XZfFBFa3FT9oboiun2MQvyl9M4Xfly6rNUiRvRLEujIpfYrSFxfLgBQP1’
set system login user vyos authentication plaintext-password ‘’
set system login user vyos level ‘admin’
set system ntp server 0.pool.ntp.org
set system ntp server 1.pool.ntp.org
set system ntp server 2.pool.ntp.org
set system syslog global facility all level ‘info’
set system syslog global facility protocols level ‘debug’
set system time-zone ‘Asia/Kolkata’

Hi @mahendra,

Can you check with the configuration below?

set interfaces ethernet eth0 policy route 'PEERING'
set policy route PEERING rule 10 set mark '222'
set policy route PEERING rule 10 source group network-group 'PEERING-LIST'

That worked for Dmitry and myself. We were able to bypass the PPPoE rate-limit.

Hi Lorente,

This is not working at my end. Don’t know why.

set firewall all-ping ‘enable’
set firewall broadcast-ping ‘disable’
set firewall config-trap ‘disable’
set firewall group network-group PeeringList network ‘173.194.0.0/16’
set firewall group network-group PeeringList network ‘216.58.0.0/16’
set firewall group network-group PeeringList network ‘103.5.187.0/24’
set firewall ipv6-receive-redirects ‘disable’
set firewall ipv6-src-route ‘disable’
set firewall ip-src-route ‘disable’
set firewall log-martians ‘enable’
set firewall receive-redirects ‘disable’
set firewall send-redirects ‘enable’
set firewall source-validation ‘disable’
set firewall syn-cookies ‘enable’
set firewall twa-hazards-protection ‘disable’
set interfaces ethernet eth0 address ‘49.143.252.11/27’
set interfaces ethernet eth0 hw-id ‘00:25:90:37:41:1c’
set interfaces ethernet eth0 policy route ‘PEERING’
set interfaces ethernet eth1 duplex ‘auto’
set interfaces ethernet eth1 hw-id ‘00:25:90:37:41:1d’
set interfaces ethernet eth1 pppoe 0 default-route ‘auto’
set interfaces ethernet eth1 pppoe 0 mtu ‘1492’
set interfaces ethernet eth1 pppoe 0 name-server ‘auto’
set interfaces loopback lo
set policy route PEERING rule 10 set mark ‘222’
set policy route PEERING rule 10 source group network-group ‘PeeringList’
set protocols static route 0.0.0.0/0 next-hop 49.143.252.1
set service pppoe-server access-concentrator ‘SLBB’
set service pppoe-server authentication local-users username mahendra password ‘123456’
set service pppoe-server authentication local-users username mahendra rate-limit download ‘2048’
set service pppoe-server authentication local-users username mahendra rate-limit upload ‘1024’
set service pppoe-server authentication mode ‘local’
set service pppoe-server client-ip-pool start ‘139.5.98.2’
set service pppoe-server client-ip-pool stop ‘139.5.98.250’
set service pppoe-server dns-servers server-1 ‘8.8.8.8’
set service pppoe-server interface eth1
set service pppoe-server local-ip ‘139.5.98.1’
set service pppoe-server service-name ‘smartlink123’
set service ssh
set system config-management commit-revisions ‘100’
set system console device ttyS0 speed ‘115200’
set system host-name ‘SLBB-NAS-TEST’
set system login user noc authentication encrypted-password ‘$6$wPdPXUEcZ$Q.aksYzaevq5676xF5n0bJRp8pcnvGIFRidSlXdFbuDrKEAy2YvGANw0sQikecpM5QzLHohjbLvBaAauFJdu50’
set system login user noc authentication plaintext-password ‘’
set system login user noc level ‘admin’
set system login user vyos authentication encrypted-password ‘$6$SKdAJ9ZuzN6JD.3$NseWPH/wzbVSjJkSXHQwz3fWR0kV0XZfFBFa3FT9oboiun2MQvyl9M4Xfly6rNUiRvRLEujIpfYrSFxfLgBQP1’
set system login user vyos authentication plaintext-password ‘’
set system login user vyos level ‘admin’
set system ntp server 0.pool.ntp.org
set system ntp server 1.pool.ntp.org
set system ntp server 2.pool.ntp.org
set system syslog global facility all level ‘info’
set system syslog global facility protocols level ‘debug’
set system time-zone ‘Asia/Kolkata’

If you want access to router, I can allow you to check …

Please

  1. Please keep exactly that configuration, so that we are in the same page.

  2. Please make sure /etc/accel-ppp/pppoe/pppoe.config includes


[shaper]
fwmark=222
down-limiter=htb

Please note that, if you reboot the machine, that section will be gone and you will have to configure it again.

  1. restart pppoe-server

  2. On a PPPoE client run
    iperf -s

  3. Take a host with an IP address belonging to your defined network-group.
    Please note that this host should be accessible from the interface eth0 of the PPPoE server.
    Run the following command in that host:
    iperf -c <PPPoE_client_IP_address>

Check the output, you should see the traffic has not been affected by the PPPoE Server rate-limit configuration.

Let us know.

Hi Lorente,

I made changes as suggested.

Hey,

Seems working now.

Great…

I like reading that = )

Thanks Lorente / Dmitry,

Its working fine…

But, can I cap the bandwidth for ‘Peeringlist’ for 10mbps.
And can I add more pools in
Service PPPclient-ip-pool {
start 139.5.98.2
stop 139.5.98.250

This will solve all my problems,

Regards,