QOS traffic shaping from External IP

Hi,

I’m trying to limit bandwidth based on IP assign to client devices.
These IPs are provided by Supplier and the traffic of 10.10.100.0/24 is routed to my router via IPSec VPN (store in kernel routing table).
The devices will go to internet via my vyos router. Vyos version is 1.1.8.

My configuration :

vyosRouter# sh traffic-policy
limiter DEVICE-INBOUND {
class 10 {
bandwidth 0.5mbps
burst 15k
description “test limit to 10.10.100.10”
match sim {
ip {
destination {
address 10.10.100.10/32
}
}
}
}
default {
bandwidth 10mbps
burst 15k
}
}
shaper DEVICE-OUTBOUND {
bandwidth 10mbps
class 10 {
bandwidth 0.5mbps
burst 15k
description “test limit to 10.10.100.10”
match sim {
ip {
destination {
address 10.10.100.10/32
}
}
}
queue-type fair-queue
}
default {
bandwidth 50%
burst 15k
ceiling 100%
queue-type fair-queue
}
}

Then I applied to ethernet of WAN that goes to internet.
However, I’m not able to get the speed as I limit in the router.

Is it because the Device IPs are from external?
Is there any possible way to limit Device IP individually?

Are you getting more speed than expected?

Maybe you are taking 0.5mbps as 0.5mbit/s? It actually is 0.5 MByte/s.

Very often problems come because of tc’s very peculiar way of naming rate units.

Let us know if that is your case.

Hi,
Thanks for your answer. Now I can control but only for upload using mbit unit.
When I change either limiter or shaper only upload is changing.
Upload change depend on lowest bandwidth (if limiter bandwidth lower than shaper upload will follow limiter, vise versa)

For download, when I set traffic policy the download speed was 0.01 to 0.09mbit/s and it’s not changing based on limiter or shaper bandwidth setup. Without traffic policy, download and upload rate around 2 to 4mbit/s.

Please help. Thanks

Can we also see how you apply policies to interfaces?

show config commands | match traffic-policy

Hi Please refer below :

vyosRouterSIMs-KPN-GW-1# sh interfaces
ethernet eth0 {
address x.x.x.x/x
description “WAN”
duplex auto
hw-id x.x.x
smp_affinity auto
speed auto
traffic-policy {
in DEVICE-INBOUND
out DEVICE-OUTBOUND
}
}

I understand your WAN interface connects you to the ISP in the diagram.

If that is the case, only the DEVICE-INBOUND is matching the defined criteria (destination address).

If you want your DEVICE-OUTBOUND policy to take effect too, you would need to use source instead of destination in the class 10 matching criteria.

Hi,
It’s working now.
Thanks :blush:
:+1:t3:

Hey, you’re welcome!

Let me add something, maybe you already know, you are not exactly shaping inbound traffic, you are limiting it. If you would like to shape it, have a look here.

Noted.
Will try this interface input ifb0 later. :+1:t3:

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.