QOS traffic shaping from External IP

zakwan · August 11, 2020, 4:09am

Hi,

I’m trying to limit bandwidth based on IP assign to client devices.
These IPs are provided by Supplier and the traffic of 10.10.100.0/24 is routed to my router via IPSec VPN (store in kernel routing table).
The devices will go to internet via my vyos router. Vyos version is 1.1.8.

My configuration :

vyosRouter# sh traffic-policy
limiter DEVICE-INBOUND {
class 10 {
bandwidth 0.5mbps
burst 15k
description “test limit to 10.10.100.10”
match sim {
ip {
destination {
address 10.10.100.10/32
}
}
}
}
default {
bandwidth 10mbps
burst 15k
}
}
shaper DEVICE-OUTBOUND {
bandwidth 10mbps
class 10 {
bandwidth 0.5mbps
burst 15k
description “test limit to 10.10.100.10”
match sim {
ip {
destination {
address 10.10.100.10/32
}
}
}
queue-type fair-queue
}
default {
bandwidth 50%
burst 15k
ceiling 100%
queue-type fair-queue
}
}

Then I applied to ethernet of WAN that goes to internet.
However, I’m not able to get the speed as I limit in the router.

Is it because the Device IPs are from external?
Is there any possible way to limit Device IP individually?

s.lorente · August 11, 2020, 7:49am

Are you getting more speed than expected?

Maybe you are taking 0.5mbps as 0.5mbit/s? It actually is 0.5 MByte/s.

Very often problems come because of tc’s very peculiar way of naming rate units.

Let us know if that is your case.

zakwan · August 11, 2020, 9:28am

Hi,
Thanks for your answer. Now I can control but only for upload using mbit unit.
When I change either limiter or shaper only upload is changing.
Upload change depend on lowest bandwidth (if limiter bandwidth lower than shaper upload will follow limiter, vise versa)

For download, when I set traffic policy the download speed was 0.01 to 0.09mbit/s and it’s not changing based on limiter or shaper bandwidth setup. Without traffic policy, download and upload rate around 2 to 4mbit/s.

Please help. Thanks

s.lorente · August 11, 2020, 9:47am

Can we also see how you apply policies to interfaces?

show config commands | match traffic-policy

zakwan · August 11, 2020, 9:51am

Hi Please refer below :

vyosRouterSIMs-KPN-GW-1# sh interfaces
ethernet eth0 {
address x.x.x.x/x
description “WAN”
duplex auto
hw-id x.x.x
smp_affinity auto
speed auto
traffic-policy {
in DEVICE-INBOUND
out DEVICE-OUTBOUND
}
}

s.lorente · August 11, 2020, 10:13am

I understand your WAN interface connects you to the ISP in the diagram.

If that is the case, only the DEVICE-INBOUND is matching the defined criteria (destination address).

If you want your DEVICE-OUTBOUND policy to take effect too, you would need to use source instead of destination in the class 10 matching criteria.

zakwan · August 12, 2020, 3:22am

Hi,
It’s working now.
Thanks

s.lorente · August 12, 2020, 8:12am

Hey, you’re welcome!

Let me add something, maybe you already know, you are not exactly shaping inbound traffic, you are limiting it. If you would like to shape it, have a look [here]Traffic Policy — VyOS 1.4.x (sagitta) documentation).

zakwan · August 12, 2020, 9:05am

Noted.
Will try this interface input ifb0 later.

system · August 14, 2020, 9:05am

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.