Setting qos by mark

ebedtang · June 24, 2023, 11:08am

Hi,
I’m using vyos 1.4-rolling-202306210317, I want to mark all traffic to doh server address list with 10 and redirect traffics that has been mark with 10 to my qos shaper class 10. But they are failed, when i check using ‘show conntrack table ipv4’ there is no mark at all, all is zero, then i check using ‘tc -s class show dev wlan0’, all goes to default. What i missed, can you help? Here is my settings,

policy {
route DOH {
interface wlan0
rule 10 {
destination {
group {
address-group DOH_ADDR
}
}
set {
mark 10
}
}
}
}

qos {
interface eth0 {
egress LAN-1
}
interface wlan0 {
egress ISP-BYU
}
policy {
shaper ISP-BYU {
bandwidth 20mbit
class 10 {
bandwidth 1mbit
burst 1m
description “DNS traffics”
match DOH {
mark 10
}
priority 0
queue-type fair-queue
}
default {
bandwidth 19mbit
burst 1m
ceiling 100%
queue-type fq-codel
}
description “WAN outbound to isp”
}
shaper LAN-1 {
bandwidth 100mbit
default {
bandwidth 100%
burst 1m
ceiling 100%
queue-type fair-queue
}
description “LAN 1 to all clients”
}
}
}

Thanks in advances

16again · June 24, 2023, 12:04pm

1st of all, connmark will only show connection marking , not packet marking.
In what direction is policy route DOH applied? Does it have statistics?

ebedtang · June 24, 2023, 2:39pm

Out to wan (wlan0). I’m still new to this OS, i have searched but still can not find what command to use to view connection Mark statistic. I want to mark all connection going out through wan to doh public server not the packet. That DOH_ADDR contains doh public address which i want to redirect to class 10 in shaper ISP-BYU.
In iptables, it is equivalent to iptables -t mangle -A WAN-OUT -m set --match-set dohblock dst -j MARK --set-mark 10

ebedtang · June 26, 2023, 12:06am

I have changed it from ‘set mark 10’ to ‘set connection-mark 10’, still there is no mark at all.

Viacheslav · June 26, 2023, 6:42am

Policy route is applied for inbound traffic, not outbound

16again · June 26, 2023, 8:45am

Why no policy route for outbound?
Indeed , it makes no sense to alter routing decision, as it’s already made. But mangle policies can do way more than that. (alter DSCP , marking TTL…)
And why no error applying outbound.?

Viacheslav · June 26, 2023, 9:47am

Not Implemented if I don’t confuse anything

ebedtang · June 26, 2023, 10:39am

So how if we want to redirect a bunch of address to class 1 of our traffic shaping which goes out to wan. What command to use?

ebedtang · June 26, 2023, 10:41am

I don’t want to alter the route. I just want to redirect it to one of my traffic shaping class. The route is still the same. And if its a network address with prefix i don’t confuse anything but its a collection of internet public server ip address. How to do it in vyos?

ebedtang · June 27, 2023, 3:56am

You are right, set-mark can only work using source address. Thanks.

Now i’m curious about mangle policy. Can not get it on config guide. How to set up mangle policy? Should i go to nft directly?

ebedtang · June 27, 2023, 3:57am

Yes it seems so. I have changed it using source address and working fine now. Thanks.

system · June 30, 2023, 3:01pm

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.