Traffic shaping to differential networks (IPv4 & IPv6)

Hello,

I try to accomplish this using traffic shaping:

simple-network755×402 16.2 KB

so when the clients receive or send traffic to the DMZ will be shaped by 2 Gbps, but when they go to the Internet they will be shaped by 500 Mbps.

My first approach is this:

set traffic-policy shaper INET-IN bandwidth 2gbit
set traffic-policy shaper INET-IN class 10 bandwidth 100%
set traffic-policy shaper INET-IN class 10 match INET6-IN-WAN ipv6 source address 2001:db8:1::/48
set traffic-policy shaper INET-IN class 10 match INET-IN-WAN ip source address 1.2.2.0/24
set traffic-policy shaper INET-IN class 10 queue-type fq-codel
set traffic-policy shaper INET-IN class 20 bandwidth 500mbit
set traffic-policy shaper INET-IN class 20 match INET6-IN-WAN-SHAPING ipv6 destination address 2001:db8:2::/48
set traffic-policy shaper INET-IN class 20 match INET-IN-WAN-SHAPING ip destination address 1.2.2.2/32
set traffic-policy shaper INET-IN class 20 queue-type fq-codel
set traffic-policy shaper INET-IN default bandwidth 100%
set traffic-policy shaper INET-IN default queue-type fq-codel

set traffic-policy shaper INET-OUT bandwidth 2gbit
set traffic-policy shaper INET-OUT class 10 bandwidth 100%
set traffic-policy shaper INET-OUT class 10 match INET6-OUT-WAN ipv6 destination address 2001:db8:1::/48
set traffic-policy shaper INET-OUT class 10 match INET-OUT-WAN ip destination address 1.2.2.0/24
set traffic-policy shaper INET-OUT class 10 queue-type fq-codel
set traffic-policy shaper INET-OUT class 20 bandwidth 500mbit
set traffic-policy shaper INET-OUT class 20 match INET6-OUT-WAN-SHAPING ipv6 source address 2001:db8:2::/48
set traffic-policy shaper INET-OUT class 20 match INET-OUT-WAN-SHAPING ip source address 1.2.2.2/32
set traffic-policy shaper INET-OUT class 20 queue-type fq-codel
set traffic-policy shaper INET-OUT default bandwidth 100%
set traffic-policy shaper INET-OUT default queue-type fq-codel

set interfaces bonding bond0 traffic-policy out INET-OUT
set interfaces bonding bond0 redirect ifb0
set interfaces input ifb0 traffic-policy out INET-IN

But the clients connections fluctuate, even a ping jumps with higer latency.

What is wrong with the code?

Thanks!

Hi,

Please, any hints?

Could you provide more information on what the problem is?

You’re saying that the connection fluctuate, is that when the line is fully utilized? Does this also happens when there is no traffic-policy defined?
Same questions for the ping.

If utilization is low, highly unlikely that ping is badly affected.
If 2Gb/s is actively being used for internet access, parent might be depleted, leaving no room for dmz access. As both classes share same upper 2Gb/s class!
I’d give DMZ higher prio, or increase parent to 2.5Gb/s

thanks for the replying.

@rayzilt yes, the problem is that the ping fluctuates, and, that’s correct, when the line (the 500 Mbps to internet) is fully utilized the ping jumps from 50ms to 200ms and back again to 50ms. In fact i just applied the rules to fix that, but the issue persists.

@16again well, the DMZ traffic is not using the full capacity (2 Gbps), so it makes sense increase the parent bandwidth to prevent future issues. thanks for the heads up.