VyOS 1.2 traffic-policy shaper match interface not working

kirvio · January 27, 2022, 7:19am

Recently, we migrated from VC6.6R1 to VyOS 1.2.
For some reason, our traffic-policy(shaper) does not working as intented:

admin@fwVyatta-1:~$ show queueing ethernet eth0

eth0 Queueing:
Class      Policy                   Sent      Dropped    Overlimit      Backlog
root       shaper           7981132269866      5432172   1214761563            0
10         fair-queue                  0            0            0            0
20         fair-queue                  0            0            0            0
default    fair-queue       7981132260625      5432172            0            0

It seems shaper(for some reason) can’t find a match and allowing all traffic to go through default:

 bandwidth 1gbit
 class 10 {
     bandwidth 300mbit
     burst 15k
     ceiling 330mbit
     description PEERING
     match PEERING {
         interface eth3
     }
     priority 0
     queue-type fair-queue
 }
 class 20 {
     bandwidth 500mbit
     burst 15k
     ceiling 575mbit
     description INET
     match INET {
         interface eth1
     }
     priority 1
     queue-type fair-queue
 }
 default {
     bandwidth 850mbit
     burst 15k
     priority 7
     queue-type fair-queue
 }

We have this traffic-policy only on our eth0:

traffic-policy {
     out SHAPER-2
 }

For the moment, we have no idea why it is not working.

16again · January 29, 2022, 5:07pm

tested on 1.2.8, similar results:

Policy created in ssh session1:

set traffic-policy shaper WAN-OUT bandwidth '50Mbit'
set traffic-policy shaper WAN-OUT default bandwidth '50%'
set traffic-policy shaper WAN-OUT default ceiling '100%'
set traffic-policy shaper WAN-OUT default queue-type 'fair-queue'
set traffic-policy shaper WAN-OUT class 10  bandwidth 30mbit
set traffic-policy shaper WAN-OUT class 10  burst 15k
set traffic-policy shaper WAN-OUT class 10  ceiling 33mbit
set traffic-policy shaper WAN-OUT class 10  description TEST
set traffic-policy shaper WAN-OUT class 10  match TEST interface eth1
set traffic-policy shaper WAN-OUT class 10  priority 0
set traffic-policy shaper WAN-OUT class 10  queue-type fair-queue
set interfaces ethernet eth0 traffic-policy out WAN-OUT

While running “tc monitor” in different ssh session gives:

deleted qdisc mq 0: dev eth0 root
qdisc htb 1: dev eth0 root refcnt 64 r2q 32 default b direct_packets_stat 0 direct_qlen 1000
class htb 1:1 dev eth0 root prio 0 rate 50Mbit ceil 50Mbit burst 1600b cburst 1600b
class htb 1:b dev eth0 parent 1:1 prio 0 rate 25Mbit ceil 50Mbit burst 15Kb cburst 1600b
qdisc sfq 8005: dev eth0 parent 1:b limit 127p quantum 1514b depth 127 divisor 1024
class htb 1:a dev eth0 parent 1:1 prio 0 rate 30Mbit ceil 33Mbit burst 15Kb cburst 1592b
qdisc sfq 8006: dev eth0 parent 1:a limit 127p quantum 1514b depth 127 divisor 1024
added chain dev eth0 parent 1: chain 0
added filter dev eth0 parent 1: protocol all pref 1 basic chain 0 handle 0x1 flowid 1:a
  meta(rt_iif eq 3)

Last line is special, it should match on input interface. But it doesn’t"

show queueing ethernet eth0

eth0 Queueing:
Class Policy Sent Dropped Overlimit Backlog
root shaper 77496 0 0 0
10 fair-queue 0 0 0 0
default fair-queue 76916 0 0 0

Also, interface number 3 is OK for eth1:

ip a s | grep 3:
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000

So matching in input interface doesn’t work in tc. Why?

kirvio · February 1, 2022, 10:53am

Can there be alternative then, like “traffic-policy match ether source” maybe?
P.S. “match ether source” does not work either.

16again · February 1, 2022, 10:43pm

Without masquerade on eth0, you could filter on source IP.
Or use policies to mark packets coming in on eth1 and eth3, then filter on packet marks in shaper.
eth1 - mark=1
eth3 - mark=3

tjh · February 1, 2022, 10:56pm

This seems like a fairly reproducable problem. I’d recommend logging a Phabricator ticket if you’re able to report it to the devs. Let me know if you’d like a hand with that.

kirvio · February 2, 2022, 7:48am

Marked traffic on eth1 and eth3 works smoothly, thanks.

    route MARKED10 {
        description "Mark traffic on eth1"
        rule 100 {
            set {
                mark 10
            }
        }
    }
    route MARKED30 {
        description "Mark traffic on eth3"
        rule 300 {
            set {
                mark 30
            }
        }
    }

admin@fwVyatta-1:~$ sh queueing ethernet eth0

eth0 Queueing:
Class      Policy                   Sent      Dropped    Overlimit      Backlog
root       shaper            71322137705        18958     55962587            0
10         fair-queue        29812391536        14867            0            0
20         fair-queue        31830509494         4074            0            0
default    fair-queue         9679235161           17            0            0

kirvio · February 2, 2022, 9:14am

How to report about this problem?

Viacheslav · February 2, 2022, 3:21pm

Create a “bug report” at https://phabricator.vyos.net/