Vyos per ip bandwidth limiting

Dear all ,
i am very new for vyos and i am trying to limit bandwidth per ip address but i could not do it . so, i would like to request you to send me the example configuration to limit the bandwidth on per ip address . My lan ip address is 192.168.50.2/24

Best Regards
Arun Tamrakar

Hi

if you want to limit outgoing traffic , you could use traffic-policy with a shaping (depending the values/traffic) that you need to limit. here below there are some example s.

set traffic-policy shaper OUT bandwidth 'mbitX'
set traffic-policy shaper OUT class 10 bandwidth 'XXX%'
set traffic-policy shaper OUT class 10 match ADDRES50 ip source address '192.168.50.1/24'

set interfaces etherhet ethX traffic-policy out OUT

in fact , if you need to apply for ingress traffic , you should verify our documentation.

https://docs.vyos.io/en/equuleus/configuration/trafficpolicy/index.html

thanks fernando, i have tried this way but the traffic limits all that IP that passing through LAN , and i am not willing to set it hole ip block like /24 i wants to apply the rules only one ip address /32 . i dont know what is the problem

my config as bellow :

vyos@vyos# sh traffic-policy
shaper OUT {
bandwidth 100mbit
class 10 {
bandwidth 10mbit
match ADRESS {
ip {
source {
address 192.160.50.2/32
}
}
}
}
default {
bandwidth 10mbit
}
}
[edit]
vyos@vyos#

i wants to limit my bandwidth for only ip 192.168.50.2/32

Best Regards,
Arun Tamrakar

Looks like a typo in the config:

ip {
source {
address 192.160.50.2/32
}

Here: 192.160.50.2/32
It should be: 192.168.50.2/32

If your WAN port is using sNAT or masquerade, all LAN IPs will be translated into a single WAN IP, and your policy won’t match on LAN source IPs.
And all traffic will end up in default class

thank you very much Nikolay sir,
I have made correct entry again but it does not work , when the shaper rules applies as you sent and commit it ask default bandwidth and save all the ip address that passing through my LAN .
i have remove nat also and make static route .
here i wants to limit 10mbits bandwidths in my ip 192.168.20.19
but all the ip address 192.168.20.2-192.168.20.254 with all ip has limited 10mbts traffic
where is the wrong code

my current config is as bellow vyos@vyos# sh traffic-policy
shaper OUT {
bandwidth auto
class 10 {
bandwidth 10mbit
match address {
ip {
source {
address 192.168.20.19/32
}
}
}
}
default {
bandwidth 10mbit
}
}
[edit]
vyos@vyos#

What VyOS version you are using?

show version

Version: VyOS 1.4-rolling-202112090318
Release train: sagitta

Built by: autobuild@vyos.net
Built on: Thu 09 Dec 2021 03:18 UTC
Build UUID: cabfcd3a-b2a5-4c11-bfcd-b8d121a7d49f
Build commit ID: 77cc894fd83b40

Architecture: x86_64
Boot via: installed image
System type: bare metal

Hardware vendor: Dell Inc.
Hardware model: OptiPlex 7010
Hardware S/N: 20N2NW1
Hardware UUID: 4c4c4544-0030-4e10-8032-b2c04f4e5731

Copyright: VyOS maintainers and contributors
[edit]
vyos@vyos#

thanks

In this example:

  • eth0 is my WAN interface, where traffic-policy shaper is applied. for outbound traffic.
  • I define global bandwidth, and use percentage on class shaper.
  • LAN network: 203.0.113.0/24, and filter applied only to 203.0.113.2/32
vyos@vyos# run show config comm | grep pol
set interfaces ethernet eth0 traffic-policy out 'ABC'
set traffic-policy shaper ABC bandwidth '100mbit'
set traffic-policy shaper ABC class 10 bandwidth '2%'
set traffic-policy shaper ABC class 10 match HOST-2M ip source address '203.0.113.2/32'
set traffic-policy shaper ABC class 10 queue-type 'fq-codel'
set traffic-policy shaper ABC default bandwidth '20%'
set traffic-policy shaper ABC default ceiling '100%'
set traffic-policy shaper ABC default priority '7'
set traffic-policy shaper ABC default queue-type 'fair-queue'

Results:
Simulation consists on 2 VyOS instance located on LAN, and traffic shaper should applied only to VyOS with IP 203.0.113.2/24, and connects to remote VyOS using monitor bandwidth tool for VyOS.

  • First test: bandwidth test from host 203.0.113.2 (VyOS instance) to remote instance, where filter should be applied:
vyos@vyos# run monitor bandwidth-test initiate 198.51.100.2
------------------------------------------------------------
Client connecting to 198.51.100.2, TCP port 5001
TCP window size: 85.0 KByte (default)
------------------------------------------------------------
[  3] local 203.0.113.2 port 58554 connected with 198.51.100.2 port 5001
[ ID] Interval       Transfer     Bandwidth
[  3]  0.0-11.3 sec  2.62 MBytes  1.95 Mbits/sec

Filter was applied – Bandwidth 1.95 Mbits/sec

  • Second test: bandwidth test from host 203.0.113.3 (VyOS instance) to remote instance, where filter should not be applied:
vyos@vyos:~$ monitor bandwidth-test initiate 198.51.100.2
------------------------------------------------------------
Client connecting to 198.51.100.2, TCP port 5001
TCP window size: 85.0 KByte (default)
------------------------------------------------------------
[  3] local 203.0.113.3 port 53766 connected with 198.51.100.2 port 5001
[ ID] Interval       Transfer     Bandwidth
[  3]  0.0-10.0 sec   115 MBytes  96.4 Mbits/sec

Filter not applied – Bandwidth 96.4 Mbits/sec

thank you very much sir,
Sir as you said your WAN port is eth0 where you traffic policy is applied and i understood eth0 interface is connected is ISP ?

We could say so.
This was done in a virtual lab, simulating your case, so we could say eth0 is attached to ISP.

The idea in this scenario is that interface where traffic policy is applied, it’s supposed to be your “upstream” interface, where you want to apply shaper because of lack of bandwidth (this is at least what I simulated and think is your case)

Thank you very much it works now . as you told me i put the rues in WAN . sir i would like to request you to send me limiter example too. and which interface i need to apply the rules

Best regards,
Arun Tamrakar
Nepal

Here is an example on limiter.

  • As before, eth0 is WAN side
  • This limits download at 10mbit for host with ip 203.0.113.2
set traffic-policy limiter ISP-IN class 10 bandwidth '10mbit'
set traffic-policy limiter ISP-IN class 10 burst '2mbit'
set traffic-policy limiter ISP-IN class 10 match 10M-IN description 'Download 10M'
set traffic-policy limiter ISP-IN class 10 match 10M-IN ip destination address '203.0.113.2/32'
set traffic-policy limiter ISP-IN default bandwidth '200mbit'

set interfaces ethernet eth0 traffic-policy in 'ISP-IN'

Please, refer to our traffic-policy docs if needed

thank you and it works now. there was wrong config of default burst . i have put it 15k . how can we find how much burst need to be applied ?

thanks