Page MenuHomeVyOS Platform

traffic-policy does not classify by VLAN
Open, Requires assessmentPublicBUG

Description

In Traffic Policy you configure traffic classes by defining some kind of matching criteria. One of those criteria can be VLAN ID. I have found several possible commands in VyOS CLI that could do the job (I am not sure what the differences of these commands should be) but in my tests none of them matched traffic by VLAN ID.

In my lab, traffic tagged with VLAN ID 40 was coming into eth1 interface.

set interfaces ethernet eth0 description 'WAN'
set interfaces ethernet eth0 address '20.20.20.1/24'

set interfaces ethernet eth1 description 'LAN'
set interfaces ethernet eth1 address '192.168.10.254/24'
set interfaces ethernet eth1 address '192.168.20.254/24'
set interfaces ethernet eth1 vif 40 address '192.168.40.254/24'

set protocols static interface-route 192.168.0.0/16 next-hop-interface eth1
set protocols static route 20.20.20.0/24 next-hop 20.20.20.20

set traffic-policy shaper ASDF bandwidth '100kbps'
set traffic-policy shaper ASDF class 40 bandwidth '40%'
set traffic-policy shaper ASDF default bandwidth '2%'

set interfaces ethernet eth0 traffic-policy out 'ASDF'

Having the configuration above, none of the following 3 commands (nor any of their combinations) matched VLAN40 traffic:

set traffic-policy shaper ASDF class 40 match VLAN-MATCH interface 'eth1.40'
set traffic-policy shaper ASDF class 40 match VLAN-MATCH vif 40
set traffic-policy shaper ASDF class 40 match VLAN-MATCH ether protocol '802.1Q'

Tests done with both 1.2 and 1.3 versions, no difference.

Details

Difficulty level
Unknown (require assessment)
Version
1.2.x ; 1.3
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Unspecified (possibly destroys the router)

Event Timeline

s.lorente created this task.Oct 1 2020, 2:37 AM
pasik added a subscriber: pasik.Oct 1 2020, 9:21 AM

We found one case when it does work (for both Crux and 1.3), which can lead to further investigation: when the policy is applied to a PPPoE client interface and the class traffic is matched with the command naming the subinterface (the first of the 3 options above).

The following examples work ok.

1.3:

set interfaces ethernet eth0 vif 40 address '192.168.40.254/24'
set interfaces pppoe pppoe0 access-concentrator 'asdf'
set interfaces pppoe pppoe0 authentication password 'asdf'
set interfaces pppoe pppoe0 authentication user 'asdf'
set interfaces pppoe pppoe0 source-interface 'eth1'
set interfaces pppoe pppoe0 traffic-policy out 'asdf'
set traffic-policy shaper asdf bandwidth '10Mbit'
set traffic-policy shaper asdf class 10 bandwidth '1Mbit'
set traffic-policy shaper asdf class 10 match VLAN interface 'eth0.40'
set traffic-policy shaper asdf default bandwidth '1kbit'
set traffic-policy shaper asdf default ceiling '100%'

Crux:

set interfaces ethernet eth0 vif 40 address '192.168.40.254/24'
set interfaces ethernet eth1 pppoe 0 password 'asdf'
set interfaces ethernet eth1 pppoe 0 user-id 'asdf'
set interfaces ethernet eth1 pppoe 0 traffic-policy out asdf
set traffic-policy shaper asdf bandwidth '10Mbit'
set traffic-policy shaper asdf class 10 bandwidth '1Mbit'
set traffic-policy shaper asdf class 10 match VLAN interface 'eth0.40'
set traffic-policy shaper asdf default bandwidth '1kbit'
set traffic-policy shaper asdf default ceiling '100%'

If we use the same examples above but, instead of applying the policy to a PPPoE interface, we apply it directly to an ethernet interface, then it fails to match VLAN traffic.