Welcome Guest, Not a member yet? Create Account  




Can;t get my QOS to work...

#1
(This post was last modified: 12/11/2017, 21:20 by keithl.)

I am using the 20171107 build as I can;t get the 1.17 or the 1.1.8 RC2 to load on my bare metal. 

OK I have 3 NICs configured for

eth0 - LAN
eth1 - Comcast
eth2 - Uverse

I had no problem getting load balancing set up across the 2 ISPs after reading and it works very well. 

What I am struggling with is QOS. I se tup the following QOS rules on the LAN side to tag traffic for dscp based on source address. 


This is basic info I have set up for load balancing:


set load-balancing wan enable-local-traffic
set load-balancing wan disable-source-nat
set load-balancing wan flush-connections

-------------------

set policy route QOS_RULES
set policy route QOS_RULES description "QOS Rules"


set policy route QOS_RULES rule 100 source address 192.168.y.xxx/32
set policy route QOS_RULES rule 100 set dscp 38

set policy route QOS_RULES rule 131 source address 192.168.y.xxx/32
set policy route QOS_RULES rule 131 set dscp 26

set policy route QOS_RULES rule 132 source address 192.168.y.xxx/32
set policy route QOS_RULES rule 132 set dscp 26

set policy route QOS_RULES rule 133 source address 192.168.y.xxx/32
set policy route QOS_RULES rule 133 set dscp 26

set policy route QOS_RULES rule 134 source address 192.168.y.xxx/32
set policy route QOS_RULES rule 134 set dscp 26

set policy route QOS_RULES rule 135 source address 192.168.y.xxx/32
set policy route QOS_RULES rule 135 set dscp 26

set policy route QOS_RULES rule 136 source address 192.168.y.xxx/32
set policy route QOS_RULES rule 136 set dscp 26

set policy route QOS_RULES rule 161 source address 192.168.y.xxx/32
set policy route QOS_RULES rule 161 set dscp 14

set policy route QOS_RULES rule 162 source address 192.168.y.xxx/32
set policy route QOS_RULES rule 162 set dscp 14

set policy route QOS_RULES rule 171 source address 192.168.y.xxx/32
set policy route QOS_RULES rule 171 set dscp 10

set policy route QOS_RULES rule 199
set policy route QOS_RULES rule 199 source address 192.168.y.xxxx/24
set policy route QOS_RULES rule 199 set dscp 18

set interfaces ethernet eth0 policy route QOS_RULES

--------------------------------

I know the rules are working becasue when I do a SHOW POLICY I can see traffic hitting the various rules which means the dscp should be applied. and it show the condition correctly.

I then use the traffic-policy shaper basically following the example from the vyatta manual and several other locations to apply the below:

------------------------------------

set traffic-policy shaper Upload-Comcast description "Comcast Upload QOS"
set traffic-policy shaper Upload-Comcast bandwidth 29mbit

set traffic-policy shaper Upload-Comcast default bandwidth 40%
set traffic-policy shaper Upload-Comcast default ceiling 95%
rem set traffic-policy shaper Upload-Comcast default priority 4

set traffic-policy shaper Upload-Comcast class 10 description "Voice"
set traffic-policy shaper Upload-Comcast class 10 bandwidth 10%
set traffic-policy shaper Upload-Comcast class 10 ceiling 95%
set traffic-policy shaper Upload-Comcast class 10 match VOICE ip dscp 38

set traffic-policy shaper Upload-Comcast class 30 description "Video"
set traffic-policy shaper Upload-Comcast class 30 bandwidth 20%
set traffic-policy shaper Upload-Comcast class 30 ceiling 95%
set traffic-policy shaper Upload-Comcast class 30 match VIDEO ip dscp 26

set traffic-policy shaper Upload-Comcast class 60 description "Cloud Backups"
set traffic-policy shaper Upload-Comcast class 60 bandwidth 20%
set traffic-policy shaper Upload-Comcast class 60 ceiling 95%
set traffic-policy shaper Upload-Comcast class 60 match BACKUPS ip dscp 14

set traffic-policy shaper Upload-Comcast class 70 description "Bitorrent"
set traffic-policy shaper Upload-Comcast class 70 bandwidth 10%
set traffic-policy shaper Upload-Comcast class 70 ceiling 75%
set traffic-policy shaper Upload-Comcast class 70 match TORRENTS ip dscp 10

set interfaces ethernet eth1 traffic-policy out Upload-Comcast

----------------------------------

The problem is when I use the SHOW QUEUEING ETHERNET command I get the below output which show me that the outbound is all going to default class. Any help would be appreciated as I have been racking my brain for a few days now. 


eth0 Queueing:
Class      Policy                   Sent      Dropped    Overlimit      Backlog
root       [mq]               1630574341            0            0            0
1          default             707717599            0            0            0
2          default             161641936            0            0            0
3          default             649818700            0            0            0
4          default             111396106            0            0            0

eth1 Queueing:
Class      Policy                   Sent      Dropped    Overlimit      Backlog
root       shaper              204002131         1030       234407            0
10         fair-queue                  0            0            0            0
30         fair-queue                  0            0            0            0
60         fair-queue                  0            0            0            0
70         fair-queue                  0            0            0            0
default    fair-queue          204002131         1030            0            0

eth2 Queueing:
Class      Policy                   Sent      Dropped    Overlimit      Backlog
root       shaper               42596282          183        46425            0
10         fair-queue                  0            0            0            0
30         fair-queue                  0            0            0            0
60         fair-queue                  0            0            0            0
70         fair-queue                  0            0            0            0
default    fair-queue           42596282          183            0            0
--------------------------

As an FYI I had copied some defualt stuff form my EdgeRouter Lite and maybe I don't need it now:
set interfaces ethernet eth1 description COMCAST
set interfaces ethernet eth2 description UVERSE

set interfaces ethernet eth1 address dhcp
set interfaces ethernet eth2 address dhcp

set nat source rule 5001 outbound-interface eth1
set nat source rule 5001 description 'NAT masquerade for WAN'
set nat source rule 5001 translation address masquerade


set nat source rule 5002 outbound-interface eth2
set nat source rule 5002 description 'NAT masquerade for WAN'
set nat source rule 5002 translation address masquerade


Thasks in advance!
Reply

#2

When I do a show policy route statistics I get the blow. The drop rule is added by default and can not be removed. Seems that most traffic hits that rule as well, I thought these were evaluated in order and then only acted on when they are encountered?

 Active on (eth0,ROUTE)

rule  packets   bytes     action  source              destination
----  -------   -----     ------  ------              -----------
100   0         0                 192.168.0.161/32    0.0.0.0/0
131   0         0                 192.168.0.181/32    0.0.0.0/0
132   1.36K     77.42K            192.168.0.182/32    0.0.0.0/0
133   11        1.96K             192.168.0.183/32    0.0.0.0/0
134   0         0                 192.168.0.184/32    0.0.0.0/0
135   990       309.00K           192.168.0.185/32    0.0.0.0/0
136   0         0                 192.168.0.186/32    0.0.0.0/0
161   19        3.24K             192.168.0.191/32    0.0.0.0/0
162   8         2.44K             192.168.0.192/32    0.0.0.0/0
171   66        18.35K            192.168.0.170/32    0.0.0.0/0
199   4.23K     618.99K           192.168.0.0/24      0.0.0.0/0
10000 4.23K     618.99K   DROP    0.0.0.0/0           0.0.0.0/0
Reply

#3

OK I did a test and think I figured this out. Seem the rules get processed in order regardless, so my rule 199 was basically setting everything back to 1 dscp. I added that rule to the beginning to set all packets to a default dscp then as they traverse the remaining rules they get set if they meet the match. I assumed the policy route rules were processed lieka firewall, btu it seems they all get processed on every packet. I now see traffic hitting the different outbound classes. Not to see if I can generate enough traffic to test them.
Reply

#4

I think this goes all the way back to Vyatta 5. If a policy route rule matches the current packet, and that rule includes 'set table', then the subsequent policy rules are not considered. If that rule includes any other 'set' options (dscp, mark, tcp-mss), the packet is modified and the subsequent policy rules are considered. So you can do something like:

Code:
set policy route xx rule 2 $$MATCH_CONDITIONS
set policy route xx rule 2 set dscp 10
set policy route xx rule 3 $$MATCH_CONDITIONS
set policy route xx rule 3 set table main

where every rule is duplicated, and the second copy sets the routing table just as a way to stop the evaluation of the subsequent rules.
Reply





Users browsing this thread:
1 Guest(s)