Page MenuHomeVyOS Platform
Create Task
Maniphest T2971

Provide a CLI solution for Ingress Shaping when there is SNAT
Open, LowPublicFEATURE REQUEST
Actions

Description

When both SNAT and an outbound traffic-policy have been configured, translations will happen before traffic policy comes into action. So, if a traffic-policy has been configured to classify traffic according to addresses, that will not work, as traffic-policy will see translated addresses. So very likely all the traffic will end up in its default class.

Fortunately that can be solved by VyOS CLI, as explained here.

Without SNAT, VyOS CLI also allows you to configure "ingress shaping" through an IFB. Here is the explanation.

The missing part is a CLI solution for an inbound traffic-policy when there is SNAT. I have not found the way to configure it through CLI.

As it is perfectly possible to successfully have Ingress Shaping with SNAT as explained here, it would be nice to fill that CLI gap in order to have a complete QoS solution for the most common scenarios.

Details

Difficulty level
Unknown (require assessment)
Version
1.2.x ; 1.3 ; qos ; tc
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Unspecified (possibly destroys the router)
Issue type
Unspecified (please specify)

Related Objects
Search...

Event Timeline

Unknown Object (User) created this task.Oct 8 2020, 9:25 PM
Unknown Object (User) renamed this task from Provide a CLI solution for Ingress Shaping when there is SNAT. to Provide a CLI solution for Ingress Shaping when there is SNAT.Oct 8 2020, 9:53 PM
Unknown Object (User) updated the task description. (Show Details)
Unknown Object (User) updated the task description. (Show Details)Oct 8 2020, 10:06 PM
Unknown Object (User) added a project: VyOS 1.3 Equuleus.
Unknown Object (User) changed Version from - to 1.2.x ; 1.3 ; qos ; tc.
Unknown Object (User) added a comment.Oct 8 2020, 10:21 PM

https://forum.openwrt.org/t/ingress-traffic-shaping-with-snat/40226

fegauthier awarded a token.Oct 9 2020, 1:27 AM
pasik added a subscriber: pasik.Oct 9 2020, 6:25 AM
fegauthier added a subscriber: fegauthier.Oct 9 2020, 1:03 PM
Unknown Object (User) updated the task description. (Show Details)Oct 13 2020, 10:45 AM
Unknown Object (User) updated the task description. (Show Details)Oct 13 2020, 10:48 AM
Unknown Object (User) updated the task description. (Show Details)Oct 13 2020, 10:51 AM
Unknown Object (User) added a comment.Oct 15 2020, 4:19 PM

https://forum.vyos.io/t/limit-bandwith-for-indivindual-ips-on-1-2-5/5947/30?u=s.lorente

Unknown Object (User) added a comment.Oct 26 2020, 9:35 AM

Once this task is solved, QoS documentation should include a subsection about NAT, explaining the procedure for both outbound and inbound traffic.

Unknown Object (User) updated the task description. (Show Details)Nov 11 2020, 7:39 AM
Unknown Object (User) mentioned this in T3058: Once T2971 is fixed: Document QoS & NAT for inbound and outbound traffic for Crux and 1.3.Nov 11 2020, 7:45 AM
syncer edited projects, added VyOS 1.3 Equuleus (1.3.0); removed VyOS 1.3 Equuleus.Nov 6 2021, 11:24 AM
syncer edited projects, added VyOS 1.3 Equuleus (1.3.3); removed VyOS 1.3 Equuleus (1.3.0).Aug 29 2022, 7:04 AM
syncer edited projects, added VyOS 1.3 Equuleus (1.3.4); removed VyOS 1.3 Equuleus (1.3.3).Jul 12 2023, 9:40 PM
syncer edited projects, added VyOS 1.3 Equuleus (1.3.5); removed VyOS 1.3 Equuleus (1.3.4).Aug 25 2023, 9:29 PM
Viacheslav edited projects, added VyOS 1.4 Sagitta; removed VyOS 1.3 Equuleus (1.3.5), VyOS 1.2 Crux.Aug 29 2023, 7:32 AM
Viacheslav closed subtask T3058: Once T2971 is fixed: Document QoS & NAT for inbound and outbound traffic for Crux and 1.3 as Invalid.Aug 29 2023, 11:09 AM
dmbaturin triaged this task as Low priority.Jan 9 2024, 8:17 PM
dmbaturin added a project: VyOS 1.5 Circinus.
dmbaturin set Issue type to Unspecified (please specify).
giuavo added a subscriber: giuavo.Jan 13 2024, 3:37 PM
dmbaturin removed a project: VyOS 1.4 Sagitta.Fri, Apr 12, 3:08 PM