In some cases, QoS policy shaper can generate unexpected tc filter rate rules, based on the unexpected default value of interface speed (1000mbit)
Configuration to reproduce:
touch /tmp/vyos.qos.debug set qos policy shaper SHAPE bandwidth '710mbit' set qos policy shaper SHAPE class 5 bandwidth '2%' set qos policy shaper SHAPE class 5 match tiny4 ip tcp syn set qos policy shaper SHAPE class 10 bandwidth '1%' set qos policy shaper SHAPE class 10 match dns ip protocol 'udp' set qos policy shaper SHAPE default bandwidth '95%' set qos policy shaper SHAPE default ceiling '100%' set qos policy shaper SHAPE default codel-quantum '8000' set qos interface eth1 egress SHAPE commit
After committing we can see 2 Warnings
WARNING: Interface speed cannot be determined (assuming 1000 Mbit/s)
That is strange because we set the speed manually to 710mbit
{'bandwidth': '710mbit', 'class': {'10': {'bandwidth': '1%', 'burst': '15k', 'codel_quantum': '1514', 'flows': '1024', 'interval': '100', 'match': {'dns': {'ip': {'protocol': 'udp'}}}, 'queue_type': 'fq-codel', 'target': '5'}, '5': {'bandwidth': '2%', 'burst': '15k', 'codel_quantum': '1514', 'flows': '1024', 'interval': '100', 'match': {'tiny4': {'ip': {'tcp': {'syn': {}}}}}, 'queue_type': 'fq-codel', 'target': '5'}}, 'default': {'bandwidth': '95%', 'burst': '15k', 'ceiling': '100%', 'codel_quantum': '8000', 'flows': '1024', 'interval': '100', 'priority': '20', 'queue_type': 'fq-codel', 'target': '5'}} DEBUG/QoS: tc qdisc replace dev eth1 root handle 1: htb r2q 444 default b DEBUG/QoS: tc class replace dev eth1 parent 1: classid 1:1 htb rate 710000000 DEBUG/QoS: tc class replace dev eth1 parent 1:1 classid 1:5 htb rate 14200000 burst 15k quantum 1514 DEBUG/QoS: tc qdisc replace dev eth1 parent 1:5 sfq DEBUG/QoS: tc class replace dev eth1 parent 1:1 classid 1:a htb rate 7100000 burst 15k quantum 1514 DEBUG/QoS: tc qdisc replace dev eth1 parent 1:a sfq DEBUG/QoS: tc class replace dev eth1 parent 1:1 classid 1:b htb rate 674500000 burst 15k quantum 8000 prio 20 ceil 710000000 DEBUG/QoS: tc qdisc replace dev eth1 parent 1:b sfq DEBUG/QoS: tc qdisc replace dev eth1 parent 1:5 fq_codel quantum 1514 flows 1024 interval 100 interval 100 target 5 noecn DEBUG/QoS: tc filter add dev eth1 parent 1: protocol all prio 1 u32 match u8 0x2 0x2 at 33 flowid 1:5 WARNING: Interface speed cannot be determined (assuming 1000 Mbit/s) DEBUG/QoS: tc filter add dev eth1 parent 1: protocol all prio 1 u32 match u8 0x2 0x2 at 33 flowid 1:5 action police rate 20000000 burst 15k flowid 1:5 <======== Unexpected rule with calculation 2 % of 1000mbit speed DEBUG/QoS: tc qdisc replace dev eth1 parent 1:a fq_codel quantum 1514 flows 1024 interval 100 interval 100 target 5 noecn DEBUG/QoS: tc filter add dev eth1 parent 1: protocol all prio 1 u32 match ip protocol 17 0xff flowid 1:a WARNING: Interface speed cannot be determined (assuming 1000 Mbit/s) DEBUG/QoS: tc filter add dev eth1 parent 1: protocol all prio 1 u32 match ip protocol 17 0xff flowid 1:a action police rate 10000000 burst 15k flowid 1:a <======== Unexpected rule with calculation 1 % of 1000mbit speed DEBUG/QoS: tc qdisc replace dev eth1 parent 1:b fq_codel quantum 8000 flows 1024 interval 100 interval 100 target 5 noecn
In 1.3, we do not have those 2 tc filter rules (after each Warning)
tc filter add dev eth1 parent 1: protocol all prio 1 u32 match u8 0x2 0x2 at 33 flowid 1:5 action police rate 20000000 burst 15k flowid 1:5 tc filter add dev eth1 parent 1: protocol all prio 1 u32 match ip protocol 17 0xff flowid 1:a action police rate 10000000 burst 15k flowid 1:a
As we have proper filter flows to their classes:
tc filter add dev eth1 parent 1: protocol all prio 1 u32 match u8 0x2 0x2 at 33 flowid 1:5 tc filter add dev eth1 parent 1: protocol all prio 1 u32 match ip protocol 17 0xff flowid 1:a