The flow isolation parameters for the CAKE policy are being incorrectly configured. A single CAKE policy should only allow one flow isolation type, but the current VyOS configuration allows multiple values to be set simultaneously. Additionally, once the policy is applied, these parameters do not change upon subsequent configuration updates.
step to reproduce:
# tc -d qdisc show dev eth1 qdisc fq_codel 0: root refcnt 2 limit 10240p flows 1024 quantum 1514 target 5ms interval 100ms memory_limit 32Mb ecn drop_batch 64
set qos interface eth1 egress 'cake_test' set qos policy cake cake_test bandwidth '100%' set qos policy cake cake_test description 'test cake policy' commit # tc -d qdisc show dev eth1 qdisc cake 1: root refcnt 2 bandwidth 10Gbit diffserv3 triple-isolate nonat nowash no-ack-filter split-gso rtt 100ms raw overhead 0 set qos policy cake cake_test flow-isolation host commit # tc -d qdisc show dev eth1 qdisc cake 1: root refcnt 2 bandwidth 10Gbit diffserv3 hosts nonat nowash no-ack-filter split-gso rtt 100ms raw overhead 0
but following changes is not apply
set qos policy cake cake_test flow-isolation nat commit # tc -d qdisc show dev eth1 qdisc cake 1: root refcnt 2 bandwidth 10Gbit diffserv3 hosts nonat nowash no-ack-filter split-gso rtt 100ms raw overhead 0 set qos policy cake cake_test flow-isolation triple-isolate commit # tc -d qdisc show dev eth1 qdisc cake 1: root refcnt 2 bandwidth 10Gbit diffserv3 hosts nonat nowash no-ack-filter split-gso rtt 100ms raw overhead 0
vyos@vyos# show qos interface eth1 { egress cake_test } policy { cake cake_test { bandwidth 100% description "test cake policy" flow-isolation { host nat triple-isolate } } }