summaryrefslogtreecommitdiff
path: root/docs/configuration/trafficpolicy/index.rst
diff options
context:
space:
mode:
authorChristian Breunig <christian@breunig.cc>2024-06-13 07:21:32 +0200
committerGitHub <noreply@github.com>2024-06-13 07:21:32 +0200
commit23d4af4ee676611f111bd684af125bcbfc279740 (patch)
tree6c37af7d92ab4d6c691f65bae79aae732966a578 /docs/configuration/trafficpolicy/index.rst
parentb09dc4e30f81865877702b4194043273864c68ca (diff)
parentdacd5ca4750d4a104abe5942a9d33f96bc1ec029 (diff)
downloadvyos-documentation-23d4af4ee676611f111bd684af125bcbfc279740.tar.gz
vyos-documentation-23d4af4ee676611f111bd684af125bcbfc279740.zip
Merge pull request #1480 from vyos/mergify/bp/sagitta/pr-1479
T5307: Add doc for traffic match groups (backport #1479)
Diffstat (limited to 'docs/configuration/trafficpolicy/index.rst')
-rw-r--r--docs/configuration/trafficpolicy/index.rst50
1 files changed, 50 insertions, 0 deletions
diff --git a/docs/configuration/trafficpolicy/index.rst b/docs/configuration/trafficpolicy/index.rst
index d435267d..3fb9a9bc 100644
--- a/docs/configuration/trafficpolicy/index.rst
+++ b/docs/configuration/trafficpolicy/index.rst
@@ -212,6 +212,56 @@ You can also write a description for a filter:
.. note:: IPv6 TCP filters will only match IPv6 packets with no header
extension, see https://en.wikipedia.org/wiki/IPv6_packet#Extension_headers
+Traffic Match Group
+-------------------
+In some case where we need to have an organization of our matching selection,
+in order to be more flexible and organize with our filter definition. We can
+apply traffic match groups, allowing us to create distinct filter groups within
+our policy and define various parameters for each group:
+
+.. code-block:: none
+
+ set qos traffic-match-group <group_name> match <match_name>
+ Possible completions:
+ description Description
+ > ip Match IP protocol header
+ > ipv6 Match IPv6 protocol header
+ mark Match on mark applied by firewall
+ vif Virtual Local Area Network (VLAN) ID for this match
+
+inherit matches from another group
+
+.. code-block:: none
+
+ set qos traffic-match-group <group_name> match-group <match_group_name>
+
+A match group can contain multiple criteria and inherit them in the same policy.
+
+For example:
+
+.. code-block:: none
+
+ set qos traffic-match-group Mission-Critical match AF31 ip dscp 'AF31'
+ set qos traffic-match-group Mission-Critical match AF32 ip dscp 'AF42'
+ set qos traffic-match-group Mission-Critical match CS3 ip dscp 'CS3'
+ set qos traffic-match-group Streaming-Video match AF11 ip dscp 'AF11'
+ set qos traffic-match-group Streaming-Video match AF41 ip dscp 'AF41'
+ set qos traffic-match-group Streaming-Video match AF43 ip dscp 'AF43'
+ set qos policy shaper VyOS-HTB class 10 bandwidth '30%'
+ set qos policy shaper VyOS-HTB class 10 description 'Multimedia'
+ set qos policy shaper VyOS-HTB class 10 match CS4 ip dscp 'CS4'
+ set qos policy shaper VyOS-HTB class 10 match-group 'Streaming-Video'
+ set qos policy shaper VyOS-HTB class 10 priority '1'
+ set qos policy shaper VyOS-HTB class 10 queue-type 'fair-queue'
+ set qos policy shaper VyOS-HTB class 20 description 'MC'
+ set qos policy shaper VyOS-HTB class 20 match-group 'Mission-Critical'
+ set qos policy shaper VyOS-HTB class 20 priority '2'
+ set qos policy shaper VyOS-HTB class 20 queue-type 'fair-queue'
+ set qos policy shaper VyOS-HTB default bandwidth '20%'
+ set qos policy shaper VyOS-HTB default queue-type 'fq-codel'
+
+In this example, we can observe that different DSCP criteria are defined based
+on our QoS configuration within the same policy group.
Default
-------