diff options
| author | Christian Breunig <christian@breunig.cc> | 2024-06-13 07:19:21 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-06-13 07:19:21 +0200 |
| commit | 03b87236bb358058f6e23b682676b43387319055 (patch) | |
| tree | 38dfc440da97b3311cd5d31e0dd0992ea1ce5825 /docs | |
| parent | b9ff99942d10c8dac66875fd38a8b28c34d3321f (diff) | |
| parent | 4f71374b273cb0b0f2f181563134324f1d7e57fc (diff) | |
| download | vyos-documentation-03b87236bb358058f6e23b682676b43387319055.tar.gz vyos-documentation-03b87236bb358058f6e23b682676b43387319055.zip | |
Merge pull request #1479 from fett0/add-traffic-match
T5307: Add doc for traffic match groups
Diffstat (limited to 'docs')
| -rw-r--r-- | docs/configuration/trafficpolicy/index.rst | 50 |
1 files changed, 50 insertions, 0 deletions
diff --git a/docs/configuration/trafficpolicy/index.rst b/docs/configuration/trafficpolicy/index.rst index f99c2a66..5414ce77 100644 --- a/docs/configuration/trafficpolicy/index.rst +++ b/docs/configuration/trafficpolicy/index.rst @@ -212,6 +212,56 @@ You can also write a description for a filter: .. note:: IPv6 TCP filters will only match IPv6 packets with no header extension, see https://en.wikipedia.org/wiki/IPv6_packet#Extension_headers +Traffic Match Group +------------------- +In some case where we need to have an organization of our matching selection, +in order to be more flexible and organize with our filter definition. We can +apply traffic match groups, allowing us to create distinct filter groups within +our policy and define various parameters for each group: + +.. code-block:: none + + set qos traffic-match-group <group_name> match <match_name> + Possible completions: + description Description + > ip Match IP protocol header + > ipv6 Match IPv6 protocol header + mark Match on mark applied by firewall + vif Virtual Local Area Network (VLAN) ID for this match + +inherit matches from another group + +.. code-block:: none + + set qos traffic-match-group <group_name> match-group <match_group_name> + +A match group can contain multiple criteria and inherit them in the same policy. + +For example: + +.. code-block:: none + + set qos traffic-match-group Mission-Critical match AF31 ip dscp 'AF31' + set qos traffic-match-group Mission-Critical match AF32 ip dscp 'AF42' + set qos traffic-match-group Mission-Critical match CS3 ip dscp 'CS3' + set qos traffic-match-group Streaming-Video match AF11 ip dscp 'AF11' + set qos traffic-match-group Streaming-Video match AF41 ip dscp 'AF41' + set qos traffic-match-group Streaming-Video match AF43 ip dscp 'AF43' + set qos policy shaper VyOS-HTB class 10 bandwidth '30%' + set qos policy shaper VyOS-HTB class 10 description 'Multimedia' + set qos policy shaper VyOS-HTB class 10 match CS4 ip dscp 'CS4' + set qos policy shaper VyOS-HTB class 10 match-group 'Streaming-Video' + set qos policy shaper VyOS-HTB class 10 priority '1' + set qos policy shaper VyOS-HTB class 10 queue-type 'fair-queue' + set qos policy shaper VyOS-HTB class 20 description 'MC' + set qos policy shaper VyOS-HTB class 20 match-group 'Mission-Critical' + set qos policy shaper VyOS-HTB class 20 priority '2' + set qos policy shaper VyOS-HTB class 20 queue-type 'fair-queue' + set qos policy shaper VyOS-HTB default bandwidth '20%' + set qos policy shaper VyOS-HTB default queue-type 'fq-codel' + +In this example, we can observe that different DSCP criteria are defined based +on our QoS configuration within the same policy group. Default ------- |