diff options
Diffstat (limited to 'docs')
| -rw-r--r-- | docs/configuration/trafficpolicy/index.rst | 86 | 
1 files changed, 55 insertions, 31 deletions
| diff --git a/docs/configuration/trafficpolicy/index.rst b/docs/configuration/trafficpolicy/index.rst index babccd6f..856ae01c 100644 --- a/docs/configuration/trafficpolicy/index.rst +++ b/docs/configuration/trafficpolicy/index.rst @@ -119,8 +119,8 @@ Matching traffic  ----------------  In order to define which traffic goes into which class, you define -filters (that is, the matching criteria). Packets go through these matching rules -(as in the rules of a firewall) and, if a packet matches the filter, it +filters (that is, the matching criteria). Packets go through these matching +rules (as in the rules of a firewall) and, if a packet matches the filter, it  is assigned to that class.  In VyOS, a class is identified by a number you can choose when @@ -194,7 +194,8 @@ different parameters you can configure.  As shown in the example above, one of the possibilities to match packets -is based on marks done by the firewall, `that can give you a great deal of flexibility`_. +is based on marks done by the firewall, +`that can give you a great deal of flexibility`_.  You can also write a description for a filter: @@ -204,12 +205,12 @@ You can also write a description for a filter: -.. note:: An IPv4 TCP filter will only match packets with an IPv4 header length of -   20 bytes (which is the majority of IPv4 packets anyway). +.. note:: An IPv4 TCP filter will only match packets with an IPv4 header +   length of 20 bytes (which is the majority of IPv4 packets anyway). -.. note:: IPv6 TCP filters will only match IPv6 packets with no header extension, see -   https://en.wikipedia.org/wiki/IPv6_packet#Extension_headers +.. note:: IPv6 TCP filters will only match IPv6 packets with no header +   extension, see https://en.wikipedia.org/wiki/IPv6_packet#Extension_headers  Default @@ -250,9 +251,9 @@ possibilities depending on the Traffic Policy you are configuring.        target       fq-codel - Acceptable minimum queue delay (milliseconds) -For instance, with :code:`set traffic-policy shaper MY-SHAPER class 30 set-dscp EF` -you would be modifying the DSCP field value of packets in that class to -Expedite Forwarding. +For instance, with :code:`set traffic-policy shaper MY-SHAPER +class 30 set-dscp EF` you would be modifying the DSCP field value of packets in +that class to Expedite Forwarding.    DSCP values as per :rfc:`2474` and :rfc:`4595`: @@ -371,7 +372,8 @@ This is the policy that requieres the lowest resources for the same  amount of traffic. But **very likely you do not need it as you cannot  get much from it. Sometimes it is used just to enable logging.** -.. cfgcmd:: set traffic-policy drop-tail <policy-name> queue-limit <number-of-packets> +.. cfgcmd:: set traffic-policy drop-tail <policy-name> queue-limit +   <number-of-packets>     Use this command to configure a drop-tail policy (PFIFO). Choose a     unique name for this policy and the size of the queue by setting the @@ -509,7 +511,8 @@ and increase `interval` to something around 150 ms.     persistent queue is developing, ensuring that the measured minimum     delay does not become too stale (default: 100ms). -.. cfgcmd:: set traffic-policy fq-codel <policy-name> queue-limit <number-of-packets>` +.. cfgcmd:: set traffic-policy fq-codel <policy-name> queue-limit +   <number-of-packets>`     Use this command to configure an fq-codel policy, set its name, and     define a hard limit on the real queue size. When this limit is @@ -562,7 +565,8 @@ the configured classes.    **inbound** traffic, check the ingress-shaping_ section. -.. cfgcmd:: set traffic-policy limiter <policy-name> class <class ID> match <match-name> description <description> +.. cfgcmd:: set traffic-policy limiter <policy-name> class <class ID> match +   <match-name> description <description>     Use this command to configure an Ingress Policer, defining its name,     a class identifier (1-4090), a class matching rule name and its @@ -573,14 +577,16 @@ Once the matching rules are set for a class, you can start configuring  how you want matching traffic to behave. -.. cfgcmd:: set traffic-policy limiter <policy-name> class <class-ID> bandwidth <rate> +.. cfgcmd:: set traffic-policy limiter <policy-name> class <class-ID> bandwidth +   <rate>     Use this command to configure an Ingress Policer, defining its name,     a class identifier (1-4090) and the maximum allowed bandwidth for     this class. -.. cfgcmd:: set traffic-policy limiter <policy-name> class <class-ID> burst <burst-size> +.. cfgcmd:: set traffic-policy limiter <policy-name> class <class-ID> burst +   <burst-size>     Use this command to configure an Ingress Policer, defining its name,     a class identifier (1-4090) and the burst size in bytes for this @@ -599,7 +605,8 @@ how you want matching traffic to behave.     and the burst size in bytes (default: 15) for its default policy. -.. cfgcmd:: set traffic-policy limiter <policy-name> class <class ID> priority <value> +.. cfgcmd:: set traffic-policy limiter <policy-name> class <class ID> priority +   <value>     Use this command to configure an Ingress Policer, defining its name,     a class identifier (1-4090), and the priority (0-20, default 20) in @@ -636,7 +643,8 @@ under certain network conditions.     Token Bucket Filter qdisc). Default:15kb. It will only take effect if     you have configured its bandwidth too. -.. cfgcmd:: set traffic-policy network-emulator <policy-name> network-delay <delay> +.. cfgcmd:: set traffic-policy network-emulator <policy-name> network-delay +   <delay>     Use this command to configure a Network Emulator policy defining its     name and the fixed amount of time you want to add to all packet going @@ -645,26 +653,30 @@ under certain network conditions.     configured its bandwidth too. You can use secs, ms and us. Default:     50ms. -.. cfgcmd:: set traffic-policy network-emulator <policy-name> packet-corruption <percent> +.. cfgcmd:: set traffic-policy network-emulator <policy-name> packet-corruption +   <percent>     Use this command to emulate noise in a Network Emulator policy. Set     the policy name and the percentage of corrupted packets you want. A     random error will be introduced in a random position for the chosen     percent of packets. -.. cfgcmd:: set traffic-policy network-emulator <policy-name> packet-loss <percent>` +.. cfgcmd:: set traffic-policy network-emulator <policy-name> packet-loss +   <percent>     Use this command to emulate packet-loss conditions in a Network     Emulator policy. Set the policy name and the percentage of loss     packets your traffic will suffer. -.. cfgcmd:: set traffic-policy network-emulator <policy-name> packet-reordering <percent>` +.. cfgcmd:: set traffic-policy network-emulator <policy-name> packet-reordering +   <percent>     Use this command to emulate packet-reordering conditions in a Network     Emulator policy. Set the policy name and the percentage of reordered     packets your traffic will suffer. -.. cfgcmd:: set traffic-policy network-emulator <policy-name> queue-limit <limit> +.. cfgcmd:: set traffic-policy network-emulator <policy-name> queue-limit +   <limit>     Use this command to define the length of the queue of your Network     Emulator policy. Set the policy name and the maximum number of @@ -735,7 +747,8 @@ setting:                     Random Early Detection (RED) -.. cfgcmd:: set traffic-policy priority-queue <policy-name> class <class-ID>  queue-limit <limit>` +.. cfgcmd:: set traffic-policy priority-queue <policy-name> class <class-ID>  +   queue-limit <limit>`     Use this command to configure a Priority Queue policy, set its name,     set a class with a priority from 1 to 7 and define a hard limit on @@ -804,7 +817,8 @@ algorithm might be to prevent a backbone overload. But only for TCP     set to the bandwidth of your interface. Random Detect is not a     shaping policy, this command will not shape. -.. cfgcmd:: set traffic-policy random-detect <policy-name> precedence <IP-precedence-value> average-packet <bytes> +.. cfgcmd:: set traffic-policy random-detect <policy-name> precedence +   <IP-precedence-value> average-packet <bytes>     Use this command to configure a Random-Detect policy and set its     name, then state the IP Precedence for the virtual queue you are @@ -814,7 +828,8 @@ algorithm might be to prevent a backbone overload. But only for TCP  .. note:: When configuring a Random-Detect policy: **the higher the     precedence number, the higher the priority**. -.. cfgcmd:: set traffic-policy random-detect <policy-name> precedence <IP-precedence-value> mark-probability <value> +.. cfgcmd:: set traffic-policy random-detect <policy-name> precedence +   <IP-precedence-value> mark-probability <value>     Use this command to configure a Random-Detect policy and set its     name, then state the IP Precedence for the virtual queue you are @@ -822,7 +837,8 @@ algorithm might be to prevent a backbone overload. But only for TCP     probability by giving the N value of the fraction 1/N (default: 10). -.. cfgcmd:: set traffic-policy random-detect <policy-name> precedence <IP-precedence-value> maximum-threshold <packets> +.. cfgcmd:: set traffic-policy random-detect <policy-name> precedence +   <IP-precedence-value> maximum-threshold <packets>     Use this command to configure a Random-Detect policy and set its     name, then state the IP Precedence for the virtual queue you are @@ -830,7 +846,8 @@ algorithm might be to prevent a backbone overload. But only for TCP     be (from 0 to 4096 packets, default: 18). At this size, the marking     (drop) probability is maximal. -.. cfgcmd:: set traffic-policy random-detect <policy-name> precedence <IP-precedence-value> minimum-threshold <packets> +.. cfgcmd:: set traffic-policy random-detect <policy-name> precedence +   <IP-precedence-value> minimum-threshold <packets>     Use this command to configure a Random-Detect policy and set its     name, then state the IP Precedence for the virtual queue you are @@ -862,7 +879,8 @@ The default values for the minimum-threshold depend on IP precedence:   +------------+-----------------------+ -.. cfgcmd:: set traffic-policy random-detect <policy-name> precedence <IP-precedence-value> queue-limit <packets> +.. cfgcmd:: set traffic-policy random-detect <policy-name> precedence +   <IP-precedence-value> queue-limit <packets>     Use this command to configure a Random-Detect policy and set its     name, then name the IP Precedence for the virtual queue you are @@ -1023,25 +1041,29 @@ the higher the priority.     and the maximum bandwidth for all combined traffic. -.. cfgcmd:: set traffic-policy shaper <policy-name> class <class-ID> bandwidth <rate> +.. cfgcmd:: set traffic-policy shaper <policy-name> class <class-ID> bandwidth +   <rate>     Use this command to configure a Shaper policy, set its name, define     a class and set the guaranteed traffic you want to allocate to that     class. -.. cfgcmd:: set traffic-policy shaper <policy-name> class <class-ID> burst <bytes> +.. cfgcmd:: set traffic-policy shaper <policy-name> class <class-ID> burst +   <bytes>     Use this command to configure a Shaper policy, set its name, define     a class and set the size of the `tocken bucket`_ in bytes, which will     be available to be sent at ceiling speed (default: 15Kb). -.. cfgcmd:: set traffic-policy shaper <policy-name> class <class-ID> ceiling <bandwidth> +.. cfgcmd:: set traffic-policy shaper <policy-name> class <class-ID> ceiling +   <bandwidth>     Use this command to configure a Shaper policy, set its name, define     a class and set the maximum speed possible for this class. The     default ceiling value is the bandwidth value. -.. cfgcmd:: set traffic-policy shaper <policy-name> class <class-ID> priority <0-7> +.. cfgcmd:: set traffic-policy shaper <policy-name> class <class-ID> priority +   <0-7>     Use this command to configure a Shaper policy, set its name, define     a class and set the priority for usage of available bandwidth once @@ -1195,8 +1217,10 @@ That is how it is possible to do the so-called "ingress shaping".    which can be solved with ``sudo ip link delete ifb0``. +.. stop_vyoslinter  .. _that can give you a great deal of flexibility: https://blog.vyos.io/using-the-policy-route-and-packet-marking-for-custom-qos-matches  .. _tc: https://en.wikipedia.org/wiki/Tc_(Linux)  .. _tocken bucket: https://en.wikipedia.org/wiki/Token_bucket  .. _HFSC: https://en.wikipedia.org/wiki/Hierarchical_fair-service_curve  .. _Intermediate Functional Block: https://www.linuxfoundation.org/collaborate/workgroups/networking/ifb +.. start_vyoslinter
\ No newline at end of file | 
