Ingress traffic shaping profile 6.4.7
Previously, traffic shaping using a shaping profile could only be applied to an interface in the egress traffic direction. This feature enables a shaping profile to be applied to an interface for traffic in the ingress direction. Similar to an egress traffic shaping profile, the guaranteed bandwidth and priority of the profile will be respected when an interface receives inbound traffic. When congestion occurs, any remaining bandwidth will be allotted to classes based on priority.
|
Ingress traffic shaping does not support NPU offloading. |
Example
In this example, the port2 interface has a total inbound bandwidth of 100 Mbps. Traffic from certain clients to certain servers are assigned different classes.
IPv6 traffic from any client PCs to server PCs is assigned class 5.
For each class, the priority, guaranteed bandwidth, and maximum bandwidth are as follows:
|
Class |
Priority |
Guaranteed bandwidth |
Maximum bandwidth |
|---|---|---|---|
|
2 |
Low |
10% |
60% |
|
3 |
High |
20% |
100% |
|
4 |
High |
30% |
100% |
|
5 |
Medium |
10% |
50% |
Bandwidth will first be allotted to each class according to its guaranteed bandwidth. Then remaining available bandwidth will be allotted to class 3 and 4 first based on their priority. The allocation will be proportional to their guaranteed bandwidth ratio.
To configure ingress traffic shaping:
- Configure the client and server addresses:
config firewall address edit "pc1" set subnet 10.1.100.11 255.255.255.255 next edit "pc2" set subnet 10.1.100.22 255.255.255.255 next edit "pc4" set subnet 172.16.200.44 255.255.255.255 next edit "pc5" set subnet 172.16.200.55 255.255.255.255 next end - Configure the class IDs:
config firewall traffic-class edit 2 set class-name "class2" next edit 3 set class-name "class3" next edit 4 set class-name "class4" next edit 4 set class-name "class5" next end - Configure traffic shaping policies to assign classes to each group of traffic.
- Configure a policy to assign traffic from PC1 to PC4 in class 2:
config firewall shaping-policy edit 1 set name "shaping policy 1" set service "ALL" set dstintf "wan1" set class-id 2 set srcaddr "pc1" set dstaddr "pc4" next end - Configure a policy to assign traffic from PC2 to PC4 in class 3:
config firewall shaping-policy edit 2 set name "shaping policy 2" set service "ALL" set dstintf "wan1" set class-id 3 set srcaddr "pc2" set dstaddr "pc4" next end - Configure a policy to assign traffic from PC2 to PC5 in class 4:
config firewall shaping-policy edit 3 set name "shaping policy 3" set service "ALL" set dstintf "wan1" set class-id 4 set srcaddr "pc2" set dstaddr "pc5" next end - Configure a policy to assign all IPv6 traffic to class 5:
config firewall shaping-policy edit 4 set name "shaping policy 4" set ip-version 6 set service "ALL" set dstintf "wan1" set class-id 5 set srcaddr6 "all" set dstaddr6 "all" next end
- Configure a policy to assign traffic from PC1 to PC4 in class 2:
- Configure a shaping profile to set the priority, and the guaranteed and maximum bandwidth percentages for each class:
config firewall shaping-profile edit "ingShapeProfile" set default-class-id 2 config shaping-entries edit 2 set class-id 2 set priority low set guaranteed-bandwidth-percentage 10 set maximum-bandwidth-percentage 60 next edit 3 set class-id 3 set guaranteed-bandwidth-percentage 20 set maximum-bandwidth-percentage 100 next edit 4 set class-id 4 set guaranteed-bandwidth-percentage 30 set maximum-bandwidth-percentage 100 next edit 5 set class-id 5 set priority medium set guaranteed-bandwidth-percentage 10 set maximum-bandwidth-percentage 50 next end next end - Configure the inbandwidth and apply the ingress shaping profile on port2:
config system interface edit "port2" set ip 10.1.100.1 255.255.255.0 set inbandwidth 100000 set ingress-shaping-profile "ingShapeProfile" config ipv6 set ip6-address 2000:10:1:100::1/64 end next endInbandwidth must be configured for traffic shaping to take effect.
- Configure a firewall policy to allow traffic to go through. Since traffic shaping is for inbound traffic on port2, the policy is defined from port2 to wan1:
config firewall policy edit 2 set srcintf "port2" set dstintf "wan1" set action accept set srcaddr "all" set dstaddr "all" set srcaddr6 "all" set dstaddr6 "all" set schedule "always" set service "ALL" set logtraffic all set auto-asic-offload disable set nat enable next endNPU must be disabled by configuring
set auto-asic-offload disable.
Verifying that the traffic is being shaped
In each of the following cases, the server PCs (PC4 and PC5) are configured as iPerf servers. The client PCs (PC1 and PC2) are configured as iPerf clients. The client sends traffic to the server from the client to server direction, triggering inbound traffic shaping on the port2 interface. The inbound bandwidth on port2 is 100 Mbps.
Case 1: single stream, PC1 to PC4
Traffic is sent from PC1 to PC4. There is no other traffic. Traffic is marked with class ID 2 and allocated the maximum bandwidth 60 Mbps (60%).
# diagnose netlink interface list port2
if=port2 family=00 type=1 index=20 mtu=1500 link=0 master=0
ref=25 state=start present fw_flags=3800 flags=up broadcast run multicast
Qdisc=mq hw_addr=70:4c:a5:7d:d4:95 broadcast_addr=ff:ff:ff:ff:ff:ff
ingress traffic control:
bandwidth=100000(kbps) lock_hit=50 default_class=2 n_active_class=4
class-id=2 allocated-bandwidth=60000(kbps) guaranteed-bandwidth=10000(kbps)
max-bandwidth=60000(kbps) current-bandwidth=60002(kbps)
priority=low forwarded_bytes=58157K
dropped_packets=94K dropped_bytes=125385K
class-id=5 allocated-bandwidth=1000(kbps) guaranteed-bandwidth=10000(kbps)
max-bandwidth=50000(kbps) current-bandwidth=0(kbps)
priority=medium forwarded_bytes=0
dropped_packets=0 dropped_bytes=0
class-id=3 allocated-bandwidth=15000(kbps) guaranteed-bandwidth=20000(kbps)
max-bandwidth=100000(kbps) current-bandwidth=0(kbps)
priority=high forwarded_bytes=0
dropped_packets=0 dropped_bytes=0
class-id=4 allocated-bandwidth=24000(kbps) guaranteed-bandwidth=30000(kbps)
max-bandwidth=100000(kbps) current-bandwidth=0(kbps)
priority=high forwarded_bytes=0
dropped_packets=0 dropped_bytes=0
stat: rxp=173465879 txp=2430534 rxb=194665548609 txb=2767375732 rxe=0 txe=0 rxd=0 txd=0 mc=0 collision=0 @ time=1628814469
re: rxl=0 rxo=0 rxc=0 rxf=0 rxfi=0 rxm=0
te: txa=0 txc=0 txfi=0 txh=0 txw=0
misc rxc=0 txc=0
input_type=0 state=3 arp_entry=0 refcnt=25
Case 2: dual stream, PC1 to PC4, PC2 to PC4
Traffic is sent from both PC1 and PC2 to PC4. PC1 to PC4 traffic is marked with class ID 2 and low priority, and PC2 to PC4 traffic is marked with class ID 3 and high priority. Both class 2 and 3 will be allocated their guaranteed bandwidth first, using up 10% and 20% respectively. The remaining available bandwidth is used by class 3 since it has a higher priority. Class 2 uses around 10 Mbps, and class 3 uses around 90 Mbps.
# diagnose netlink interface list port2
if=port2 family=00 type=1 index=20 mtu=1500 link=0 master=0
ref=36 state=start present fw_flags=3800 flags=up broadcast run multicast
Qdisc=mq hw_addr=70:4c:a5:7d:d4:95 broadcast_addr=ff:ff:ff:ff:ff:ff
ingress traffic control:
bandwidth=100000(kbps) lock_hit=181 default_class=2 n_active_class=4
class-id=2 allocated-bandwidth=10000(kbps) guaranteed-bandwidth=10000(kbps)
max-bandwidth=60000(kbps) current-bandwidth=10001(kbps)
priority=low forwarded_bytes=1799482K
dropped_packets=5998K dropped_bytes=7965553K
class-id=5 allocated-bandwidth=1000(kbps) guaranteed-bandwidth=10000(kbps)
max-bandwidth=50000(kbps) current-bandwidth=0(kbps)
priority=medium forwarded_bytes=0
dropped_packets=0 dropped_bytes=0
class-id=3 allocated-bandwidth=88000(kbps) guaranteed-bandwidth=20000(kbps)
max-bandwidth=100000(kbps) current-bandwidth=88000(kbps)
priority=high forwarded_bytes=345039K
dropped_packets=324K dropped_bytes=430862K
class-id=4 allocated-bandwidth=1000(kbps) guaranteed-bandwidth=30000(kbps)
max-bandwidth=100000(kbps) current-bandwidth=0(kbps)
priority=high forwarded_bytes=0
dropped_packets=0 dropped_bytes=0
stat: rxp=181269891 txp=2433428 rxb=205136511596 txb=2771214402 rxe=0 txe=0 rxd=0 txd=0 mc=0 collision=0 @ time=1628815849
re: rxl=0 rxo=0 rxc=0 rxf=0 rxfi=0 rxm=0
te: txa=0 txc=0 txfi=0 txh=0 txw=0
misc rxc=0 txc=0
input_type=0 state=3 arp_entry=0 refcnt=36
Case 3: multiple streams
Multiple streams of traffic are sent at the same time:
- PC1 to PC4 traffic is assigned class 2 with low priority, and a guaranteed bandwidth of 10 Mbps.
- PC2 to PC4 traffic is assigned class 3 with high priority, and a guaranteed bandwidth of 20 Mbps.
- PC2 to PC5 traffic is assigned class 4 with high priority, and a guaranteed bandwidth of 30 Mbps.
All classes will be allocated their guaranteed bandwidth first, using up 10 Mbps, 20 Mbps, and 30 Mbps respectively. The remaining available bandwidth (40 Mbps) is shared by class 3 and class 4 based on their guaranteed bandwidth ratio of 20:30.
- Class 3’s share of the remaining 40 Mbps traffic = 40 × 20/(20 + 30) =16 Mpbs
- Class 4’s share of the remaining 40 Mbps traffic = 40 × 30/(20 + 30) =24 Mpbs
Each class is allocated roughly the following bandwidth:
- Class 2: 10 Mbps
- Class 3: 20 Mbps + 16 Mbps = 36 Mbps
- Class 4: 30 Mbps + 24 Mbps = 54 Mbps
# diagnose netlink interface list port2
if=port2 family=00 type=1 index=20 mtu=1500 link=0 master=0
ref=27 state=start present fw_flags=3800 flags=up broadcast run multicast
Qdisc=mq hw_addr=70:4c:a5:7d:d4:95 broadcast_addr=ff:ff:ff:ff:ff:ff
ingress traffic control:
bandwidth=100000(kbps) lock_hit=148731 default_class=2 n_active_class=4
class-id=2 allocated-bandwidth=10000(kbps) guaranteed-bandwidth=10000(kbps)
max-bandwidth=60000(kbps) current-bandwidth=10004(kbps)
priority=low forwarded_bytes=2267956K
dropped_packets=10389K dropped_bytes=13796469K
class-id=5 allocated-bandwidth=1000(kbps) guaranteed-bandwidth=10000(kbps)
max-bandwidth=50000(kbps) current-bandwidth=0(kbps)
priority=medium forwarded_bytes=0
dropped_packets=0 dropped_bytes=0
class-id=3 allocated-bandwidth=35000(kbps) guaranteed-bandwidth=20000(kbps)
max-bandwidth=100000(kbps) current-bandwidth=35729(kbps)
priority=high forwarded_bytes=2119502K
dropped_packets=6020K dropped_bytes=7994926K
class-id=4 allocated-bandwidth=54000(kbps) guaranteed-bandwidth=30000(kbps)
max-bandwidth=100000(kbps) current-bandwidth=53907(kbps)
priority=high forwarded_bytes=902415K
dropped_packets=4141K dropped_bytes=5499248K
stat: rxp=197827723 txp=2433885 rxb=227356779526 txb=2771602657 rxe=0 txe=0 rxd=0 txd=0 mc=0 collision=0 @ time=1628816440
re: rxl=0 rxo=0 rxc=0 rxf=0 rxfi=0 rxm=0
te: txa=0 txc=0 txfi=0 txh=0 txw=0
misc rxc=0 txc=0
input_type=0 state=3 arp_entry=0 refcnt=27