Created by Yuriy Andamasov, Modified on Fri, 28 Apr 2023 at 05:07 AM by Aslan Hajiyev
Presented below is a VyOS config featuring VLANs with IP unnumbered and rate limiting controls. In this example, we have three different clients that need to be divided into three different VLANs with different speeds. First of all, let's start by setting up uplink.
set interfaces ethernet eth0 address 'uplink address'
Next, we need to set up a dummy interface. It's a lot like the loopback interface, except you can have as many of it as you want. On systems with multiple redundant uplinks and routes, it's a good idea to use a dedicated address for management and dynamic routing protocols. However, assigning that address to a physical link is risky: if that link goes down, that address will become inaccessible. A common solution is to assign the management address to a loopback or a dummy interface and advertise that address via all physical links, so that it's reachable through any of them. Since in Linux-based systems, there can be only one loopback interface, it's better to use a dummy interface for that purpose, since they can be added, removed, and taken up and down independently. In our example, a dummy interface will be used as the gateway.
set interfaces dummy dum0 address 198.51.100.254/24
Next let's make the VLANs and enable proxy ARP for them. Proxy ARP allows an ethernet interface to respond with its own MAC address to ARP requests for destination IP addresses on subnets attached to the other interfaces on the system. Subsequent packets sent to those destination IP addresses are forwarded appropriately by the system.
set interfaces ethernet ethX vif 1 ip enable-proxy-arp set interfaces ethernet ethX vif 2 ip enable-proxy-arp set interfaces ethernet ethX vif 3 ip enable-proxy-arp
After that, we need to make paths from each VLANs to the dummy interface. Simply put, we're setting up static routes from VLANs to the gateway.
set protocols static interface-route 198.51.100.1/32 next-hop-interface ethX.1 set protocols static interface-route 198.51.100.2/32 next-hop-interface ethX.2 set protocols static interface-route 198.51.100.3/32 next-hop-interface ethX.3
Now we need to set rate limiting rules for each VLAN. Rate-Control is a classless policy that limits the packet flow to a set rate. It is a pure shaper: it does not schedule traffic. Traffic is filtered based on the expenditure of tokens. Tokens roughly correspond to bytes. Short bursts can be allowed to exceed the limit. On creation, the Rate-Control traffic is stocked with tokens that correspond to the amount of traffic that can be burst in one go. Tokens arrive at a steady rate until the bucket is full.
set traffic-policy rate-control vlan1 bandwidth set traffic-policy rate-control vlan1 burst set traffic-policy rate-control vlan2 bandwidth set traffic-policy rate-control vlan2 burst set traffic-policy rate-control vlan3 bandwidth set traffic-policy rate-control vlan3 burst
And finally we add rules to the VLANs.
set interfaces ethernet ethX vif 1 traffic-policy out vlan1 set interfaces ethernet ethX vif 2 traffic-policy out vlan2 set interfaces ethernet ethX vif 3 traffic-policy out vlan3
In conclusion, IP unnumbered offers the great advantage of letting you create as many VLANs as you want for each ethernet interface.
Was this article helpful?
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
We appreciate your effort and will try to fix the article