I'm trying to rate limit via an ACL a port. This is working fine for the input flow with this rule:
-A FORWARD -i swp4 -j POLICE --set-mode KB --set-rate 1024 --set-burst 1 --set-class 0
However, this works only in one direction, so I tried this:
-A FORWARD -o swp4 -j POLICE --set-mode KB --set-rate 51024 --set-burst 1 --set-class 0
But I get the following error when I try to apply rules:
Reading rule file /etc/cumulus/acl/policy.d/00control_plane.rules ...
Processing rules in file /etc/cumulus/acl/policy.d/00control_plane.rules ...
Reading rule file /etc/cumulus/acl/policy.d/40ratelimit_internet.rules ...
Processing rules in file /etc/cumulus/acl/policy.d/40ratelimit_internet.rules ...
Reading rule file /etc/cumulus/acl/policy.d/99control_plane_catch_all.rules ...
Processing rules in file /etc/cumulus/acl/policy.d/99control_plane_catch_all.rules ...
Installing acl policy
error: hw sync failed (sync_acl hardware installation failed)
Rolling back ..
I also tried with ebtables, but I get the same behavior.
How I can rate limit the bandwidth on a port in both direction ?
I have cumulus 3.7.2 on a S3048ON.
Thanks for your help!
Best answer by mcuony_arcanite
Sorry, we found the issue and I forgot to update the topic :/
The setup is using a MLAG (2 interface on 2 switches). Only one interface per switch is connected.
I applied two rule on the two ports, that resulted on the outgoing traffic not being rate limited (but the incoming one was ok).
I was assuming it should be working, especially since there was only one interface connected. (Minus the traffic on the other switch with his own policies, of course).
Applying rule on the bond of the two interfaces applied the rate limit in both direction, witch make sense :)
Have a nice day!