How do I configure Preseem to inspect into 802.1q and 802.1ad VLANs?
By default, Preseem does not inspect into VLANs for either 802.1q or 802.1ad. This means that traffic in VLANs is simply bridged through Preseem without inspecting it (calculating its metrics) or shaping its bandwidth.
If you wish to inspect and shape VLAN traffic, there are two options:
- Configure Preseem to inspect into any 802.1q or 802.1ad VLAN
- Configure specific VLANs to inspect
Limitations
At present, Preseem can process 802.1ad (Q-in-Q) up to two VLANs deep.
Applying Configuration Changes
To apply the configuration below, the NetdevManager service needs to be restarted.
systemctl restart preseem-netdev-manager
Inspecting All VLAN Traffic
Note that Preseem version >= 1.10.5 is required to inspect all VLAN traffic.
Inspection (and shaping) of VLAN traffic is configured on a per-bridge basis in /etc/preseem/config.yaml. The following configuration snippet configures Preseem to inspect any VLANs on br0, for both 802.1q and 802.1ad:
bridges:
br0:
802.1q:
InspectAllVlansByDefault: true
802.1ad:
InspectAllVlansByDefault: true
Inspecting Specific VLANs
The list of VLANs to inspect is configured on a per-bridge basis. The following example configures br1 to inspect traffic only for specific 802.1q and 802.1ad VLANs:
bridges:
br1:
802.1q:
vlans:
20:
inspect: true
802.1ad:
stags:
4050:
ctags:
99:
inspect: true
Ignoring Specific VLANs
It is also possible to reverse the logic to inspect all VLANs by default, while ignoring specific VLANs:
bridges:
br1:
802.1q:
inspectAllVlansByDefault: true
vlans:
20:
inspect: false
802.1ad:
inspectAllVlansByDefault: true
stags:
4050:
ctags:
99:
inspect: false