is possible to assign Qos over Nftables to dedicated interface (LAN, WAN, analogy to SQM, see attached picture 1)?
Background:
the network inside of LAN shall be fast (this means: without any limitations), limitations shall be set only for the 'slow' connection to the internet (wan), see picture 2.
Actually, the bandwidth limitations are set for each zone/interface, based on configured IP.
This is not useful.
The configuration can be as shown at picture 2 ;).
I make periodic a backup of a host - more GB of data. The backup server is in the LAN. The backup shall use the full network bandwidth, 1GBit (backup host is connected to the router directly).
but the host from previous step shall have only limited bandwidth to the Internet - WAN.
According to the actually implementation, the bandwidth limitation can not be set explicit to a interface (WAN or LAN or IP - as actually), it works for each interface (WAN and LAN and IP).
This is suboptimal.
It shall be possible to configure:
IP <--set-limit--> LAN or
IP <--set-limit--> WAN or
IP <--set-limit--> LAN + WAN
You write, it is possible to set the bandwidth limit to a interface - WAN or LAN.
I don't understand your QoS rule for this. Also, these host both have 192.168.0.0 network addresses - again this appears local and there's no routing QoS to set.
This makes sense...but should be set on the Internet router (I assume in the 192.168.1.0 network).
The solution I'd propose (separate these into routed subnets/interfaces/VLANs) would likely lower your desired 1 Gbps throughput because you'd actually begin to employ use of the Kernel and routing plane.
Jeep, any rule, just LAN ("This is local") full speed.
This is not possible, see the "simple topology". WRT ist de facto my internet router.
WRT makes masquerading for network 192.168.0.X and I can manage only WRT router.
The other router from 192.168.1.x receives only one data link (from its 192.168.1.10) which contains all my internet traffic for all hosts (host 192.168.0.10 is just an example).
Back to the configuration file of nft:
the bandwidth limitation (rx/tx) is just set hard to IP, any route is given
this means, it works every time (and works correct, I can see it)
Bat this concludes:
it is not possible to set different traffic rules for bandwidth limits for LAN and WAN for the same IP/host:
-- fast traffic inside of LAN
-- bandwidth limitation if traffic to WAN
If somebody knows, how, then please help.
THIS IS MY FAKE RULE:
#!/usr/sbin/nft -f
#
table inet nft-qos-static {
host ip 192.168.0.25
chain upload {
type filter hook prerouting priority 0; policy accept;
saddr via **WAN** limit rate over 128 kbytes/second **drop**
saddr via **LAN** limit rate **unlimited**
}
chain download {
type filter hook postrouting priority 0; policy accept;
daddr via **WAN** limit rate over 1344 kbytes/second **drop**
daddr via **LAN** limit rate **unlimited**
}
}
}
Traffic inside LAN - obviously one cannot configure on a router as traffic doesn't pass it
Limitation to WAN - again, read post
Just because you desire to put a rule in the OpenWrt, doesn't mean that's where it actually needs to go.
LOL, so just ignore that you have a border router in the 192.168.1.0 network.
Well, again you can make a rule; but since it isnt you're border router nor the bottleneck for bandwidth, I'm not sure how effective it will be with setting at the OpenWrt device.
I understand you. You are correct. If the traffic goes without the WRT ROUTER is full speed.
My description was not clean! I modified my picture of 'simply network'.
I describe the root problem:
if a bandwidth limitation was set for an LAN IP, then the rule is set at entry in to the router for affected host.
this causes, that the write access to the USB device is limited to the set bandwidth limitation for just writing client (I tested it: without bandwidth limitation: full write speed to the USB, with bandwidth limitation: write speed corresponds to the set limit).
I think, the same happens, if the backup_server is connected directly to the the LAN port atthe WRT ROUTER (WRT 1900ACS), but I had this not tested.
I hope, now is my description clean.
Now: the set speed limit shall be taken in to account only for traffic to WAN.
In the future, re-post a correction for continuity of the thread - now it makes the thread confusing for future readers. Nonetheless, your diagram still identifies the same scenario. I was not confused or unclear.
Correct, but the client and server both reside in LAN, correct?
If so, there is no QoS setting for a router. You can try setting this on the client or server.
Again, this is a LAN communication. Also, it could be the router's CPU - recall your OpenWrt is also running a file server and performing I/Os on the network and a USB device.
Tested. This is not true. Write/read(!) rate in to USB is directly depend from the set bandwidth limit for the client.
I/O, smb at CPU, etc,. under 3% of CPU.
The USB device is put in to the WRT ROUTER.
YES, the WRT ROUTER is my internet router...
YES, WRT ROUTER is my border router and the bottleneck for bandwidth at 192.168.1.10 (16MBit IN/3 MBit OUT)
Hey, and this code works for the defined host (ip 192.168.0.25)? I don't know what you meant by the word "FAKE". But I'm looking for exactly the same method as described in this topic (hosts in LAN have full bandwidth, while the same defined hosts in WAN have limited bandwidth).
Remember: Traffic has to pass the routing plane in order to be QoSed. 
