I have a problem which i hope someone can help me with.
My Scenario is very simple, One VPLS circuit setup from point A to B using RB133 and x86 PC both running V3.10.
The circuit is working fine with customer traffic but i am unable to rate limit the circuit.
I have tried setting up connection / packet marking on the interfaces in the bridge but the firewall rules see no traffic.
I have tried turning on the 'Use IP Firewall' setting in the bridge settings and then the firewall sees some traffic but not all because the customer is using vlans. So i turned on 'Use IP Firewall for VLAN' in the bridge settings which causes the customers traffic to stop completely.
I have tried setting up packet marking in the bridge filter and i see the bytes and packets counter increment, i even set the action to 'log' and verified that the correct packets were being marked, but then the queue doesn't see the packet marks for some reason.
Can anyone shed any light on this problem for me? It is important to note that the circuit needs to be completely transparent to the customer, as-in they should be able to put whatever protocols they like through the circuit and the queue / firewall should rate limit it without knowing what it is.
I'm assuming that it can be done as MPLS/VPLS are carrier grade technologies by definition and carriers don't often know or care what their circuits are being used for.