[strongSwan] Traffic shaping for multiple ipsec clients with Linux tc
vitaly_repin at fsfe.org
Thu Aug 6 05:49:27 CEST 2015
2015-08-06 6:40 GMT+03:00 Noel Kuntze <noel at familie-kuntze.de>:
> Why do you want to assign a unique mark to each IP?
> You can simply create a filter for each type of traffic and then
> apply QoS to that. There's no obvious need to track
> each IP's connections seperately. TCP ACKs should be prioritized anyway,
> together with ICMP, independent of the connection.
> TCP packets always have the destination and source ports in the headers,
> so you can tell them apart, too, if needed.
May be I misunderstand something important. Let me try to clarify my
I have N clients connected to VPN server. Every client is assigned a
different (dynamic) IP. They can connect and disconnect at any time.
I want to guarantee every client certain bandwidth. (Not shared by
all the clients but to EVERY cleint, individually).
E.g., I want to give bandwidth 64 kbps to client 1. Bandwidth 256 kbps
to client 2. Etc.
Inside these bandwidthes, I want to prioritize traffic: e.g., ping ans
ssh go first, everything else second.
If I understand right how linux traffic shaping works, in order to
achieve these results I need to create 2*N classes and create filters
which direct traffic to specific classes. Or do I miss something?
> connmark is used if there are IPsec peers behind the same IP and they need to be distinguished.
Yes. It was my understanding also. Not my case.
WBR & WBW, Vitaly
More information about the Users