-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hello Vitaly,
Okay, I missed the second point regarding the guaranteed bandwidth. I looked around at lartc.org a bit and found the IMQ article[1] and the general article about filters[2] relevant to your work. It is not quite obvious to me how you can achieve your goal the "easy" way. I think this is how far as I can help you, I haven't touched tc or traffic shaping in general yet, so this is all unfamiliar ground for me. Looking at the docs on lartc about traffic shaping is probably the first thing I would do, followed by sending questions to the mailing list about lartc for detail questions. [1] http://lartc.org/howto/lartc.imq.html [2] http://lartc.org/howto/lartc.qdisc.filters.html Mit freundlichen Grüßen/Kind Regards, Noel Kuntze GPG Key ID: 0x63EC6658 Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658 Am 06.08.2015 um 05:49 schrieb Vitaly Repin: > Hello, > > 2015-08-06 6:40 GMT+03:00 Noel Kuntze <n...@familie-kuntze.de>: > >> Why do you want to assign a unique mark to each IP? >> You can simply create a filter for each type of traffic and then >> apply QoS to that. There's no obvious need to track >> each IP's connections seperately. TCP ACKs should be prioritized anyway, >> together with ICMP, independent of the connection. >> TCP packets always have the destination and source ports in the headers, >> so you can tell them apart, too, if needed. > > > May be I misunderstand something important. Let me try to clarify my > needs again. > > I have N clients connected to VPN server. Every client is assigned a > different (dynamic) IP. They can connect and disconnect at any time. > > I want to guarantee every client certain bandwidth. (Not shared by > all the clients but to EVERY cleint, individually). > > E.g., I want to give bandwidth 64 kbps to client 1. Bandwidth 256 kbps > to client 2. Etc. > Inside these bandwidthes, I want to prioritize traffic: e.g., ping ans > ssh go first, everything else second. > > If I understand right how linux traffic shaping works, in order to > achieve these results I need to create 2*N classes and create filters > which direct traffic to specific classes. Or do I miss something? > >> connmark is used if there are IPsec peers behind the same IP and they need >> to be distinguished. > > Yes. It was my understanding also. Not my case. > -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJVwtugAAoJEDg5KY9j7GZYb5UP/2K61KR/QHQi0fJuoox4zkmS 1F/cd/zKl7Jhfbtflw7FfhurMmVIe9yyFVxsxMwh3sj+T3XH/krHBB44wXtpT12A L12ZB/JTSZGDhd5LXRsUbWeAEvv95631xcq7VTVOuzJDgdFbisrrOF7a/xUvrC9C 55hf+8bi5TH2Dqc6Vc1Q5vLxiCamSS4QPEFWxMWx1ipIOZypFUimNQeTuyligg6l Ospwzk66k7uTGZwgK6HKskWVCHYDW0Z6oGaeZd+MX1Hp1glxk38fcg75jsgNZ8kd OAtYW9gfLHOvT+uyik1JYOuWxIvVDqZT36L7b2oJ6Lzsd6FQlIlKJtsADb5aTHCU hAuAj9Xn6VjZPdQWFX7yxZDD4GWOy0ZczpeyT5aGP1Y8cNr91vEUgOSKMdUO3JDp 2pwFLpxN2SCMSIZBygHDr1iKKlakwcIi++tVi4m69BdJ+DhG0TWnel6dvaRG1pUc FO1mhfGhDaaUbKRn622y3rf1+LbcH3N/YacFBkpLokGvht07Wlo7Ml+YJKE6PlRn 4ScFORsnH2M+bh79AIRpfu5wowlOl1IsCQe/UU290w8whZbG36ztlZK1RRmozQIW gIFS5IqdIv0BcvqlGtQfXaTkBVgbHpaIz9qk092scPeLEjhI4hMZYZ3pBU0i9pi9 G9hBZRcCjeww850qTMnK =f778 -----END PGP SIGNATURE----- _______________________________________________ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users