6

I have a StrongSwan (IKEv2) server setup and would like to limit each VPN connection to 512kb/s.

After researching I came across tc in Ubuntu. I don't quite understand it and am fighting through the manual pages.

DEV=eth0
tc qdisc del dev $DEV root
tc qdisc add dev $DEV handle 1: root htb default 11
tc qdisc add dev $DEV parent 1:11 handle 11: sfq perturb 60 

I think this means that reroute the unclassified traffic to ID 11, which in turn will be evened out every 60 seconds. sqf also guarantees fairness in equal flow of data among requests.

Interval in seconds for queue algorithm perturbation. Defaults to 0, which means that no perturbation occurs. Do not set too low for each perturbation may cause some packet reordering or losses. Advised value: 60 This value has no effect when external flow classification is used. Its better to increase divisor value to lower risk of hash collisions.

I'm not too sure about these two. It seems to me that the primary connections would be limited to 512kbps and the unclassified to 128kbps. But I'm unsure.

tc class add dev $DEV parent 1: classid 1:1 htb rate 512kbps
tc class add dev $DEV parent 1:1 classid 1:11 htb rate 128kbps

The worst part is that I'm unsure if each VPN connection falls under these rules above as well, or are the rules only affecting scp etc.

Thanks for advice

Houman
  • 1,325
  • 3
  • 18
  • 30

0 Answers0