On 2016-11-25, Marko Cupać <marko.cu...@mimar.rs> wrote: > Hi, > > I'd like to do limit bandwidth on gre tunnel protected with ipsec in > transport mode. > > I've set single default queue on gre interface, matched everything > that goes out to that queue, and finally passed everything out that > interface: > > # SNIP > queue mother on gre204 bandwidth 25M min 25M max 25M > queue child parent mother bandwidth 25M default > ... > match out on gre204 inet all set queue child > ... > pass out on gre 204 inet all > ... > # SNIP > > In `systat rules` i see counter for both match and pass rules > increasing, but `systat queues` doesn't count anything. > > What am I doing wrong? Do I need to queue on physical interface? If so, > how can I classify different types of traffic to separate queues later > on, since tcpdump on physical interface sees only esp traffic?
I haven't tried this exact scenario. But I understand the general way things work and I think this is correct: Assign packets to queue names as you are doing already, on the gre interface. But for the "queue XX on YY bandwidth ZZ" bits, YY should be the physical interface.
