[LARTC] BW using CBQ/tc for VPN Ipsec i/f?

[LARTC] BW using CBQ/tc for VPN Ipsec i/f?

[Srikanth]

Hi all,

I want to allocate bandwidth for ipsec interface using CBQ/tc.
Suppose the conf. file is like this,

DEVICE=ipsec0,10Mbit,1Mbit
RATE\x128Kbit
WEIGHT\x10Kbit
PRIO=5
RULE\x192.128.1.0/24

Does it work
or
What else options need to be taken care like ipsec packets/protocol/port 
# etc.?
C'd anybody suggest please?

regds,
Srikanth.


_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] BW using CBQ/tc for VPN Ipsec i/f?

[Srikanth]

[-- Attachment #1: Type: text/plain, Size: 947 bytes --]

How about, if i shall use tc / iproute2 ?

Thanks for the quickest response.

Srikanth.


hare ram wrote:

>if you are using the cbq.init script yes it works
>
>hare
>----- Original Message ----- 
>From: "Srikanth" <srikanth_w@naturesoft.net>
>To: <lartc@mailman.ds9a.nl>
>Sent: Monday, April 07, 2003 2:45 PM
>Subject: [LARTC] BW using CBQ/tc for VPN Ipsec i/f?
>
>
>  
>
>>Hi all,
>>
>>I want to allocate bandwidth for ipsec interface using CBQ/tc.
>>Suppose the conf. file is like this,
>>
>>DEVICE=ipsec0,10Mbit,1Mbit
>>RATE=128Kbit
>>WEIGHT=10Kbit
>>PRIO=5
>>RULE=192.128.1.0/24
>>
>>Does it work
>>or
>>What else options need to be taken care like ipsec packets/protocol/port 
>># etc.?
>>C'd anybody suggest please?
>>
>>regds,
>>Srikanth.
>>
>>
>>_______________________________________________
>>LARTC mailing list / LARTC@mailman.ds9a.nl
>>http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
>>
>>    
>>
>
>
>
>  
>


[-- Attachment #2: Type: text/html, Size: 1631 bytes --]

Re: [LARTC] BW using CBQ/tc for VPN Ipsec i/f?

[Stef Coene]

On Monday 07 April 2003 13:41, Srikanth wrote:
> How about, if i shall use tc / iproute2 ?
cbq.init uses tc  But it makes configuring tc more easy because you can use 
simple config files.

Stef

>
> Srikanth.
>
> hare ram wrote:
> >if you are using the cbq.init script yes it works
> >
> >hare
> >----- Original Message -----
>
> From: "Srikanth" <srikanth_w@naturesoft.net>
>
> >To: <lartc@mailman.ds9a.nl>
> >Sent: Monday, April 07, 2003 2:45 PM
> >Subject: [LARTC] BW using CBQ/tc for VPN Ipsec i/f?
> >
> >>Hi all,
> >>
> >>I want to allocate bandwidth for ipsec interface using CBQ/tc.
> >>Suppose the conf. file is like this,
> >>
> >>DEVICE=ipsec0,10Mbit,1Mbit
> >>RATE\x128Kbit
> >>WEIGHT\x10Kbit
> >>PRIO=5
> >>RULE\x192.128.1.0/24
> >>
> >>Does it work
> >>or
> >>What else options need to be taken care like ipsec packets/protocol/port
> >># etc.?
> >>C'd anybody suggest please?
> >>
> >>regds,
> >>Srikanth.
> >>
> >>
> >>_______________________________________________
> >>LARTC mailing list / LARTC@mailman.ds9a.nl
> >>http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

-- 

stef.coene@docum.org
 "Using Linux as bandwidth manager"
     http://www.docum.org/
     #lartc @ irc.oftc.net

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] BW using CBQ/tc for VPN Ipsec i/f?

[Srikanth]

[-- Attachment #1: Type: text/plain, Size: 1426 bytes --]




Stef Coene wrote:

>On Monday 07 April 2003 13:41, Srikanth wrote:
>  
>
>>How about, if i shall use tc / iproute2 ?
>>    
>>
>cbq.init uses tc  But it makes configuring tc more easy because you can use 
>simple config files.
>
>Stef
>  
>
It's OK., my question was about, if i use tc, shall i need to pass ipsec 
protocol / port number as arguments?
i mean, Is there any mechanism to recognize ipsec packets / VPN tunnels.

Srikanth.

>  
>
>>Srikanth.
>>
>>hare ram wrote:
>>    
>>
>>>if you are using the cbq.init script yes it works
>>>
>>>hare
>>>----- Original Message -----
>>>      
>>>
>>From: "Srikanth" <srikanth_w@naturesoft.net>
>>
>>    
>>
>>>To: <lartc@mailman.ds9a.nl>
>>>Sent: Monday, April 07, 2003 2:45 PM
>>>Subject: [LARTC] BW using CBQ/tc for VPN Ipsec i/f?
>>>
>>>      
>>>
>>>>Hi all,
>>>>
>>>>I want to allocate bandwidth for ipsec interface using CBQ/tc.
>>>>Suppose the conf. file is like this,
>>>>
>>>>DEVICE=ipsec0,10Mbit,1Mbit
>>>>RATE=128Kbit
>>>>WEIGHT=10Kbit
>>>>PRIO=5
>>>>RULE=192.128.1.0/24
>>>>
>>>>Does it work
>>>>or
>>>>What else options need to be taken care like ipsec packets/protocol/port
>>>># etc.?
>>>>C'd anybody suggest please?
>>>>
>>>>regds,
>>>>Srikanth.
>>>>
>>>>
>>>>_______________________________________________
>>>>LARTC mailing list / LARTC@mailman.ds9a.nl
>>>>http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
>>>>        
>>>>
>
>  
>


[-- Attachment #2: Type: text/html, Size: 2551 bytes --]

Re: [LARTC] BW using CBQ/tc for VPN Ipsec i/f?

[Jose Luis Domingo Lopez]

On Tuesday, 08 April 2003, at 14:54:20 +0530,
Srikanth wrote:

> It's OK., my question was about, if i use tc, shall i need to pass ipsec 
> protocol / port number as arguments?
> i mean, Is there any mechanism to recognize ipsec packets / VPN tunnels.
> 
Once the IPsec tunnel is set up, you can recognize tunneled traffic
easily: (in tunnel mode) source and destination IP addresses will be
that of the two endpoints, and IP packets will have a "protocol" field
with values "decimal 50" (esp) or "decimal 51" (ah).

While the tunnel is being stablished, and if using IKE, both endpoints
exchange packets with their own IP, UDP transport protocol, and both
source and destination ports set to "decimal 500".

At least that is what I recall, check FreeS/WAN website
(www.freeswan.org) for complete information on traffic generated by an
IPsec tunnel.

Hope it helps.

-- 
Jose Luis Domingo Lopez
Linux Registered User #189436     Debian Linux Sid (Linux 2.4.20-xfsip)
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/