From: "S Mohan" <smohan@vsnl.com>
To: lartc@vger.kernel.org
Subject: RE: [LARTC] TC + IPsec and a Newbie
Date: Mon, 20 Jan 2003 01:11:46 +0000 [thread overview]
Message-ID: <marc-lartc-104302444421099@msgid-missing> (raw)
In-Reply-To: <marc-lartc-104300262603101@msgid-missing>
Look up wondershaper from http://lartc.org. It gives maximum priority to
interactive traffic. It creates a root disc and gives full bandwidth to
one handle. The way I see it, you need to create two classes as under:
Class 1: rate=max bw, ceil max bandwidth.
Class 2: rate=1kb, ceil=max bandwidth. (giving 1 as we cannot 0kb as
rate in tc).
Route all traffic with ports 500,51,52,47 destination to Class 1. I
guess you would also want to allocate bandwidth for incoming ipsec
traffic and choke the rest. You can, however, do ingress policing and
shape the incoming traffic by shaping the outgoing traffic on your
internal network interface.
HTH
Mohan
-----Original Message-----
From: lartc-admin@mailman.ds9a.nl [mailto:lartc-admin@mailman.ds9a.nl]
On Behalf Of Mike Nielsen
Sent: Monday, January 20, 2003 12:26 AM
To: LARTC
Subject: [LARTC] TC + IPsec and a Newbie
Hi there,
I am just starting out with the TC and iproute2 tools. I have given
Bert
Hubert's Linux Advanced Routing And Traffic Control Howto a couple of
reads
but know I don't have a full grasp of concepts yet.
My immediate need is to make sure ipsec traffic between two linux
firewall/routers is given the greatest priority over all other traffic.
In more detail I have a leg of a VPN that is running over ISDN.
Previously
if someone is surfing the web or god forbid trying to stream audio it
throws
a wrench into the IPsec works.
Aside from blocking the streaming I need a way to make sure IPSec will
be
given as much preferance over other traffic types as possible.
Would someone give me an example of commands I would need to enter into
a
script, or point me to a location that might have this situation already
coded out?
Also any other tips you can offer would be greatly appreciated.
--
-----------------------------
|\/|ike@GetBent.net
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
prev parent reply other threads:[~2003-01-20 1:11 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-01-19 18:55 [LARTC] TC + IPsec and a Newbie Mike Nielsen
2003-01-20 1:11 ` S Mohan [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=marc-lartc-104302444421099@msgid-missing \
--to=smohan@vsnl.com \
--cc=lartc@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox