Look up wondershaper from http://lartc.org. It gives maximum priority to
interactive traffic. It creates a root disc and gives full bandwidth to
one handle. The way I see it, you need to create two classes as under:
Class 1: rate=max bw, ceil max bandwidth.
Class 2: rate=1kb, ceil=max bandwidth. (giving 1 as we cannot 0kb as
rate in tc).
Route all traffic with ports 500,51,52,47 destination to Class 1. I
guess you would also want to allocate bandwidth for incoming ipsec
traffic and choke the rest. You can, however, do ingress policing and
shape the incoming traffic by shaping the outgoing traffic on your
internal network interface.
HTH
Mohan
-----Original Message-----
From: lartc-admin@mailman.ds9a.nl [mailto:lartc-admin@mailman.ds9a.nl]
On Behalf Of Mike Nielsen
Sent: Monday, January 20, 2003 12:26 AM
To: LARTC
Subject: [LARTC] TC + IPsec and a Newbie
Hi there,
I am just starting out with the TC and iproute2 tools. I have given
Bert
Hubert''s Linux Advanced Routing And Traffic Control Howto a couple of
reads
but know I don''t have a full grasp of concepts yet.
My immediate need is to make sure ipsec traffic between two linux
firewall/routers is given the greatest priority over all other traffic.
In more detail I have a leg of a VPN that is running over ISDN.
Previously
if someone is surfing the web or god forbid trying to stream audio it
throws
a wrench into the IPsec works.
Aside from blocking the streaming I need a way to make sure IPSec will
be
given as much preferance over other traffic types as possible.
Would someone give me an example of commands I would need to enter into
a
script, or point me to a location that might have this situation already
coded out?
Also any other tips you can offer would be greatly appreciated.
--
-----------------------------
|\/|ike@GetBent.net
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/