Hi all, I want to allocate bandwidth for ipsec interface using CBQ/tc. Suppose the conf. file is like this, DEVICE=ipsec0,10Mbit,1Mbit RATE=128Kbit WEIGHT=10Kbit PRIO=5 RULE=192.128.1.0/24 Does it work or What else options need to be taken care like ipsec packets/protocol/port # etc.? C''d anybody suggest please? regds, Srikanth. _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
How about, if i shall use tc / iproute2 ? Thanks for the quickest response. Srikanth. hare ram wrote:>if you are using the cbq.init script yes it works > >hare >----- Original Message ----- >From: "Srikanth" <srikanth_w@naturesoft.net> >To: <lartc@mailman.ds9a.nl> >Sent: Monday, April 07, 2003 2:45 PM >Subject: [LARTC] BW using CBQ/tc for VPN Ipsec i/f? > > > > >>Hi all, >> >>I want to allocate bandwidth for ipsec interface using CBQ/tc. >>Suppose the conf. file is like this, >> >>DEVICE=ipsec0,10Mbit,1Mbit >>RATE=128Kbit >>WEIGHT=10Kbit >>PRIO=5 >>RULE=192.128.1.0/24 >> >>Does it work >>or >>What else options need to be taken care like ipsec packets/protocol/port >># etc.? >>C''d anybody suggest please? >> >>regds, >>Srikanth. >> >> >>_______________________________________________ >>LARTC mailing list / LARTC@mailman.ds9a.nl >>http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ >> >> >> > > > > >
On Monday 07 April 2003 13:41, Srikanth wrote:> How about, if i shall use tc / iproute2 ?cbq.init uses tc But it makes configuring tc more easy because you can use simple config files. Stef> > Srikanth. > > hare ram wrote: > >if you are using the cbq.init script yes it works > > > >hare > >----- Original Message ----- > > From: "Srikanth" <srikanth_w@naturesoft.net> > > >To: <lartc@mailman.ds9a.nl> > >Sent: Monday, April 07, 2003 2:45 PM > >Subject: [LARTC] BW using CBQ/tc for VPN Ipsec i/f? > > > >>Hi all, > >> > >>I want to allocate bandwidth for ipsec interface using CBQ/tc. > >>Suppose the conf. file is like this, > >> > >>DEVICE=ipsec0,10Mbit,1Mbit > >>RATE=128Kbit > >>WEIGHT=10Kbit > >>PRIO=5 > >>RULE=192.128.1.0/24 > >> > >>Does it work > >>or > >>What else options need to be taken care like ipsec packets/protocol/port > >># etc.? > >>C''d anybody suggest please? > >> > >>regds, > >>Srikanth. > >> > >> > >>_______________________________________________ > >>LARTC mailing list / LARTC@mailman.ds9a.nl > >>http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/-- stef.coene@docum.org "Using Linux as bandwidth manager" http://www.docum.org/ #lartc @ irc.oftc.net _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Stef Coene wrote:>On Monday 07 April 2003 13:41, Srikanth wrote: > > >>How about, if i shall use tc / iproute2 ? >> >> >cbq.init uses tc But it makes configuring tc more easy because you can use >simple config files. > >Stef > >It''s OK., my question was about, if i use tc, shall i need to pass ipsec protocol / port number as arguments? i mean, Is there any mechanism to recognize ipsec packets / VPN tunnels. Srikanth.> > >>Srikanth. >> >>hare ram wrote: >> >> >>>if you are using the cbq.init script yes it works >>> >>>hare >>>----- Original Message ----- >>> >>> >>From: "Srikanth" <srikanth_w@naturesoft.net> >> >> >> >>>To: <lartc@mailman.ds9a.nl> >>>Sent: Monday, April 07, 2003 2:45 PM >>>Subject: [LARTC] BW using CBQ/tc for VPN Ipsec i/f? >>> >>> >>> >>>>Hi all, >>>> >>>>I want to allocate bandwidth for ipsec interface using CBQ/tc. >>>>Suppose the conf. file is like this, >>>> >>>>DEVICE=ipsec0,10Mbit,1Mbit >>>>RATE=128Kbit >>>>WEIGHT=10Kbit >>>>PRIO=5 >>>>RULE=192.128.1.0/24 >>>> >>>>Does it work >>>>or >>>>What else options need to be taken care like ipsec packets/protocol/port >>>># etc.? >>>>C''d anybody suggest please? >>>> >>>>regds, >>>>Srikanth. >>>> >>>> >>>>_______________________________________________ >>>>LARTC mailing list / LARTC@mailman.ds9a.nl >>>>http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ >>>> >>>> > > >
On Tuesday, 08 April 2003, at 14:54:20 +0530, Srikanth wrote:> It''s OK., my question was about, if i use tc, shall i need to pass ipsec > protocol / port number as arguments? > i mean, Is there any mechanism to recognize ipsec packets / VPN tunnels. >Once the IPsec tunnel is set up, you can recognize tunneled traffic easily: (in tunnel mode) source and destination IP addresses will be that of the two endpoints, and IP packets will have a "protocol" field with values "decimal 50" (esp) or "decimal 51" (ah). While the tunnel is being stablished, and if using IKE, both endpoints exchange packets with their own IP, UDP transport protocol, and both source and destination ports set to "decimal 500". At least that is what I recall, check FreeS/WAN website (www.freeswan.org) for complete information on traffic generated by an IPsec tunnel. Hope it helps. -- Jose Luis Domingo Lopez Linux Registered User #189436 Debian Linux Sid (Linux 2.4.20-xfsip) _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/