Displaying 20 results from an estimated 8000 matches similar to: "traffic queueing and ipsec vpn"
2004 Sep 17
2
interesting expert problem - shaping over VPN
Here''s a challenging problem for you experts to tackle:
I''m trying to shape traffic going into an IPSEC interface which then goes
over a DSL PPPoE interface. I figure I need to shape the DSL interface to
keep it''s hardware queue mostly empty, and to
2005 Jul 27
2
QoS and IPSec...
Hi, I have what to me is an interesting issue. I am wanting to
prioritize (QoS) traffic that will be passing through an IPSec
(OpenS/WAN) VPN between two (identical) Linux routers. I know that I
can apply the IPSec patches (1-4) to the kernel and IPTables (if they
are not already applied by now) filter traffic before and after IPSec
encapsulation. My problem is that I don''t know
2002 May 21
5
ingress and egress
ingress can be used to control the incoming packet,
such as:
tc qdisc add dev eth0 handle ffff: ingress
tc filter add dev eth0 parent ffff: protocol ip prio 5
u32 match ip src 172.16.1.11 police rate 10kbit burst
10k drop flowid :1
tc filter add dev eth0 parent ffff: protocol ip prio 5
u32 match ip src 172.16.1.22 police rate 10kbit burst
10k drop flowid :2
first ,I do not sure these method can
2007 Mar 13
4
Re: Standalone Shaping
On a router, there is no need for and IMQ because there is always an
egress path.
For example:
Internet -> eth1 -> iptables -> routing -> ... -> egress qdisc ->
eth0 -> LAN
LAN -> eth0 -> iptables -> routing -> .... -> egress qdisc -> eth1
-> Internet
Local Process / Proxy -> routing -> iptables -> egress qdisc ->
eth1/eth0 ->
2004 May 05
3
Simple HTB setup with tcng
Hello all,
I am trying to set up a simple htb based system, where packets with
source ip 10.0.0.1 should have their own class.
I plan to use tcng to set it up easier.
Is there something wrong in my tcng file ?
~/tcng$ cat htb
/*
*/
#include "fields.tc"
#include "ports.tc"
dev eth0 {
htb ( ) {
class ( rate 600kbps, ceil 600kbps )
{
2004 Apr 24
9
newbie: TC[NG] with (256kbit/s down and 768kbit/s up) on a router
Hi all,
this is really not really very easy to understand, or, to get in.
Well, I''ve the following configuration on the router box:
LAN
- interface: eth0
- network: 192.168.2.5/24
- bandwidth: 100Mbit/s
INET interface
- interface: ppp0
- network: .dynamic.ip./0
- bandwidth: DOWN=1536kbit/s and UP=256kbit/s
the LAN interface is to serve 6 other clients with internet and
2007 Jun 25
4
Using Julian Anastasov''s ''routes'' patches on 2.4 kernel in conjunction with IPSec
Hello,
I use Julian Anastasov ''routes'' (to be more specific: static_routes,
alt_routes and nf_reroute) patches on a 2.4.32 kernel. On the same host I run
IPSec. I have discovered after a few hours of networking problems that,
when IPSec is enabled on that patched kernel, inspecting packets with tcpdump
while arping-ing a host from a network physically connected to this
2004 Jul 06
7
Simply IMQ
I''ve followed this list for quite a long time and have even posted a couple
of times. I used the early versions of IMQ from Devik (I think that was his
name), and it worked well. I only ever got the chance to implement it in my
test environment. I now need to implement it in my production environment.
My Linux core router has nine interfaces and has a 27 megabit connection to
the
2004 Sep 25
1
Coexistence of Dynamic and Static routing
List members;
I have been reading the digest for some time now and I would like to ask some conceptual questions. I am a telecommunications systems designer and not a software guy, but I have tried and used a number of the tools availabel in the LARTC and Iptables, and many of the other great things included in Linux. We are designing commercial products and I don''t want to ask my
2007 Aug 30
17
Question about how TC enforces bandwidth limiting
Hello,
I run one of my PCs as my personal router, with iptables+tc to control
traffic and be my firewall.
In TC, I use a combination of htb, qdisc and sfq (as well as prio) to
classify bandwidth. In my current setup, I have 10 classifications of my
bandwidth. (Even I admit this is probably more than I need, but at this
point I''m still learning, so I''ll just leave them be.)
2003 Jun 25
2
Combining ingress and egress ( IMQ+HTB)
I am successfully running ingress (IMQ) and egress (HTB) shaping on a
bridge.
Is there any way to combine and share the bandwidth between ingress and
egress?
Example:
I have set up www service for egress at 128 KB and ingress at 256 KB. The
shaping on them works fine separately. However, I want to create a single
virtual pipe for www traffic and limit both ingress and egress combined to
256 KB.
2004 Nov 24
8
tc and iptables trouble
Hi all
I have a trouble configuring the qdiscs, when I indicate the "perturb 10" option to tc, i gives me this error:
tc qdisc add dev eth0 parent 5:1323 handle 1323 sfq perturb 10
RTNETLINK answers: Invalid argument
if I don''t put the "perturb 10" option, it works.
another question is about iptables, when I indicate the " --set-mark" option:
iptables -t
2004 May 10
8
Packet marking for ingress shapping and NET
Hi,
I have typical situation, local LAN with private addresses, translated
via NAT to internet. I need to shape ingress traffic (from internet to
local LAN) in several HTB queues accorting to destination (private not
public) IP. So I need mark packets to divide them to corresponding
queue. According to http://www.docum.org/stef.coene/qos/kptd/ I thing I
have only one way how to do it, because
2003 Dec 02
2
forwarding in tcng
Hi!
I am learning tcng without having experiance of tc and I am trying to
build something that shall schedule traffic dependent on the value in the
IPv4 packets ip_ttl field.
I have read the tcng reference manual and cannot find information about
forwarding. Is it possible to farward packets from ingress to egress
without sending them upwards in layers?
2004 Dec 20
2
How can I discern egress traffic than ingress traffic?
I have two interfaces, eth0 and eth1 but i can''t
discern the egress traffic than ingress traffic. I
need to apply htb qdisc in both directions, and I read
that I need the IMQ patch to do this, because in
ingress qdisc i can''t apply htb qdisc...but where is
the ingress qdisc? affect the traffic that goes from
eth0 to eth1 or is for the traffic that goes from eth1
to eth0?
2006 Aug 14
3
tc and HTB
Hi,
I have a Debian that is connected to Internet in eth0, and to a LAN in
eth1. I wanted to control traffic with HTB, dividing it depending on
what kind of traffic is (Mail, Application Server and others).
Would it be good to use HTB qdisc in eth0 egress to control outgoing
traffic and HTB qdisc in eth1 egress to control incoming traffic? Or
the only way to control incoming traffic is with eth0
2004 Jun 08
11
how flexible is ingress traffic policing to bandwidth limit?
[I sent this earlier but I guess the list is subscriber-only?]
I just set up wondershaper, it has a simple filter on the downstream
direction to limit the bandwidth usage:
tc qdisc add dev $DEV handle ffff: ingress
tc filter add dev $DEV parent ffff: protocol ip prio 50 u32 match ip src \
0.0.0.0/0 police rate ${DOWNLINK}kbit burst 10k drop flowid :1
This is effective but is there any way to
2006 Mar 30
5
packet marking: only a ratio, not all
Hi all!
In short:
Anybody wrote a patch for DSMARK to make it capable of marking
only a ratio (a given arg to the tc command) of the packets it gets?
Say, 20%? Or, do I have to hack into the source? Alternatives,
like a filter spitting packets to 2 different DSMARK based on this ratio?
In long:
I''m a hungarian univ student involved in a project (RMD-QoS stuff)
which needs
2005 Dec 05
13
Theory test
Guys
Considering the festive season is upon us, thanks to everyone
contributing to the list and helping all the readers with your great
input! I don''t want to mention names, I''ll most certainly leave
someone out.
With this mail I''d like to test some theory on bandwidth management,
with my own successes and failures during the past year.
Sharing a link between 200
2004 Apr 22
2
ingress policing based on source address?
Hi all
I''m new to this list, but not exactly to iproute stuff.
I''d like to solve a specific problem with bandwidth coming from
different external sources towards the internal network (also the other
way around, but I figure that''s not so much a problem, since that is
egress traffic shaping).
The network looks like this:
internet ------ ISP-------[shaping/router]