similar to: traffic queueing and ipsec vpn

Displaying 20 results from an estimated 8000 matches similar to: "traffic queueing and ipsec vpn"

2004 Sep 17
2
interesting expert problem - shaping over VPN
Here''s a challenging problem for you experts to tackle: I''m trying to shape traffic going into an IPSEC interface which then goes over a DSL PPPoE interface. I figure I need to shape the DSL interface to keep it''s hardware queue mostly empty, and to
2005 Jul 27
2
QoS and IPSec...
Hi, I have what to me is an interesting issue. I am wanting to prioritize (QoS) traffic that will be passing through an IPSec (OpenS/WAN) VPN between two (identical) Linux routers. I know that I can apply the IPSec patches (1-4) to the kernel and IPTables (if they are not already applied by now) filter traffic before and after IPSec encapsulation. My problem is that I don''t know
2002 May 21
5
ingress and egress
ingress can be used to control the incoming packet, such as: tc qdisc add dev eth0 handle ffff: ingress tc filter add dev eth0 parent ffff: protocol ip prio 5 u32 match ip src 172.16.1.11 police rate 10kbit burst 10k drop flowid :1 tc filter add dev eth0 parent ffff: protocol ip prio 5 u32 match ip src 172.16.1.22 police rate 10kbit burst 10k drop flowid :2 first ,I do not sure these method can
2007 Mar 13
4
Re: Standalone Shaping
On a router, there is no need for and IMQ because there is always an egress path. For example: Internet -> eth1 -> iptables -> routing -> ... -> egress qdisc -> eth0 -> LAN LAN -> eth0 -> iptables -> routing -> .... -> egress qdisc -> eth1 -> Internet Local Process / Proxy -> routing -> iptables -> egress qdisc -> eth1/eth0 ->
2004 May 05
3
Simple HTB setup with tcng
Hello all, I am trying to set up a simple htb based system, where packets with source ip 10.0.0.1 should have their own class. I plan to use tcng to set it up easier. Is there something wrong in my tcng file ? ~/tcng$ cat htb /* */ #include "fields.tc" #include "ports.tc" dev eth0 { htb ( ) { class ( rate 600kbps, ceil 600kbps ) {
2004 Apr 24
9
newbie: TC[NG] with (256kbit/s down and 768kbit/s up) on a router
Hi all, this is really not really very easy to understand, or, to get in. Well, I''ve the following configuration on the router box: LAN - interface: eth0 - network: 192.168.2.5/24 - bandwidth: 100Mbit/s INET interface - interface: ppp0 - network: .dynamic.ip./0 - bandwidth: DOWN=1536kbit/s and UP=256kbit/s the LAN interface is to serve 6 other clients with internet and
2007 Jun 25
4
Using Julian Anastasov''s ''routes'' patches on 2.4 kernel in conjunction with IPSec
Hello, I use Julian Anastasov ''routes'' (to be more specific: static_routes, alt_routes and nf_reroute) patches on a 2.4.32 kernel. On the same host I run IPSec. I have discovered after a few hours of networking problems that, when IPSec is enabled on that patched kernel, inspecting packets with tcpdump while arping-ing a host from a network physically connected to this
2004 Jul 06
7
Simply IMQ
I''ve followed this list for quite a long time and have even posted a couple of times. I used the early versions of IMQ from Devik (I think that was his name), and it worked well. I only ever got the chance to implement it in my test environment. I now need to implement it in my production environment. My Linux core router has nine interfaces and has a 27 megabit connection to the
2004 Sep 25
1
Coexistence of Dynamic and Static routing
List members; I have been reading the digest for some time now and I would like to ask some conceptual questions. I am a telecommunications systems designer and not a software guy, but I have tried and used a number of the tools availabel in the LARTC and Iptables, and many of the other great things included in Linux. We are designing commercial products and I don''t want to ask my
2007 Aug 30
17
Question about how TC enforces bandwidth limiting
Hello, I run one of my PCs as my personal router, with iptables+tc to control traffic and be my firewall. In TC, I use a combination of htb, qdisc and sfq (as well as prio) to classify bandwidth. In my current setup, I have 10 classifications of my bandwidth. (Even I admit this is probably more than I need, but at this point I''m still learning, so I''ll just leave them be.)
2003 Jun 25
2
Combining ingress and egress ( IMQ+HTB)
I am successfully running ingress (IMQ) and egress (HTB) shaping on a bridge. Is there any way to combine and share the bandwidth between ingress and egress? Example: I have set up www service for egress at 128 KB and ingress at 256 KB. The shaping on them works fine separately. However, I want to create a single virtual pipe for www traffic and limit both ingress and egress combined to 256 KB.
2004 Nov 24
8
tc and iptables trouble
Hi all I have a trouble configuring the qdiscs, when I indicate the "perturb 10" option to tc, i gives me this error: tc qdisc add dev eth0 parent 5:1323 handle 1323 sfq perturb 10 RTNETLINK answers: Invalid argument if I don''t put the "perturb 10" option, it works. another question is about iptables, when I indicate the " --set-mark" option: iptables -t
2004 May 10
8
Packet marking for ingress shapping and NET
Hi, I have typical situation, local LAN with private addresses, translated via NAT to internet. I need to shape ingress traffic (from internet to local LAN) in several HTB queues accorting to destination (private not public) IP. So I need mark packets to divide them to corresponding queue. According to http://www.docum.org/stef.coene/qos/kptd/ I thing I have only one way how to do it, because
2003 Dec 02
2
forwarding in tcng
Hi! I am learning tcng without having experiance of tc and I am trying to build something that shall schedule traffic dependent on the value in the IPv4 packets ip_ttl field. I have read the tcng reference manual and cannot find information about forwarding. Is it possible to farward packets from ingress to egress without sending them upwards in layers?
2004 Dec 20
2
How can I discern egress traffic than ingress traffic?
I have two interfaces, eth0 and eth1 but i can''t discern the egress traffic than ingress traffic. I need to apply htb qdisc in both directions, and I read that I need the IMQ patch to do this, because in ingress qdisc i can''t apply htb qdisc...but where is the ingress qdisc? affect the traffic that goes from eth0 to eth1 or is for the traffic that goes from eth1 to eth0?
2006 Aug 14
3
tc and HTB
Hi, I have a Debian that is connected to Internet in eth0, and to a LAN in eth1. I wanted to control traffic with HTB, dividing it depending on what kind of traffic is (Mail, Application Server and others). Would it be good to use HTB qdisc in eth0 egress to control outgoing traffic and HTB qdisc in eth1 egress to control incoming traffic? Or the only way to control incoming traffic is with eth0
2004 Jun 08
11
how flexible is ingress traffic policing to bandwidth limit?
[I sent this earlier but I guess the list is subscriber-only?] I just set up wondershaper, it has a simple filter on the downstream direction to limit the bandwidth usage: tc qdisc add dev $DEV handle ffff: ingress tc filter add dev $DEV parent ffff: protocol ip prio 50 u32 match ip src \ 0.0.0.0/0 police rate ${DOWNLINK}kbit burst 10k drop flowid :1 This is effective but is there any way to
2006 Mar 30
5
packet marking: only a ratio, not all
Hi all! In short: Anybody wrote a patch for DSMARK to make it capable of marking only a ratio (a given arg to the tc command) of the packets it gets? Say, 20%? Or, do I have to hack into the source? Alternatives, like a filter spitting packets to 2 different DSMARK based on this ratio? In long: I''m a hungarian univ student involved in a project (RMD-QoS stuff) which needs
2005 Dec 05
13
Theory test
Guys Considering the festive season is upon us, thanks to everyone contributing to the list and helping all the readers with your great input! I don''t want to mention names, I''ll most certainly leave someone out. With this mail I''d like to test some theory on bandwidth management, with my own successes and failures during the past year. Sharing a link between 200
2004 Apr 22
2
ingress policing based on source address?
Hi all I''m new to this list, but not exactly to iproute stuff. I''d like to solve a specific problem with bandwidth coming from different external sources towards the internal network (also the other way around, but I figure that''s not so much a problem, since that is egress traffic shaping). The network looks like this: internet ------ ISP-------[shaping/router]