* Shaping ingress and egress VPN traffic with OpenVPN or KLIPS
@ 2012-02-10 21:57 John A. Sullivan III
0 siblings, 0 replies; only message in thread
From: John A. Sullivan III @ 2012-02-10 21:57 UTC (permalink / raw)
To: netdev
I've just emailed some questions about doing traffic shaping with IPSec
but I also have question when using OpenVPN since it uses a separate
interface, i.e., the tun interfaces. I suppose this would also be true
of systems still using KLIPS with ipsec interfaces like the Endian
firewalls.
Once again, with egress traffic, do we simply use a CONNMARK? Is that
preserved in the OpenVPN or KLIPS encapsulated packet?
For ingress traffic, I would think I would simply redirect traffic on
the tun or ipsec interfaces to the same ifb interface as the physical
interface uses for shaping. However, since the original OpenVPN or ESP
traffic is also coming in on that interface, how do we properly shape
the traffic? Do we create a separate queue for the original traffic and
allocate it bandwidth equal to the sum of all the queues for the traffic
it might handle? Will it work to pass traffic to two separate ifb
interfaces, one for traffic coming in off of ipsec+ or tun+ and the
other for traffic coming in on the physical interface?
Thanks - John
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2012-02-10 21:57 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2012-02-10 21:57 Shaping ingress and egress VPN traffic with OpenVPN or KLIPS John A. Sullivan III
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.