Here's a challenging problem for you experts to tackle:
I'm trying to shape traffic going into an IPSEC interface which then goes
over a DSL PPPoE interface. I figure I need to shape the DSL interface to
keep it's hardware queue mostly empty, and to prioritize between IPSEC and
non-IPSEC traffic. I also have to shape going into the IPSEC, which
carries VoIP (high pri), VNC (med pri) and other (email, etc, low pri).
I have it all set up and working, except that the IPSEC shaping doesn't
seem to do any good whatsoever. Even if I allocate 99% of the bandwidth
to the VoIP and 99% to IPSEC over PPPoE I still get break-ups in the VoIP
signal when I do some heavy VNC. I tried such drastic things as reducing
the "ceiling" to half of what the DSL line was spec'd (and tested) as
supporting. I played with the numbers until they were really skewed (99%)
in favor of VoIP, but still no joy.
So my question is, am I missing something fundamental conceptually
regarding shaping traffic into an IPSEC/VPN interface and then shaping
that along with non-VPN traffic out over the single internet connection?
Is there some buffering/queue stuff in IPSEC or PPPoE that would prevent
me shaping properly?
I am using FreeSWAN IPSEC on Fedora Core 1.
Thanks for your help.
_______________________________________________
LARTC mailing list / LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
