Great thanx for the information... Yeah that sound a bit complex as a setup. However now I am a bit confuse as I was doing search yesterday I found the following thread. http://www.spinics.net/lists/lartc/msg19972.html The email thread state the the fwmark is should be carry on to the encrypted packet and therefore prioritisation of the encrypted packet should be the same as if it wasn't encrypted. Is this still true? So as per the thread is I understand correctly if the traffic that come in to an interface is "MARK" correctly then when it goes out on the encrypted tunnel it should be prioritise as it would normally be? -Luc On Tuesday, April 15, 2014 4:21:24 PM, Dave Taht <dave.taht@xxxxxxxxx> wrote: On Tue, Apr 15, 2014 at 1:09 PM, Luc Paulin <paulinster@xxxxxxxxx> wrote: > Hi, > I am would like to know if it's possible to do QOS on GRE/IPSec interface ? fq_codel can peel away a GRE version 0 header and do smart things with it. IPSec, not so much. > I am would like to do traffic prioritization over a gre/ipsec tunnel that has a lot of video/voip traffic in addition to regular traffic (ftp/http... ) Is this something possible ? Difficult. You could for example do some sort of act_mirred thing into multiple ifb or imq interfaces, and apply some qos there before encapsulating them in ipsec. > When I apply the rule on the interface it look like class doesn't do what they are suppose to do. ie(the traffic rate is way too low of the actual real traffic flow) > Thanx! > -- > To unsubscribe from this list: send the line "unsubscribe lartc" in > the body of a message to majordomo@xxxxxxxxxxxxxxx > More majordomo info at http://vger.kernel.org/majordomo-info.html -- Dave Täht NSFW: https://w2.eff.org/Censorship/Internet_censorship_bills/russell_0296_indecent.article -- To unsubscribe from this list: send the line "unsubscribe lartc" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html