[LARTC] traffic queueing and ipsec vpn
Alexis
alexis@tpys.com.ar
Fri, 3 Sep 2004 15:12:38 -0300
This is a multi-part message in MIME format.
------=_NextPart_000_0015_01C491C8.733E83A0
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: 7bit
Hi all, ive been reading lartc howto, im new about traffic shaping/police.
As far as red (chapter 9 complete) i saw that first the packet passes at the
ingress qdisc, then it passes to the ip stack if the packet is directed to
the box or its forwarded (is my case), then it falls to the egress
classifier/s.
Now, i understand if i have an ipsec vpn at the outside interface, the
egress classifiers will act before the packet leave the kernel and enter to
the vpn tunnel, is this correct?
Here's my situation , i have a "headquarter" box that is a database (to call
it with a name) and then a lot of branches that send queries to this
database and based on the results, the branches send packets to other
branches trough some established IPSEC tunnels. So, hq is the route
database, and the branches send voice traffic to other branches.
Now i have to set traffic shaping and manage the bandwith for senialization
and for voice flows (rtp flows). So i need to be shure that i can classify
the packets at the outside interface before them enters to the vpn tunnel.
is this correct?
Thanks in advance.
--
Alexis
------=_NextPart_000_0015_01C491C8.733E83A0
Content-Type: text/html;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Dus-ascii">
<META content=3D"MSHTML 6.00.2900.2180" name=3DGENERATOR></HEAD>
<BODY>
<DIV><SPAN class=3D150220518-03092004><FONT face=3DArial size=3D2>Hi =
all, ive been=20
reading lartc howto, im new about traffic =
shaping/police.</FONT></SPAN></DIV>
<DIV><SPAN class=3D150220518-03092004><FONT face=3DArial=20
size=3D2></FONT></SPAN> </DIV>
<DIV><SPAN class=3D150220518-03092004><FONT face=3DArial size=3D2>As far =
as red=20
(chapter 9 complete) i saw that first the packet passes at the ingress =
qdisc,=20
then it passes to the ip stack if the packet is directed to the box or =
its=20
forwarded (is my case), then it falls to the egress=20
classifier/s.</FONT></SPAN></DIV>
<DIV><SPAN class=3D150220518-03092004><FONT face=3DArial=20
size=3D2></FONT></SPAN> </DIV>
<DIV><SPAN class=3D150220518-03092004><FONT face=3DArial size=3D2>Now, i =
understand if=20
i have an ipsec vpn at the outside interface, the egress classifiers =
will act=20
before the packet leave the kernel and enter to the vpn tunnel, is this=20
correct?</FONT></SPAN></DIV>
<DIV><SPAN class=3D150220518-03092004><FONT face=3DArial=20
size=3D2></FONT></SPAN> </DIV>
<DIV><SPAN class=3D150220518-03092004><FONT face=3DArial size=3D2>Here's =
my situation=20
, i have a "headquarter" box that is a database (to call it with a name) =
and=20
then a lot of branches that send queries to this database and based on =
the=20
results, the branches send packets to other branches trough some =
established=20
IPSEC tunnels. So, hq is the route database, and the branches send voice =
traffic=20
to other branches.</FONT></SPAN></DIV>
<DIV><SPAN class=3D150220518-03092004><FONT face=3DArial=20
size=3D2></FONT></SPAN> </DIV>
<DIV><SPAN class=3D150220518-03092004><FONT face=3DArial size=3D2>Now i =
have to set=20
traffic shaping and manage the bandwith for senialization and for =
voice=20
flows (rtp flows). So i need to be shure that i can classify the packets =
at the=20
outside interface before them enters to the vpn =
tunnel.</FONT></SPAN></DIV>
<DIV><SPAN class=3D150220518-03092004><FONT face=3DArial=20
size=3D2></FONT></SPAN> </DIV>
<DIV><SPAN class=3D150220518-03092004><FONT face=3DArial size=3D2>is =
this=20
correct?</FONT></SPAN></DIV>
<DIV><SPAN class=3D150220518-03092004><FONT face=3DArial=20
size=3D2></FONT></SPAN> </DIV>
<DIV><SPAN class=3D150220518-03092004><FONT face=3DArial=20
size=3D2></FONT></SPAN> </DIV>
<DIV><SPAN class=3D150220518-03092004><FONT face=3DArial size=3D2>Thanks =
in=20
advance.</FONT></SPAN></DIV>
<DIV><SPAN class=3D150220518-03092004><FONT face=3DArial=20
size=3D2></FONT></SPAN> </DIV>
<DIV><SPAN class=3D150220518-03092004><FONT face=3DArial=20
size=3D2></FONT></SPAN> </DIV>
<DIV><SPAN class=3D150220518-03092004><FONT face=3DArial=20
size=3D2>--</FONT></SPAN></DIV>
<DIV><SPAN class=3D150220518-03092004><FONT face=3DArial=20
size=3D2>Alexis</FONT></SPAN></DIV></BODY></HTML>
------=_NextPart_000_0015_01C491C8.733E83A0--