[Openswan Users] Incorporating Qos

Ken Bantoft ken at xelerance.com
Mon Jun 21 18:35:42 CEST 2004


On Mon, 21 Jun 2004, Joep Gommers wrote:

> --[PinePGP]--------------------------------------------------[begin]--
> Dear list,
> 
> I've been busy on incorporating some sort of maximum bandwidth per IPSec
> connection mechanism. Defining by what rules (that are declared in e.g.
> ipsecqos.conf) a tunnel should live like. Is there any text / dialog pic
> that shows the layout of the ipsec shellscript. I'm beginning to
> understand _updown, manual, etc script. But a clear explanations by you
> guys would make it all even more clear.

If it's per conn, use _updown.  See kernel.c for do_command() code.

> Can you guys help me out?
> 
> Thanks in advance,
> Joep Gommers
> 
> PS I like CBQ, any comments/requests?

Ensure you do NOT use a QoS scheduler that is interrupt driven, as ipsec0 
on 2.4 is a virtual device and doesn't give 'real' interrupts.  On 2.6, 
there is no device at all.  I've been using IMQ + HTB3 for my needs, and 
they work okay.

Also check the hidetos= value in your IPsec config, and ensure it does 
what you want.  Note that the default changed between 1.x and 2.x - man 
ipsec.conf for details.

Ken



More information about the Users mailing list