[Openswan Users] ifb ipsec and traffic shaping problem
johnm at advocap.org
Fri Oct 3 13:53:08 EDT 2008
Both ipsec and the decoded packets are seen on the incoming port and
also the the ifb device.
Problem is they are both being counted in traffic calculations :-(
Did download tests and with traffic shaping enabled and rate via ipsec
is half that direct.
With traffic shaping disabled rates are the same.
Actually not a new problem but just became aware of it and it is really
a ipsec and tc problem.
See same problem on existing routers with ingress.
Was suspicious for a long time but never tested it.
Working on a new firewall routers.
Using 2.6 kernel ipsec. Debian Lenny and new Shorewall 4.2.
I can think of 2 possibilities:
Some how get tc to disregard the decoded packets in the speed calculation.
Possibly send to a separate class? Do not know tc well enough and looks
like the lartc mailing list is dead :-( Any alternatives to the lartc
mailing list? I hate to think that traffic shaping and native ipsec are
Or use klips.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 250 bytes
Desc: not available
Url : http://lists.openswan.org/pipermail/users/attachments/20081003/edfc9907/attachment.vcf
More information about the Users