[strongSwan] question on prioritizing traffic with iproute2 tc and strongswan
Andreas Steffen
andreas.steffen at strongswan.org
Tue Jun 21 08:15:19 CEST 2011
Hello Lyle,
the following DiffServ scenario might give you some ideas on
how to do the prioritizing using XFRM marks:
http://www.strongswan.org/uml/testresults/ikev2/net2net-psk-dscp/
Regards
Andreas
On 06/21/2011 12:39 AM, lyle492 at comcast.net wrote:
> I would like to prioritize certain traffic based on transport
> protocol and port number. When I use tc filter rules that
> place the filter on a non-ipsec interface, the prioritization
> happens. When I change the interface to one that has only
> ipsec traffic over it, all traffic is then sent from the
> "everything else" queue. Very simple case: two queues, one
> gets priority over the other, no bandwidth metering or other
> complications. I surmised that tc filters don't
> "see" outgoing packets until after encapsulation, when they
> are encrypted. Is this correct? What is the preferred way
> to do this? Use iptables, mark the traffic and use tc rules
> that choose based on this mark instead?
>
> Thank you.
>
> --lyle
======================================================================
Andreas Steffen andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution! www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==
More information about the Users
mailing list