[c-nsp] Best configuration for IPSEC/GRE and QoS

[Andre Beck]

On Thu, Jul 29, 2004 at 12:38:51PM -0400, Mike Sawicki wrote:
> 
> I would like to prioritize all tunnel traffic with the most fascist
> policing possible, giving back only extra resources to misc.
> traffic.

The most fascist solution possible would probably be to PQ GRE, ESP
and IKE at the T1 interfaces. Of course this can force all other
traffic into starvation, but that's exactly what beeing fascist is
all about ;)

> [...]  What seems to be happening is a
> strict conforming of packets to the T1 limit, which is creating
> drops.  I would like to have the packets fair-queued or shaped
> by flow rather than dropped, but that doesn't seem to be working.

So then PQ isn't a solution, either, as it will do the exact same
thing. You can lengthen the queues a bit (trading RTT for drops),
but that will not help beyond a certain point. And I'm not sure
whether LLQ will be of any help here, but I don't have much background
in it, so I can easily be wrong.

-- 
                  The _S_anta _C_laus _O_peration
  or "how to turn a complete illusion into a neverending money source"

-> Andre Beck    +++ ABP-RIPE +++    IBH Prof. Dr. Horn GmbH, Dresden <-