Re: Using PF to QoS on tun interface

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

To: Nick Golder <nrg@...>

Cc: <misc@...>

Subject: Re: Using PF to QoS on tun interface

Date: Wednesday, January 2, 2008 - 3:30 pm

On Jan 2, 2008, at 10:17 AM, Nick Golder wrote:
> I inherited a system that is attempting (poorly) to QoS traffic going

quoted text> across a tun interface (which is being used by OpenVPN).  Examples,

> books, and ML suggest to tag on the internal interface ingress traffic

> and QoS on the external interface egress traffic.
Treat the tun interface as a "normal" one. I recently had the same

issue, and simply adapted TCP ACK priority to the interface, and found

that worked fine. I'm currently testing a smaller MTU to help with

fragmentation.
Scrub, by the way, also seems to work quite well.
> Since the traffic that I want to QoS doesn't really have an egress

quoted text> interface to QoS on, I am trying to figure out a way to properly QoS

> the traffic.

>

> Here is a quick map on the traffic:

>

> rl0 <--> tun0 <--> OpenVPN <--> rl1 <--> Internet
i think you're missing a tunneling interface somewhere.
> The traffic I want to QoS on is ingress on rl0 which in turn is also

quoted text> ingress on tun0.  By the time it hits rl1, it is OpenVPN traffic.
Could you explain this again?
I've been doing foolish interface setup for a while now. My own

"privacy VPN" I have running to a co-located box looks a bit like this:
[internet] <--> [external interface] <--> [tun0] <--> [openvpn] <-->

[external interface]
I also have a LAN to colo box setup, using openvpn on a different port.
> Any recommendations on how to handle this?
Treat tun0 as a normal altq interface. So far, there's not been any

"real" issues with it co-existing with my normal altq rules for non-

VPN traffic on the router. The one thing I've not had is a "interface

speed conflict", since I arbitrarily reduced the bandwidth to somewhat

less than my external interface.
For my soekris LAN gateway:
altq on tun0 priq bandwidth 400Kb queue { vpn_tcp_ack, vpn_def,

vpn_null }

queue vpn_tcp_ack priority 7

queue vpn_def priority 1 priq(default)

queue vpn_null priority 0
pass out quick on tun0 proto tcp from ($int_if:network) to any \

         queue (vpn_def, vpn_tcp_ack)

pass out quick on tun0 proto { udp icmp } from ($int_if:network) to

any \

         queue vpn_def

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:

Using PF to QoS on tun interface, Nick Golder, (Wed Jan 2, 2:17 pm)

Re: Using PF to QoS on tun interface, johan beisser, (Wed Jan 2, 3:30 pm)


linux-kernel:
Greg Kroah-Hartman	[PATCH 012/196] nozomi driver
Ingo Molnar	Re: [patch 00/13] Syslets, "Threadlets", generic AIO support, v3
Rafael J. Wysocki	[PATCH -mm 5/6] Freezer: Remove PF_NOFREEZE from bluetooth threads
Ingo Molnar	Re: [PATCH 00/23] per device dirty throttling -v8
git:

linux-netdev:
David Miller	[GIT]: Networking
David Miller	Re: [PATCH] pkt_sched: Destroy gen estimators under rtnl_lock().
Gerrit Renker	[PATCH 15/37] dccp: Set per-connection CCIDs via socket options
Natalie Protasevich	[BUG] New Kernel Bugs
openbsd-misc:

Re: Using PF to QoS on tun interface

Online users