IPSec, Floating Rules and Traffic Shaping. Anyone got this working?
Hugh last edited by
someone please explain how you are using IPSec, Floating Rules and Traffic Shaping together under 2.0.
Looking at the different sysctl values for ipsec in the handbook:
Under the heading: ECN consideration on IPsec tunnels
Normal IPsec tunnel is described in RFC2401. On encapsulation, IPv4 TOS field (or, IPv6 traffic class field) will be copied from inner IP header to outer IP header. On decapsulation outer IP header will be simply dropped….
this suggests that the TOS bit is always copied on encapsulation regardless of how you set the sysctl value. Have I understood this correctly?
Therefore if you have an IP phone marking RTP taffic EF wouldn't this get copied through to the header of an IPSec packet when the RTP packet gets encapsulated? Shouldn't you be able to have a rule under the floating tab with an action of queue, the Diffserv Code Point set to EF and Ackqueue/Queue set to none/qVoIP. Shouldn't this then place the IPSec packets in the VoIP queue?
This isn't happening for me. Any suggestions or help would be really appreciated. Thanks.