Document TC/IPSec issue

Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2020-08-02 12:23:54 -07:00
parent bc4c6637c3
commit 2f56edc1ed
No known key found for this signature in database
GPG Key ID: 96E6B3F2423A4D10
2 changed files with 15 additions and 0 deletions

View File

@ -93,6 +93,13 @@
qdisc but seems to provide a benefit when the actual link output
temporarily drops below the limit imposed by tbf or when tbf allows a
burst of traffic to be released.</para>
<caution>
<para>IPSec traffic passes through traffic shaping twice - once en clair
and once encrypted and encapsulated. As a result, throughput may be
significantly less than configured if IPSEC packets form a significant
percentage of the traffic being shaped.</para>
</caution>
</section>
<section>

View File

@ -385,6 +385,14 @@
The default burst is 10kb, but on my 50mbit line, I specify 200kb.
(50mbit:200kb).</para>
</note>
<caution>
<para>Incoming IPSec traffic traverses traffic shaping twice -
firs as encrypted and encapsulated ESP packets and then en clair.
As a result, incoming bandwidth can be significantly less than
specified if IPSEC packets form a significant part of inoming
traffic.</para>
</caution>
</listitem>
<listitem>