forked from extern/shorewall_code
Document TC/IPSec issue
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
parent
bc4c6637c3
commit
2f56edc1ed
@ -93,6 +93,13 @@
|
||||
qdisc but seems to provide a benefit when the actual link output
|
||||
temporarily drops below the limit imposed by tbf or when tbf allows a
|
||||
burst of traffic to be released.</para>
|
||||
|
||||
<caution>
|
||||
<para>IPSec traffic passes through traffic shaping twice - once en clair
|
||||
and once encrypted and encapsulated. As a result, throughput may be
|
||||
significantly less than configured if IPSEC packets form a significant
|
||||
percentage of the traffic being shaped.</para>
|
||||
</caution>
|
||||
</section>
|
||||
|
||||
<section>
|
||||
|
@ -385,6 +385,14 @@
|
||||
The default burst is 10kb, but on my 50mbit line, I specify 200kb.
|
||||
(50mbit:200kb).</para>
|
||||
</note>
|
||||
|
||||
<caution>
|
||||
<para>Incoming IPSec traffic traverses traffic shaping twice -
|
||||
firs as encrypted and encapsulated ESP packets and then en clair.
|
||||
As a result, incoming bandwidth can be significantly less than
|
||||
specified if IPSEC packets form a significant part of inoming
|
||||
traffic.</para>
|
||||
</caution>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
|
Loading…
Reference in New Issue
Block a user