An important consideration which has been discussed previously, is allowance in the Pipe Total
values for the overhead used by VPN protocols. As a rule of thumb, a pipe total of 1700 bps is
reasonable for a VPN tunnel where the underlying physical connection capacity is 2 Mbps.
It is also important to remember to insert into the pipe all non-VPN traffic using the same
physical link.
The pipe chaining can be used as a solution to the problem of VPN overhead. A limit which allows
for this overhead is placed on the VPN tunnel traffic and non-VPN traffic is inserted into a pipe
that matches the speed of the physical link.
To do this we first create separate pipes for the outgoing traffic and the incoming traffic. VoIP
traffic will be sent over a VPN tunnel that will have a high priority. All other traffic will be sent at
the best effort priority (see above for an explanation of this term). Again, a 2/2 Mbps symmetric
link is assumed.
The pipes required will be:
• vpn-in
• Priority 6: VoIP 500 Kbps
• Priority 0: Best effort
Total: 1700
• vpn-out
• Priority 6: VoIP 500 Kbps
• Priority 0: Best effort
Total: 1700
• in-pipe
• Priority 6: VoIP 500 Kbps
Total: 2000
• out-pipe
• Priority 6: VoIP 500 Kbps
Total: 2000
The following pipe rules are then needed to force traffic into the correct pipes and precedence
levels:
Rule
Name
Forward
Pipes
Return
Pipes
Src
Int
Source
Network
Dest
Int
Destination
Network
Selected
Service
Prece
dence
vpn_voip_out vpn-out
out-pipe
vpn-in
in-pipe
lan lannet vpn vpn_remote_net H323 6
vpn_out vpn-out
out-pipe
vpn-in
in-pipe
lan lannet vpn vpn_remote_net all_services 0
vpn_voip_in vpn-in
in-pipe
vpn-out
out-pipe
vpn vpn_remote_net lan lannet H323 6
vpn_in vpn-in
in-pipe
vpn-out
out-pipe
vpn vpn_remote_net lan lannet all_services 0
out out-pipe in-pipe lan lannet wan all-nets all_services 0
Chapter 10: Traffic Management
796
To Next Page
Loading...
