Gunther Schadow wrote:
> Another unknown to me is whether the GIF tunnel will copy
> the TOS bits into the wrapper, and so, I can't use ALTQ at all.
If it does not currently, this, at least, should be simple to add.
> I just hope that in the future we will end up with a *consistent* set
> of firewall, IPsec, and QoS networking facilities that can all play
> together happyly and that can be managed at one point. I can see how
> this could be done in two ways:
VPNs took a while to understand and deploy for basic cases, and you're
trying to apply pretty advanced stuff to them - there's bound to be some
friction. The KAME guys do an amazing job with their networking stack,
but their focus just isn't QoS over VPNs, it's IPv6 and IPsec deployment
AFAIK. KAME is designed well enough to get you basic VPN functionality
for free, but integration and combination testing with all these more
exotic networking features eats up a lot of time. That's what we're for
(wanting to use these things over VPNs :-). And the KAME people are
extremely helpful and accessible when it comes to getting bug fixes (or
feature-enabling mods) into their tree.
Lars
--
Lars Eggert <[EMAIL PROTECTED]> Information Sciences Institute
http://www.isi.edu/larse/ University of Southern California
S/MIME Cryptographic Signature
