<br><font size=2><tt>what are you running on Fedora Core to shape the traffic?</tt></font>
<br>
<br><font size=2 face="sans-serif">Traffic Control "tc" is included
in the 2.4 kernel and forward. See http://lartc.org/. Basically,
I have a script that is setup as a service to set up the bridge and the
traffic control queues.</font>
<br>
<br><font size=2><tt>let's say that you have VPN site to site tunnels from
the FW behind the QoS machines towards a branch office and that some of
the traffic in the Tunnel has higher priority then other traffic. The QoS
device sees it all as encrypted traffic and can't help there. What would
you suggest? </tt></font>
<br>
<br><font size=2 face="sans-serif">If you want to shape VPN traffic, then
you would need to place the QoS behind the VPN box. So long as you can
route _all_ of your WAN traffic through QoS, it will be effective. Our
VPN traffic is all considered 'bulk' traffic so it isn't a concern of our
setup. Encrypted traffic is still a pain though. With Citrix for example,
all of our users are hitting the Metaframe server which has all traffic
encrypted with SSL all the way back to the client. So... I'm unable to
separate out Citrix printer traffic from interactive traffic. I just have
to look at source / destination (IP of our colocation facility) to determine
priority. We were able to come up with kind of a workaround though. We
put in a print server at colo instead of printing directly from the clients.
So this way the print server connects over the VPN to send a print job
to a printer. That print job then becomes bulk traffic. Pretty neat trick
IMO. ;)</font>
<br>