Nortel 4134 사용자 가이드
Crypto QoS (CBQ) for IPsec VPN
61
Figure 13
LLQ
LLQ
To avoid congestion on the crypto engine, you can classify traffic into the
desired classes using the QoS multifield classifier and apply CBQ with
associated committed rate and priority parameters for each crypto class.
desired classes using the QoS multifield classifier and apply CBQ with
associated committed rate and priority parameters for each crypto class.
Crypto interfaces do not support RED or policing, although marking can be
configured.
configured.
Packets that are classified into a leaf traffic class are placed in the
associated class queue. The CBQ scheduler periodically services the
queues of all leaf traffic classes on each crypto interface. The service that
each class queue receives depends on the service parameters (CR, PR,
Priority) assigned to it. Eight priority levels are supported, from priority 1
(highest) to priority 8 (lowest).
associated class queue. The CBQ scheduler periodically services the
queues of all leaf traffic classes on each crypto interface. The service that
each class queue receives depends on the service parameters (CR, PR,
Priority) assigned to it. Eight priority levels are supported, from priority 1
(highest) to priority 8 (lowest).
The crypto engine bandwidth varies for different packet sizes. Therefore,
for each class you must configure the committed rate as a percentage of
the crypto interface bandwidth. The average bandwidth for the interface is
calculated by the number of bytes processed by the crypto engine in a
given interval. This bandwidth is used to calculate the average interface
bandwidth using the exponentially weighted moving average. This ensures
low latency without sacrificing the interface bandwidth.
for each class you must configure the committed rate as a percentage of
the crypto interface bandwidth. The average bandwidth for the interface is
calculated by the number of bytes processed by the crypto engine in a
given interval. This bandwidth is used to calculate the average interface
bandwidth using the exponentially weighted moving average. This ensures
low latency without sacrificing the interface bandwidth.
Nortel Secure Router 4134
Security — Configuration and Management
NN47263-600
01.02
Standard
10.0
3 August 2007
Copyright © 2007, Nortel Networks
.