D-Link DFL-1660 User Manual page 510

10.1.10. More Pipe Examples
reasonable for a VPN tunnel where the underlying physical connection capacity is 2 Mbps.
It is also important to remember to insert into the pipe all non-VPN traffic using the same physical
link.
The pipe chaining can be used as a solution to the problem of VPN overhead. A limit which allows
for this overhead is placed on the VPN tunnel traffic and non-VPN traffic is inserted into a pipe that
matches the speed of the physical link.
To do this we first create separate pipes for the outgoing traffic and the incoming traffic. VoIP
traffic will be sent over a VPN tunnel that will have a high priority. All other traffic will be sent at
the best effort priority (see above for an explanation of this term). Again, we will assume a 2/2
Mbps symmetric link.
The pipes required will be:
• vpn-in
• Priority 6: VoIP 500 kpbs
• Priority 0: Best effort
Total: 1700
• vpn-out
• Priority 6: VoIP 500 kpbs
• Priority 0: Best effort
Total: 1700
• in-pipe
• Priority 6: VoIP 500 kpbs
Total: 2000
• out-pipe
• Priority 6: VoIP 500 kpbs
Total: 2000
The following pipe rules are then needed to force traffic into the correct pipes and precedence
levels:
Rule
Name
vpn_voip_out
vpn_out
vpn_voip_in
vpn_in
out
in
With this setup, all VPN traffic is limited to 1700 kbps, the total traffic is limited to 2000 kbps and
Forward Return Src
Pipes Pipes Int
vpn-out vpn-in lan
out-pipe in-pipe
vpn-out vpn-in lan
out-pipe in-pipe
vpn-in vpn-out vpn
in-pipe out-pipe
vpn-in vpn-out vpn
in-pipe out-pipe
out-pipe in-pipe lan
in-pipe out-pipe wan
Source Dest
Network Int
lannet vpn vpn_remote_net
lannet vpn vpn_remote_net
vpn_remote_net lan
vpn_remote_net lan
lannet wan
all-nets lan
510
Chapter 10. Traffic Management
Destination Selected
Network Service
H323
All
lannet H323
lannet All
all-nets All
lannet All
Prece
dence
6
0
6
0
0
0