An ISP using PacketShaper to manage its WAN links who also hosts dial-in users for Hughes Network Systems DirecPC system return path may experience slow connections or even system timeouts.

This note explains how to work around the problem.

CAUSE:
The DirecPC data that the ISP handles is all requests and data ACKs. The majority of the traffic is small single packets. The actual impact on an ISPs outbound traffic is minimal.

DirecPC return packets are IP packets encapsulated within another IP header -- in effect, IP wrapped in IP. 

However, in the IP header the second packet is identified as TCP, when it is actually IP. PacketShaper sees a packet that says it is IP-TCP that is really IP-IP and assumes it is a malformed packet and discards it.

SOLUTION:
The solution is to tell PacketShaper to ignore the DirecPC packets. However, a conventional ignore policy still goes through the standard classification process, which is what causes the DirecPC packet to be discarded.

You will use a hidden command-line feature called IP passthrough to tell PacketShaper to pass through all traffic destined for a DirecPC Proxy Gateway.

The IP passthrough command is stored in volatile memory; if PacketShaper resets, the command will be lost. To keep the passthrough command active, you will put it in the startup.cmd file -- a file whose commands are executed every time PacketShaper boots.

Before you start, you need to know the IP address of the DirecPC Proxy Gateway that the dial-in users are accessing. You can identify the DirecPC Proxy Gateways through the DirecPC client software. Check the Turbo Internet Properties and look in the Protocol tab to see the IP address of the client's proxy.

To create the startup.cmd file with the IP passthrough command:

1. In a text editor, create a new file.

2. Type the following: ip passthrough inside dst ipaddr

Where inside refers to the side of PacketShaper that the data originated on, dst means that you are looking for a destination address, and ipaddr is the IP address of a DirecPC Proxy Gateway. Make sure you press the Enter key at the end of the line.

A complete example would be:
ip passthrough inside dst 201.71.99.13

3. Save the file as startup.cmd, taking note in which directory you save it.

4. FTP the startup.cmd file to the root directory on the unit's flash disk.

5. Telnet to PacketShaper. Type ls -l to make sure the startup.cmd file is in the root directory.

Type cat startup.cmd to verify the command in the file. Type reset to reset PacketShaper.

6. Once PacketShaper comes back up, telnet to it. Type ip show to confirm that the filter is in effect.

You should see the following:
Relay all traffic. 
Exclude Filters: total 1 [20] hits 0 INSIDE dst 201.71.99.13 (ffffffff) --> passthru

PacketShaper is now configured to pass through all traffic heading to the DirecPC proxy servers.

If your customers are using more than one Proxy Gateway you must put a separate IP passthrough command in the startup.cmd file for each Gateway.