Sunday, August 2, 2009

QoS pre-classify

QoS pre-classification - Policy applied on physical interface can match clear text traffic using this feature.

e.g. GRE with IPSec
---------------------
1. Case1 : no qos pre-classify
Matching of QoS traffic will be based on ESP on physical interface

2. Case2: qos pre-classify inside crypto-map attached to Physical interface
Matching of QoS traffic will be based on GRE traffic
e.g
crypto map MAP 10 ipsec-isakmp
set peer 2.2.2.2
set transform-set TRANS
match address CRYPTO-ACL
qos pre-classify


3. Case3: qos pre-classify on Tunnel interface
Matching will be done on clear-text traffic i.e. icmp etc.


When you turn on this feature on a tunnel interface (GRE/mGRE, IPIP, IPsec, Virtual-Template) you no longer need to apply a service policy inside the tunnel interface. Thanks to QoS preclassification, the service-policy applied at the interface level can “see” the tunnel encapsulated packets as is they cross the interface without any encapsulation. However, the physical interface level policy still accounts for tunnel header overhead, thus allowing for fair scheduling.

Policy applied on physical interface will match clear text traffic.

Config:
interface Tunnel0
tunnel source 155.1.146.6
tunnel destination 155.1.146.1
ip unnumbered FastEthernet 0/0.146
qos pre-classify -> If turned on physical interface, it’ll provide us GRE traffic insight in class-map.
When configured on Tunnel interface, works for clear text traffic before GRE.
!
ip route 150.1.1.0 255.255.255.0 Tunnel0
!
ip access-list extended LOOPBACKS
permit ip 150.1.6.0 0.0.0.255 150.1.1.0 0.0.0.255
!
class-map LOOPBACKS_DSCP_EF
match access-group name LOOPBACKS
match dscp ef
!
policy-map LLQ
class LOOPBACKS_DSCP_EF
!
policy-map SHAPE_VLAN_146
class class-default
shape average 256000
service-policy LLQ
!
interface FastEthernet 0/0.146
service-policy output SHAPE_VLAN_146

No comments:

Post a Comment