QoS pre-classification - Policy applied on physical interface can match clear text traffic using this feature.
e.g. GRE with IPSec
1. Case1 : no qos pre-classify
Matching of QoS traffic will be based on ESP on physical interface
2. Case2: qos pre-classify inside crypto-map attached to Physical interface
Matching of QoS traffic will be based on GRE traffic
crypto map MAP 10 ipsec-isakmp
set peer 18.104.22.168
set transform-set TRANS
match address CRYPTO-ACL
3. Case3: qos pre-classify on Tunnel interface
Matching will be done on clear-text traffic i.e. icmp etc.
When you turn on this feature on a tunnel interface (GRE/mGRE, IPIP, IPsec, Virtual-Template) you no longer need to apply a service policy inside the tunnel interface. Thanks to QoS preclassification, the service-policy applied at the interface level can “see” the tunnel encapsulated packets as is they cross the interface without any encapsulation. However, the physical interface level policy still accounts for tunnel header overhead, thus allowing for fair scheduling.
Policy applied on physical interface will match clear text traffic.
tunnel source 22.214.171.124
tunnel destination 126.96.36.199
ip unnumbered FastEthernet 0/0.146
qos pre-classify -> If turned on physical interface, it’ll provide us GRE traffic insight in class-map.
When configured on Tunnel interface, works for clear text traffic before GRE.
ip route 188.8.131.52 255.255.255.0 Tunnel0
ip access-list extended LOOPBACKS
permit ip 184.108.40.206 0.0.0.255 220.127.116.11 0.0.0.255
match access-group name LOOPBACKS
match dscp ef
shape average 256000
interface FastEthernet 0/0.146
service-policy output SHAPE_VLAN_146