Sunday, August 2, 2009

QoS pre-classify

QoS pre-classification - Policy applied on physical interface can match clear text traffic using this feature.

e.g. GRE with IPSec
1. Case1 : no qos pre-classify
Matching of QoS traffic will be based on ESP on physical interface

2. Case2: qos pre-classify inside crypto-map attached to Physical interface
Matching of QoS traffic will be based on GRE traffic
crypto map MAP 10 ipsec-isakmp
set peer
set transform-set TRANS
match address CRYPTO-ACL
qos pre-classify

3. Case3: qos pre-classify on Tunnel interface
Matching will be done on clear-text traffic i.e. icmp etc.

When you turn on this feature on a tunnel interface (GRE/mGRE, IPIP, IPsec, Virtual-Template) you no longer need to apply a service policy inside the tunnel interface. Thanks to QoS preclassification, the service-policy applied at the interface level can “see” the tunnel encapsulated packets as is they cross the interface without any encapsulation. However, the physical interface level policy still accounts for tunnel header overhead, thus allowing for fair scheduling.

Policy applied on physical interface will match clear text traffic.

interface Tunnel0
tunnel source
tunnel destination
ip unnumbered FastEthernet 0/0.146
qos pre-classify -> If turned on physical interface, it’ll provide us GRE traffic insight in class-map.
When configured on Tunnel interface, works for clear text traffic before GRE.
ip route Tunnel0
ip access-list extended LOOPBACKS
permit ip
match access-group name LOOPBACKS
match dscp ef
policy-map LLQ
policy-map SHAPE_VLAN_146
class class-default
shape average 256000
service-policy LLQ
interface FastEthernet 0/0.146
service-policy output SHAPE_VLAN_146