our network is ip N/w and our service provider is C&W MPLS N/w , we had configured Qos in our routers and marking done by using DSCP for voice traffic and for IPSEC traffic we are using access-list , i know few thing like if our data want to cross MPLS network, DSCP to IP Precedence mapping will be done in Provider Edge router because MPLS Qos is based on MPLS exp bit 3 bit , but my doubt is how the ipsec data will be marked in PE router of C&w which we had mark it by using Access-list...
For the IPSec marking's to work please enable "qos pre-classify" command in CE Router.
When packets are encapsulated by encryption headers, QoS features are unable to examine the original packet headers and correctly classify the packets. Packets traveling across the same tunnel have the same encrypted headers, so the packets are treated identically if the physical interface is congested. With the Quality of Service for Virtual Private Networks (VPNs) feature, packets can now be classified before the encryption occur.
The qos pre-classify command enables the QoS for VPNs feature .
but u r talking about VPN Qos , my doubt is in MPLS QOS
1.ip precedence value will be automatically copied int MPLS EXP bit
(3 bits). so if we are using DSCP for Marking Voice or Video traffic, manual mapping from DSCP to ip precedence should be done in PE router so that in MPLS core router (LSR) Marking of traffic will be done by using MPLS exp bit
here in our n/w for (IPSEC and applications traffic ) we are not using NBAR to mark the traffic, we had used access-list in order to mark the traffic.
so my doubt is how the packets marked by access-list in our (CE) router will be marked in (MPLS)PE router for Qos.
Normally DSCPs are values are backward compatible with IP precedence. When converting between IP precedence and DSCP, match the three most significant bits. So What ever dscp marking is done on , IP prec is set accordingly. Example DSCP = 46 ( priority class traffic ) , wiil have IP prec = 5 , and when in MPLS world it will automatically mapped to EXP = 5 in a labeled packet.
Although it's possible a particular MPLS provider could remark your packets, as Guru describes, normally one would expect MPLS providers to preserve your original marking. I.e. what the CE provides to the PE, the far side PE should provide to the CE.
The serveral MPLS providers I've encountered, when you exceed a contracted bandwidth, either will drop your packets outright, or mark the packets as being out-of-contract within their MPLS cloud, and more likely to be dropped if there's congestion, but still preserve the original ToS if the packet makes it to the other side.
For any particular provider, you would need to determine what they do.
The Cisco EPN system incorporates a network architecture designed to consolidate multiples services on a single Multiprotocol Label Switching (MPLS) transport network. This network is designed primarily based on Application Engineered...
Internet security is important with the increasing attacks that are happening every day. Many internet and browsing security solutions exist, but some are not very easy to use or maybe the question is how can I enable them?
Cisco Software Manager Server
This document describes the programmatic interfaces, RESTful APIs, which are supported by Cisco Software Manager Server (CSM Server).
CSM Server supports a set of finite RESTful APIs. The fir...