i have two vpn routers in my datacenter which is connected to MPLS cloud and around 1000 branch connected to mpls cloud by using BGP. i want to configure Qos for the ip sec traffic and make sure that this ipsec traffic is getting high priority than the other traffic. kindly find the attach file for my network topology.
i need some clarifications about few points below.
1. if it is ipsec traffic, the MPLS service provider unable to view the QOS marking (DSCP or IP precedence) because it the encrypted data so is it possible to mark the ipsec traffic in such way that MPLS service provider can receive and map it to MPLS exp bit 5.
2. if i just add the qos-preclassify command under crypto map and mark the traffic with DSCP or IP precedence or any value , will the service provider can able to identify the traffic and map it to EXP bit.
Because whenever a tunnel packet is generated, the new ip header is created where tos byte from original ip header is copied to this newly created header and this header is copied infront of encrypted original packet.
like [new ip header----encrypted original packet]
So if you have marking before packet enters the tunnel this marking will be available to provider network.
But assume that you have applied qos on egress interface then original packet header will be lost. But with help of qos-preclassify the original uncrypted packet is kept is memory until qos actions have take.
Like in your case if you have qos between your switch and vpn router then preclassify is not required. But if you are putting qos between vpn router and mpls cloud then pre-classification is must.
Introduction: The "external-out enable" command is available for
configuration under the "router ospf process" in case of the IOS-XR
operating system. This command basically enables advertisement of
intra-area routes on the device as external routes in th...
IntroductionIn this article we'll discuss how to troubleshoot packet
loss in the asr9000 and specifically understanding the NP drop counters,
what they mean and what you can do to mitigate them. This document will
be an ongoing effort to improve troublesh...