Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Applying QoS within IPSec and GRE tunnels..

Tunnel Diagram
QoS setup.jpg

Hi all, I have an uncommon situation and would like Cisco’s take on it.As per the above diagram

We have a requirement where we need to classify and mark traffic on the egress (on the CE routers).

The transmission media for this traffic is PPPoE. This PPPoE transmission is via RF and get’s terminated on the ISP PE routers (as per attached figure).

Once we have L3 reachability between CE sites we build GRE tunnels from the hub site (C) to the two spokes (A & B). Over the GRE we run IPSec . Inside IPSec we enable BGP.

The question:

Our egress classification and marking is meant to be acknowledged and prioritised by the ISP, as you can see this traffic is within two tunnels - can this be done? Assuming both us & the ISP are using Cisco devices running code 12.4 or higher.   

Many thnaks,

Jit

Everyone's tags (2)
4 REPLIES

Re: Applying QoS within IPSec and GRE tunnels..

Hello Jit,

Firstly, I'm not from Cisco Neither the information i have provided below is a view of Cisco.

IMHO, this is not possible. The reason is, your packet is already encrypted & gets inside the tunnel. Your ISP is just a transit path for you thats all. Not sure as to why you would like your ISP to respect your marking when you have a tunnel going on between sites? You need QoS between your sites, so you can keep your ISP apart from it.

Regards,

Vivek.

New Member

Re: Applying QoS within IPSec and GRE tunnels..

Hello there, thanks for your response. This is exactly how I feel about this as well. It is not doable, as the packets are encrypted & it's transparent to the ISP.

Rgds,

Jit

Re: Applying QoS within IPSec and GRE tunnels..

Hello Jit,

Right. End-to-End QoS would be between your sites within the GRE tunnel. So, ISP wouldn't know as the QoS marking would be encapsulated as well within the GRE header.

So frankly speaking, you must not bother about the ISP's involvement to have your markings acknowledged. Remember, you are running GRE, so you would have the End-to-End QoS between your endpoints only.

Regards

Vivek

*Please rate helpful posts

New Member

Re: Applying QoS within IPSec and GRE tunnels..

Agai, I agree with you Vivek.

Disappointing no one from Cisco has commented on this.

Rgds,

Jit

849
Views
0
Helpful
4
Replies
CreatePlease login to create content