Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

QoS pre-classify. How it can be useful?

How QoS pre-classify can be useful in WAN deployment with VPN?

5 REPLIES
Hall of Fame Super Bronze

Re: QoS pre-classify. How it can be useful?

If QoS markings are applied before they enter the router, these markings will be automatically reflected into the GRE or IPSec header.

If QoS markings are applied on the router itself, these markings won't be reflected into the GRE or IPSec header without the QoS Pre-classify command.

HTH,

__

Edison.

New Member

Re: QoS pre-classify. How it can be useful?

If I want to implement QoS in the WAN should I use QoS pre-classify?

I mean what is the best practice to implement QoS and do I need to implement QoS pre-classify in this solution?

Hall of Fame Super Bronze

Re: QoS pre-classify. How it can be useful?

I already addressed on which situation you would use QoS pre-classify.

Having QoS pre-classify in the VPN config (either on the GRE tunnel or within the IPSec policy) wouldn't affect the QoS markings but not having QoS pre-classify in some QoS scenarios - such as performing QoS markings in the router itself - would affect QoS.

There is no best practice. You need to understand what the command actually does. I explained what it does already.

__

Edison.

New Member

Re: QoS pre-classify. How it can be useful?

In addition to what Edison has stated, you typically use qos pre-classify in one of the following ways:

- if you already have IP Prec/DSCP markings in the ToS byte and that is all you need to use to classify the traffic (as opposed to using things such as source/dest ip, source/dest port number, etc) then you don't need to use qos pre-classify because as Edison said, the pre-tunnel IP header is automatically copied to the post-tunnel IPSec or GRE header

- if you want to classify traffic based on something other than IP Prec/DSCP markings (such as source/dest ip, protocol, port number, etc) then you either:

- apply the service-policy to the tunnel interface without qos pre-classify if you want to use the pre-tunnel header

- apply the service-policy on the physical interface without using the qos pre-classify command if you want to classify traffic on the post-tunnel header

- apply the service-policy on the physical interface with the qos pre-classify command if you want to use the pre-tunnel header

Super Bronze

Re: QoS pre-classify. How it can be useful?

Perhaps to add to both to the information that the other posters have provided, and to clarify QoS pre-classify, you need to understand, by default, if you QoS analyze encrypted packets that's all your QoS analysis "sees" except for the original (pre VPN) packet's DSCP marking (which is copied to the VPN packet).

What pre-classify does is provide a copy of the original packet's header so that QoS analysis applied to the VPN packets can "see" this information.

For example, QoS analysis of VPN packets, by default, could not easily distinguish between a telnet or a FTP packet. With pre-classify active, QoS analysis could "see" a copy of the original packet's IP addresses, protocol and port numbers.

PS:

Something I'm not sure about, how deeply pre-classify supports QoS analysis. For instance, some NBAR analysis might not work. Again, though, not sure.

4263
Views
0
Helpful
5
Replies
CreatePlease to create content