QOS - GRE Tunnel, Crypto and Marking within the cloud.

m-poole · ‎08-24-2004

Hi,

We have the following scenario -

|--R1---Z---R2---(cloud)---R3---Z---R4---|

|-----------GRE Tunnel----------|

Z are external cryptos, we have a GRE tunnel between R1 and R4 (the lines don't line up!!). Traffic passes through the tunnel fine.

We have found that traffic received on R1 ingress with a DSCP has that DSCP maintained through the tunnel, we can also re-mark that traffic on R1 ingress successfully.

The problem is we can't re-mark with a different DSCP when it traverses R2 and R3 (we guess it's because the traffic is encrypted and tunnelled), which are 7507's. We expected to be able to remark the tunnel traffic.

A couple of questions -

1. Should we be able to Re-mark the traffic? For some reason it won't match our class-maps.

2. Is a GRE tunnel the best solution for this?

Thanks.

Mat.

spremkumar · ‎08-24-2004

Hi

While encrypting using ipsec or GRE in R2 Router u need to have qos pre-classify command under the gre tunnel or crypto policies which will enable u to have ur qos feature working.i think this shuld help u out ..

regds

m-poole · ‎08-25-2004

Thanks for the reply. We rebooted the router this morning and it kicked into life!!

A couple of thoughts about your idea, firstly the tunnel was from R1, my interpretation of that command is that it should go on the endpoints of the tunnel? Also the command isn't available on the 7500's.

Thanks again,

pkokhan · ‎09-09-2004

I understand that u classify traffic on the edge routers R1 and R4. Why do you want to classify it again on the core R2 and R3? Should not the DSCP be preserved along the path ? Does not Z copy DSCP into ESP IP header?

m-poole · ‎09-13-2004

Yes the DSCP was preserved - we were simply trying to reclassify afterwards.