Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1261
Views
0
Helpful
4
Replies

Applying QoS within IPSec and GRE tunnels..

jitendraanbu
Level 1
Level 1

‎07-02-2012 11:43 PM - edited ‎03-04-2019 04:51 PM

Tunnel Diagram
QoS setup.jpg

Hi all, I have an uncommon situation and would like Cisco’s take on it.As per the above diagram

We have a requirement where we need to classify and mark traffic on the egress (on the CE routers).

The transmission media for this traffic is PPPoE. This PPPoE transmission is via RF and get’s terminated on the ISP PE routers (as per attached figure).

Once we have L3 reachability between CE sites we build GRE tunnels from the hub site (C) to the two spokes (A & B). Over the GRE we run IPSec . Inside IPSec we enable BGP.

The question:

Our egress classification and marking is meant to be acknowledged and prioritised by the ISP, as you can see this traffic is within two tunnels - can this be done? Assuming both us & the ISP are using Cisco devices running code 12.4 or higher.   

Many thnaks,

Jit

Labels:
0 Helpful
4 Replies 4

Vivek Ganapathi
Level 4
Level 4

‎07-03-2012 06:24 AM

Hello Jit,

Firstly, I'm not from Cisco Neither the information i have provided below is a view of Cisco.

IMHO, this is not possible. The reason is, your packet is already encrypted & gets inside the tunnel. Your ISP is just a transit path for you thats all. Not sure as to why you would like your ISP to respect your marking when you have a tunnel going on between sites? You need QoS between your sites, so you can keep your ISP apart from it.

Regards,

Vivek.

0 Helpful

jitendraanbu
Level 1
Level 1
In response to Vivek Ganapathi

‎07-03-2012 08:25 PM

Hello there, thanks for your response. This is exactly how I feel about this as well. It is not doable, as the packets are encrypted & it's transparent to the ISP.

Rgds,

Jit

0 Helpful

Vivek Ganapathi
Level 4
Level 4
In response to jitendraanbu

‎07-03-2012 09:08 PM

Hello Jit,

Right. End-to-End QoS would be between your sites within the GRE tunnel. So, ISP wouldn't know as the QoS marking would be encapsulated as well within the GRE header.

So frankly speaking, you must not bother about the ISP's involvement to have your markings acknowledged. Remember, you are running GRE, so you would have the End-to-End QoS between your endpoints only.

Regards

Vivek

*Please rate helpful posts

0 Helpful

jitendraanbu
Level 1
Level 1
In response to jitendraanbu

‎07-03-2012 10:57 PM

Agai, I agree with you Vivek.

Disappointing no one from Cisco has commented on this.

Rgds,

Jit

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card