Let's say, packets from my internal network arrive to ASA's outside interface in the following order (Data, Video) ->DDDVVDVDVDDV->Internet

Can I prioritise Video (so it'll leave first) and change it to DDDDDDVVVV->Internet

Also, can I prioritise incoming traffic from the Internet on my ASA? Based on destination IP or ports?

Thanks.

You should be able to set it to leave first alright that shouldn't be an issue one way by setting af41 in a priority queue so its serviced first before anything but nothing upstream will honour the markings as you have no control over it.

Also, can I prioritise incoming traffic from the Internet on my ASA? Based on destination IP or ports? No this wont work

Hi so qos wont work over an internet link unless its tunnelled end - end

I would say, a tunnel across the Internet doesn't guarantee QoS will be useful and not having a tunnel across the Internet also doesn't mean QoS isn't useful.

The "key" to generally having useful QoS across the Internet is if you "control" the bandwidth at your Internet ingress/egress points, and that the Internet doesn't congest between your Internet ingress/egress points.

For example, consider two sites, each with a 100 Mbps Ethernet Internet connection.  Assuming that both those sites only have inter-site traffic, you effectively have a 100 Mbps p2p connection.  You can add physical egress QoS, to manage congestion just as you would any other p2p 100 Mbps link.

Or for example, consider one site has a 100 Mbps Internet connection and two other sites have a 50 Mbps Internet connections.  Using a logical hub-and-spoke topology, and shaping 50 Mbps at the 100 Mbps (hub) site, traffic to each 50 Mbps (spoke) site, you effectively have two 50 Mbps p2p connections.  At the 50 Mbps sites, you can add physical egress QoS, to manage congestion just as you would any other p2p 50 Mbps link.  At the 100 Mbps site, you can use QoS to manage the congestion on the two 50 Mbps shapers, much as you would if you were using QoS on two 50 Mbps physical egress interfaces.

Where you'll have problems, with effective QoS, is if you try to "share" Internet bandwidth with general Internet traffic, or in my example of 3 sites, if you try allow any-to-any traffic flows.

Thanks joseph that's a good example , the one issue im always concerned about qos when not tunnelled on the internet is the ISP wont provide any priority to the marked TOS packets , if its not tunnelled will it not defeat the purpose of Qos if everything is given the same priority anyway by the ISP when it reaches there network , at least when your in the tunnel you can make sure the packets are not re-written  end - end

When it comes to ToS markings, notice I didn't mention them.  One reason I didn't, ISPs generally don't provide any different service treatment based on ToS markings.  For what I described, ToS markings, unless the ISP is treating them differently, doesn't make any difference.

You're correct, if you desire to "protect" your ToS markings from ISP changes, encapsulating the packet should generally guarantee that. However, ISPs generally also don't remark your packets, as again, they tend to just ignore your ToS markings.

If your ToS markings are needed, between sites, besides possibly protecting them in a encapsulated packet, you could also remark them, as needed, upon ingress from the Internet.