The command "qos pre-classify", which we apply on a tunnel interface, in a crypto map, or on a virtual template interface, has always been a mystery to me. At last, after doing some research and testing I got a clear idea about it. Below is a list of facts we should heep in mind when we use this feature:
- The 'qos pre-classify' command configures the IOS to make a temporary copy of the IP packet before it is encapsulated or encrypted so that the service policy on the (egress) interface can do its classification based on the original (inner) IP packet fields rather than the encapsulating (outer) IP packet header.
- The IOS by default copies the ToS byte from the inner IP packet to the ToS byte of the encapsulating IP packet when tunneling or encrypting (IPSec).
- If the classification is merely based on ToS byte (IP precedence or DSCP), qos pre-classify is not necessary.
- Applying a service policy to a physical interface causes that policy to affect all tunnel interfaces on that physical interface.
- Applying a service policy to a tunnel interface affects that particular tunnel only and does not affect other tunnel interfaces on the same physical interface.
- When we apply a QoS service policy to a physical interface where one or more tunnels emanate, the service policy classifies IP packets based on the post-tunnel IP header fields.
- When we apply a QoS service policy to a tunnel interface, the service policy performs classification on the pre-tunnel IP packet (inner packet).
- If we want to apply a QoS service policy to the physical interface, but we want classification to be performed based on the pre-tunnel IP packet, we must use the qos pre-classify command.
1 comment:
example: for option no.3
ip access-list extended CCTV
permit tcp any any range 8000 9000
permit udp any any range 8000 9000
class-map match-any CCTV
match access-group name CCTV
policy-map CCTVQoS
class CCTV
priority percent 50
set dscp ef
class class-default
fair-queue
interface FastEthernet0/0
bandwidth 2000
description ** WAN bandwidth 2M **
ip nbar protocol-discovery
service-policy output CCTVQoS
Post a Comment