QoS: Pre-Classification

What happens when you have encrypted traffic that requires priority across a network before its encapsulated.  The ToS byte of the original packet is automatically copied to the tunnel header (IPSEC tansport, tunnel mode, and GRE tunnels) but this does not work for features like NBAR.

The problem derives from the fact that tunnel encapsulation prevents a router to take egress QoS actions based on encrypted traffic.  To resolve this, Cisco IOS includes QoS pre-classification.  This allows routers to make egress QoS decisions based on the original traffic, before encapsulation rather than encapsulating the tunnel header.  It works by keeping the original unencrypted traffic in memory until the egress QoS actions are taken.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s