Sunday, August 25, 2013

QoS for Virtual Private Networks (VPN)

Still discuss with QoS Classification part. When the packets cross virtual private network (VPN), that is encapsulated by encryption headers. The QoS are unable to examine and correctly classify packets. Not just the VPN are unable to examine, the tunnel is also. The VPN is actually simillar with tunnel feature.

 #### Configuring with 'qos pre-classify'

 #### VPN for GRE and IPIP, applied on the tunnel interface, making QoS a configuration option on a per-tunnel basis
IOS(config)# interface tunnel0 
IOS(config-if)# qos pre-classify

 #### VPN for L2F and L2TP, applied on the virtual template interface, L2TP identical VPDN so QoS can be configured on a per-VPDN tunnel basis
IOS(config)# interface virtual-template1 
IOS(config-if)# qos pre-classify

 #### VPN for IPSec, applied on crpto map, QoS on the interface carrying the crypto map are able to classify packets before ecryption
IOS(config)# crypto map secured-partner-1
IOS(config-crypto-map)# qos pre-classify

 #### Verify QoS for VPNs

 IOS# show interfaces
...
Queuing Strategy: fifo (QOS pre-classification)
...

 IOS# show crypto map
...
QoS pre-classification
...

Posted by Hermawan Widiyanto at 1:51 PM

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)