From: Serhat Aslan (serhatworks@gmail.com)
Date: Mon Jun 16 2008 - 06:00:30 ART
this Links must help:
http://www.cisco.com/en/US/tech/tk543/tk757/technologies_tech_note09186a00800b3d15.shtml
by the way, I can't find the packet flow diagram at the "cisco.com" (must
be there ). It was a clean flow-diagram of the packet processing including
(nat,access-list,cef,qos,crypto-engine,etc..) steps.
Serhat Aslan
On Sun, Jun 15, 2008 at 5:30 PM, Alexei Monastyrnyi <alexeim@orcsoftware.com>
wrote:
> Daniel,
> tis URL is good as well as this one:
>
> http://www.cisco.com/en/US/products/ps6635/products_white_paper09186a0080189048.shtml
> or this one:
>
> http://www.cisco.com/en/US/docs/ios/12_2t/12_2t2/feature/guide/ftqosvpn.html#wp1020819
>
> yet they are a bit unclear education-wise, one has to know 50% of the
> answer, per se, to interpret them right. :-)
>
> just IMO,
> A.
>
> Daniel Fredrick wrote:
>
>> Maybe this will help.
>>
>>
>> http://www.cisco.com/en/US/tech/tk543/tk545/technologies_tech_note09186a008017405e.shtml
>>
>> Here is a good part...
>>
>>
>> Where Do I Apply the Service Policy?
>>
>> You can apply a service policy to either the tunnel interface or to the
>> underlying physical interface. The decision of where to apply the policy
>> depends on the QoS objectives. It also depends on which header you need to
>> use for classification.
>>
>> *
>>
>> Apply the policy to the tunnel interface without
>> *qos-preclassify* when you want to classify packets based on the
>> pre-tunnel header.
>>
>> *
>>
>> Apply the policy to the /physical/ interface without
>> *qos-preclassify* when you want to classify packets based on the
>> post-tunnel header. In addition, apply the policy to the
>> physical interface when you want to shape or police all traffic
>> belonging to a tunnel, and the physical interface supports
>> several tunnels.
>>
>> *
>>
>> Apply the policy to a /physical/ interface and enable
>> *qos-preclassify* when you want to classify packets based on the
>> pre-tunnel header.
>>
>> HTH,
>>
>> Dan
>>
>>
>> On Fri, Jun 13, 2008 at 4:31 PM, Alexei Monastyrnyi <
>> alexeim@orcsoftware.com <mailto:alexeim@orcsoftware.com>> wrote:
>>
>> Hi.
>>
>> To second Luan I'd recommend you to have a look at /Cisco Press
>> book "Comparing Designing and Deploying VPNs", chapter 7
>> "Designing QoS for IPSec VPNs" examples 7.65 - 7.68 for crypto
>> maps and further ones for GRE tunnels.
>>
>> qos pre-classify temporarily stores L3/L4 information which may be
>> needed for QoS classification etc of protected traffic.
>>
>> HTH
>> A.
>>
>> Gyuri Gabor wrote:
>>
>> Dear group member!
>>
>> I tried to find the exact description of qos-preclassify
>> command on CCO, but I
>> could not.
>> Here is an explanation I could extract:
>>
>> If I have a main interface that:
>> - has service-policy output based on L4 pclassification,
>> - it is a GRE/IPSec tunnel endpoint, no native traffic is
>> passing through,
>> then the serice-policy has no effect, as the outgoing packets
>> are allready
>> encapsulated into tunnels, so L4 filter does not match..
>>
>> Applying qos pre-classify on main interface case that the
>> service-policy is
>> applied on output packets before encapsulation.
>>
>> My questions:
>> - Do I think right?
>> - Is it possible to implement queuing on main interface this
>> way, or only
>> marking will work?
>> - Is DSCP copied to GRE/IPSEC tunnel header automatically
>> with or without
>> using qos pre-classify?
>>
>> Thanks,
>> Gabor
>>
>>
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
>>
>>
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
>>
>
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Tue Jul 01 2008 - 06:23:21 ART