Print page | Print all

CCNP ONT Notes

4 Apr 2008

Chapter 6: Implementing QoS Pre-Classify and Deploying End-to-End QoS

QoS Pre-Classify

By default, when an IP packet is encapsulated into a tunnel, the IP ToS field is copied from the original header to the new one.

QoS preclassification is needed when other aspects (such as source and destination address or port) must be evaluated for the application of a QoS policy.

Preclassification creates a copy of the original (inner) packet header for the egress interface to reference when QoS is performed on the encapsulated (outer) packet header.

A service policy applied to a physical interface affects all tunnels originating from that interface.

qos pre-classify is applied to the virtual interface and/or crypto map: 

interface Serial0
 ip address 10.0.0.1 255.255.255.252
 service-policy WAN
!
interface Tunnel0
 ip address 192.168.0.1 255.255.255.252
 tunnel source serial0
 tunnel destination 10.0.0.2
 crypto map VPN
 qos pre-classify
!
crypto map VPN 10 ipsec-isakmp
 ...
 qos pre-classify

Deploying End-to-End QoS

Guidelines for implementing QoS:

  • Classify and mark traffic as close to the source as possible
  • Police traffic as close to the source as possible
  • Establish trust boundaries
  • Classify real-time traffic as high-priority
  • Use multiple queues on transmit interfaces
  • Prefer hardware-based QoS to software-based

Control Plane Policing (CoPP)

CoPP protects the control plane of a router or switch from excessive traffic.

Configuring CoPP:

  • Define packet classification criteria (class-map)
  • Define a service policy (policy-map)
  • Apply the service policy to the control plane (service-policy)

Configuration example limiting telnet traffic: 

class-map Telnet
 match access-group 100
!
policy-map Telnet_Access
 class Telnet
  police 8000 conform transmit exceed drop
!
control-plane
 service-policy input Telnet_Access
!
access-list 100 permit tcp any any eq telnet
« Chapter 5: Congestion Avoidance, Policing, Shaping, and Link Efficieny Mechanisms
Chapter 7: Implementing AutoQoS »

Leave a comment
(optional, will not be published)
(optional)

Comment Tips

  • You can use Markdown syntax for decoration. (Cheat sheet)
  • Links: [Google](http://google.com) or <http://google.com>
  • Use backticks around commands: `ip address 127.0.0.1`
  • Use indentations (tabs) for preformatted text (code blocks)