Qos on input, Qos on vpn, Qos on input -17 qos on vpn -17 – Enterasys Networks Security Router X-PeditionTM User Manual
Page 299
QoS on Input
XSR User’s Guide 12-17
Priority levels range from 0 (lowest) to 7.
6.
Create a traffic policy.
policy-map <policy-map-name>
7.
Optional. Mark the IEEE 802.1 priority in the output VLAN header.
set cos <0 - 7>
8.
Attach the service policy to the input or output interface.
interface <Interface name> <slot/card/number> service-policy <input | output>
<policy-map-name>
You can set the service policy on an incoming or outgoing interface.
on page 12-28 for a configuration example.
QoS on Input
QoS on input and QoS on output share a common configuration and set of features. QoS on input
is configured with a policy map in the same way as Qos on output - with the
service-policy
input policy-map-name command. One policy map may be applied at the same time on one
interface as input and on the other as output. QoS features that are configured on the policy map
but are not applicable to input direction are automatically removed by the XSR.
QoS on input shares the following features with the Qos on output:
•
Classification by class-maps: Both QoS on input and output provide classification
•
Marking per traffic flow: QoS on input marks DSCP and IP precedence fields
•
Policing per traffic class with actions for exceed and violate traffic
An exception to the shared qualities: QoS on input does not buffer packets - it applies QoS actions
on a packet-per-packet basis with no buffering. Other output QoS features not performed by QoS
on input include:
•
Shaping
•
Bandwidth sharing with the
bandwidth command
•
Prioritization with the
priority command
•
Marking of the CoS bit in the VLAN header
•
RED or WRED
For QoS on Input configuration examples, refer to
and subsequent examples.
QoS on VPN
QoS on VPN provides classification, policing, marking, shaping, and prioritization for managing
traffic that transits VPN tunnels. The XSR’s implementation of QoS on VPN uses a class-based
interface for configuring QoS similar to QoS configuration on other non-VPN interfaces.
In a typical VPN environment, packets are encrypted and/or encapsulated in VPN tunnels. The
original packet header (inner header) and its contents are modified and encapsulated in a new
packet with a new header (outer header). At the output physical interface only the outer header is
visible. This situation presents a challenge for QoS on the output interface to identify and classify
packets based on the inner header and their original content. But it is addressed by the XSR’s
support of copying ToS bits from the inner to the outer header with the
copy-tos command.