Re: qos pre-classify

[tami <deadboy () tox mine nu>]

Hi Tlec -

Thanks for your reply! Following your suggestions I went through some more docs, and tried to go with the example 
config at <http://www.cisco.com/warp/public/105/pppoe_qos_dsl.html>, but it looks like my poor 1720 is not up to that.. 
be it through any encapsulations or not... applying a service-policy on Dialer1 interface returns "GTS : Not supported 
on this interface."
I still wonder how you'd do it if GTS was actually supported on the egress interface, which is ALSO bound to a crypto 
map, and also to which packets are routed from a tunnel interface... 
Upon reading the doc at 
<http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122newft/122t/122t2/ftqosvpn.htm#40881>, I get a 
feeling that QoS preclassification feature is required?? 

I'd love to hear any comments, TIA -tami



firewall-wizards-request> Date: Wed, 28 Feb 2007 13:54:27 +0000
firewall-wizards-request> From: "Eagle Fire" <tlecuauhtli () googlemail com>
firewall-wizards-request> Subject: Re: [fw-wiz] qos pre-classify
firewall-wizards-request> To: "Firewall Wizards Security Mailing List"
firewall-wizards-request>       <firewall-wizards () listserv icsalabs com>
firewall-wizards-request> Cc: firewall-wizards () listserv cybertrust com
firewall-wizards-request> Message-ID:
firewall-wizards-request>       <8fbe4a270702280554y453e251bs9de9e2199bea827c () mail gmail com>
firewall-wizards-request> Content-Type: text/plain; charset=UTF-8; format=flowed
firewall-wizards-request> 
firewall-wizards-request>    Why do not use ACL or route-maps in the ingress interface to mark
firewall-wizards-request> your Voip packets, then apply some queueing method on the egrees
firewall-wizards-request> interface and you should have it.
firewall-wizards-request> 
firewall-wizards-request>    May be this link could be usefull. It's quite general but you can
firewall-wizards-request> use it to start.
firewall-wizards-request> 
firewall-wizards-request> http://www.cisco.com/en/US/tech/tk543/tsd_technology_support_category_home.html
firewall-wizards-request> 
firewall-wizards-request>    I think you could use CBWFQ or LLQ.
firewall-wizards-request> 
firewall-wizards-request> -Tlec
firewall-wizards-request> 
firewall-wizards-request> On 23/02/07, tami <deadboy () tox mine nu> wrote:
firewall-wizards-request> > Dear Wizards -
firewall-wizards-request> >
firewall-wizards-request> > I have this GRE/IPSec tunnel between a Cisco1720 running 12.2(11)T10 and a linux router, 
just to see what kind of things I can do or not with it. And now trying to prioritize RTP voice packets over others 
that go through the tunnel.. the linux box has a POT line card installed and is running Asterisk, and there's an IP 
phone (Snom220) on the Cisco side, so the voice packets are ESP'ed and then dispatched to the remote ends.
firewall-wizards-request> >
firewall-wizards-request> > So far I've come to conclude that on Cisco, the ingress tunnel interface would need to be 
set to "qos pre-classify", but the command is not available on this model, so issuing a service-policy on egress Di1 
interface won't be of any use..
firewall-wizards-request> >
firewall-wizards-request> > Q1. Is it correct?
firewall-wizards-request> >
firewall-wizards-request> > Also on the linux side, I'm not having much luck so far... what I did was to mark relevant 
packets in OUTPUT chain on mangle table, defined qdiscs and classes on egress ppp0, and applied tc filters with the 
corresponding fwmarks. But it seems like tc is not able to recognize the fwmark that was set on iptables before the 
packets are encrypted..
firewall-wizards-request> >
firewall-wizards-request> > Q2. Am I assuming correct? and if i am, is there any other way I can follow.. something 
like an linux equivalent of "qos pre-classify" so that I can try TOS target instead of MARK target on mangle table?
firewall-wizards-request> >
firewall-wizards-request> > Please forgive me I have had no prior knowledge on QoS, if you could share your knowledge 
I'd truly appreciate it. -tami
firewall-wizards-request> > _______________________________________________
firewall-wizards-request> > firewall-wizards mailing list
firewall-wizards-request> > firewall-wizards () listserv icsalabs com
firewall-wizards-request> > https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
firewall-wizards-request> >
_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards