Firewall Wizards mailing list archives
Re: qos pre-classify
From: tami <deadboy () tox mine nu>
Date: Tue, 06 Mar 2007 18:25:44 +0900 (JST)
Hi Tlec - Thanks for your reply! Following your suggestions I went through some more docs, and tried to go with the example config at <http://www.cisco.com/warp/public/105/pppoe_qos_dsl.html>, but it looks like my poor 1720 is not up to that.. be it through any encapsulations or not... applying a service-policy on Dialer1 interface returns "GTS : Not supported on this interface." I still wonder how you'd do it if GTS was actually supported on the egress interface, which is ALSO bound to a crypto map, and also to which packets are routed from a tunnel interface... Upon reading the doc at <http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122newft/122t/122t2/ftqosvpn.htm#40881>, I get a feeling that QoS preclassification feature is required?? I'd love to hear any comments, TIA -tami firewall-wizards-request> Date: Wed, 28 Feb 2007 13:54:27 +0000 firewall-wizards-request> From: "Eagle Fire" <tlecuauhtli () googlemail com> firewall-wizards-request> Subject: Re: [fw-wiz] qos pre-classify firewall-wizards-request> To: "Firewall Wizards Security Mailing List" firewall-wizards-request> <firewall-wizards () listserv icsalabs com> firewall-wizards-request> Cc: firewall-wizards () listserv cybertrust com firewall-wizards-request> Message-ID: firewall-wizards-request> <8fbe4a270702280554y453e251bs9de9e2199bea827c () mail gmail com> firewall-wizards-request> Content-Type: text/plain; charset=UTF-8; format=flowed firewall-wizards-request> firewall-wizards-request> Why do not use ACL or route-maps in the ingress interface to mark firewall-wizards-request> your Voip packets, then apply some queueing method on the egrees firewall-wizards-request> interface and you should have it. firewall-wizards-request> firewall-wizards-request> May be this link could be usefull. It's quite general but you can firewall-wizards-request> use it to start. firewall-wizards-request> firewall-wizards-request> http://www.cisco.com/en/US/tech/tk543/tsd_technology_support_category_home.html firewall-wizards-request> firewall-wizards-request> I think you could use CBWFQ or LLQ. firewall-wizards-request> firewall-wizards-request> -Tlec firewall-wizards-request> firewall-wizards-request> On 23/02/07, tami <deadboy () tox mine nu> wrote: firewall-wizards-request> > Dear Wizards - firewall-wizards-request> > firewall-wizards-request> > I have this GRE/IPSec tunnel between a Cisco1720 running 12.2(11)T10 and a linux router, just to see what kind of things I can do or not with it. And now trying to prioritize RTP voice packets over others that go through the tunnel.. the linux box has a POT line card installed and is running Asterisk, and there's an IP phone (Snom220) on the Cisco side, so the voice packets are ESP'ed and then dispatched to the remote ends. firewall-wizards-request> > firewall-wizards-request> > So far I've come to conclude that on Cisco, the ingress tunnel interface would need to be set to "qos pre-classify", but the command is not available on this model, so issuing a service-policy on egress Di1 interface won't be of any use.. firewall-wizards-request> > firewall-wizards-request> > Q1. Is it correct? firewall-wizards-request> > firewall-wizards-request> > Also on the linux side, I'm not having much luck so far... what I did was to mark relevant packets in OUTPUT chain on mangle table, defined qdiscs and classes on egress ppp0, and applied tc filters with the corresponding fwmarks. But it seems like tc is not able to recognize the fwmark that was set on iptables before the packets are encrypted.. firewall-wizards-request> > firewall-wizards-request> > Q2. Am I assuming correct? and if i am, is there any other way I can follow.. something like an linux equivalent of "qos pre-classify" so that I can try TOS target instead of MARK target on mangle table? firewall-wizards-request> > firewall-wizards-request> > Please forgive me I have had no prior knowledge on QoS, if you could share your knowledge I'd truly appreciate it. -tami firewall-wizards-request> > _______________________________________________ firewall-wizards-request> > firewall-wizards mailing list firewall-wizards-request> > firewall-wizards () listserv icsalabs com firewall-wizards-request> > https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards firewall-wizards-request> > _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: qos pre-classify Eagle Fire (Mar 01)
- <Possible follow-ups>
- Re: qos pre-classify tami (Mar 06)