Hi Tlec -
Thanks for your reply! Following your suggestions I went through some more
docs, and tried to go with the example config at
<http://www.cisco.com/warp/public/105/pppoe_qos_dsl.html>, but it looks like my
poor 1720 is not up to that.. be it through any encapsulations or not...
applying a service-policy on Dialer1 interface returns "GTS : Not supported on
this interface."
I still wonder how you'd do it if GTS was actually supported on the egress
interface, which is ALSO bound to a crypto map, and also to which packets are
routed from a tunnel interface...
Upon reading the doc at
<http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122newft/122t/122t2/ftqosvpn.htm#40881>,
I get a feeling that QoS preclassification feature is required??
I'd love to hear any comments, TIA -tami
firewall-wizards-request> Date: Wed, 28 Feb 2007 13:54:27 +0000
firewall-wizards-request> From: "Eagle Fire" <tlecuauhtli@googlemail.com>
firewall-wizards-request> Subject: Re: [fw-wiz] qos pre-classify
firewall-wizards-request> To: "Firewall Wizards Security Mailing List"
firewall-wizards-request> <firewall-wizards@listserv.icsalabs.com>
firewall-wizards-request> Cc: firewall-wizards@listserv.cybertrust.com
firewall-wizards-request> Message-ID:
firewall-wizards-request>
<8fbe4a270702280554y453e251bs9de9e2199bea827c@mail.gmail.com>
firewall-wizards-request> Content-Type: text/plain; charset=UTF-8; format=flowed
firewall-wizards-request>
firewall-wizards-request> Why do not use ACL or route-maps in the ingress
interface to mark
firewall-wizards-request> your Voip packets, then apply some queueing method on
the egrees
firewall-wizards-request> interface and you should have it.
firewall-wizards-request>
firewall-wizards-request> May be this link could be usefull. It's quite
general but you can
firewall-wizards-request> use it to start.
firewall-wizards-request>
firewall-wizards-request>
http://www.cisco.com/en/US/tech/tk543/tsd_technology_support_category_home.html
firewall-wizards-request>
firewall-wizards-request> I think you could use CBWFQ or LLQ.
firewall-wizards-request>
firewall-wizards-request> -Tlec
firewall-wizards-request>
firewall-wizards-request> On 23/02/07, tami <deadboy@tox.mine.nu> wrote:
firewall-wizards-request> > Dear Wizards -
firewall-wizards-request> >
firewall-wizards-request> > I have this GRE/IPSec tunnel between a Cisco1720
running 12.2(11)T10 and a linux router, just to see what kind of things I can
do or not with it. And now trying to prioritize RTP voice packets over others
that go through the tunnel.. the linux box has a POT line card installed and is
running Asterisk, and there's an IP phone (Snom220) on the Cisco side, so the
voice packets are ESP'ed and then dispatched to the remote ends.
firewall-wizards-request> >
firewall-wizards-request> > So far I've come to conclude that on Cisco, the
ingress tunnel interface would need to be set to "qos pre-classify", but the
command is not available on this model, so issuing a service-policy on egress
Di1 interface won't be of any use..
firewall-wizards-request> >
firewall-wizards-request> > Q1. Is it correct?
firewall-wizards-request> >
firewall-wizards-request> > Also on the linux side, I'm not having much luck so
far... what I did was to mark relevant packets in OUTPUT chain on mangle table,
defined qdiscs and classes on egress ppp0, and applied tc filters with the
corresponding fwmarks. But it seems like tc is not able to recognize the fwmark
that was set on iptables before the packets are encrypted..
firewall-wizards-request> >
firewall-wizards-request> > Q2. Am I assuming correct? and if i am, is there
any other way I can follow.. something like an linux equivalent of "qos
pre-classify" so that I can try TOS target instead of MARK target on mangle
table?
firewall-wizards-request> >
firewall-wizards-request> > Please forgive me I have had no prior knowledge on
QoS, if you could share your knowledge I'd truly appreciate it. -tami
firewall-wizards-request> > _______________________________________________
firewall-wizards-request> > firewall-wizards mailing list
firewall-wizards-request> > firewall-wizards@listserv.icsalabs.com
firewall-wizards-request> >
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
firewall-wizards-request> >
_______________________________________________
firewall-wizards mailing list
firewall-wizards@listserv.icsalabs.com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
|