Home > CCNP, ONT > OTN – QoS over VPN

OTN – QoS over VPN

I’ve completed my QoS video series and want to summarize the QoS part of my studies with two posts: QoS over VPN and AutoQoS.

If you work with VPNs or passed the ISCW exam you know that today’s networks use VPN more than ever as a major tool. It is not a last resort solution but an acceptable option for many organizations.

The first question we have to ask is: Can QoS work over VPN?

The short answer is no. The internet is not controllable enough to guarantee bandwidth or pass information (marking) between routers. When the marked packet leave your network you cannot control where it will be routed, which networks it will pass and obviously ISP, other than your own will not look at your QoS requirements.

The longer and more complex answer is no, it is not possible to guarantee QoS over the internet UNLESS your ISP carry the traffic point-to-point. In today’s world it would work even if you cross ISPs if they share QoS information (like the airline code sharing that get you miles flying other carriers).

Pre-Classify – when a packet is sent over a VPN tunnel it will first be processed by the VPN process, which hide the details of the header but keep marking if available.

The next step is pre classify command, the QoS process determines which header you use for classification – this can be a problem. Since the VPN encrypted the data (like ports or IPs) it cannot sort traffic by type.
This is a major limitation of QoS over VPN (but hey, we can’t be too greedy!).

The other side of the tunnel accept the encrypted packet and process it. The command for pre classify reverse the process so the router can see the hidden details.

This command can be applied on the tunnel interface or via crypto-map.

Though limited and not as powerful as normal QoS, we can keep some QoS information and pass it across VPN tunnels. It is not a perfect solution and as VPNs take bigger part of the network the solutions will improve but it is better than nothing and can save some of the processing resources that would be required if we do not use any QoS method over the VPN.

  1. May 12, 2010 at 8:51 pm

    Hello my name is Anthon, I really liked your article! Nice work

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: