router(config-if)# qos pre-classify
• Enables the QoS preclassification feature.
• This command is restricted to tunnel interfaces, virtual templates, and crypto maps.
• Introduced for Cisco 2600 and 3600 in Cisco IOS Release 12.2(2)T.
GRE and IPIP Tunnels router(config)# interface tunnelO router(config-if)# qos pre-classify
L2F and L2TP Tunnels router(config)# interface virtual-templatel router(config-if)# qos pre-classify
IPSec Tunnels router(config)# crypto map secured-partner router(config-crypto-map)# qos pre-classify
The qos pre-classify Cisco IOS command enables the QoS preclassification feature. The command can be applied to a tunnel interface, a virtual template interface, or a crypto map.
The figure shows the successful configuration of the qos pre-classify command.
The configuration of the branch router is shown as follows:
■ On the S0/0 interface, there is an outgoing service policy that sets the bandwidth of the interface at 128 kbps and is policed at a rate of 256 kbps. This policy is applied to any match in the class map branch 110.
■ A traffic tunnel has been built on interface S0/0 (whose destination is HQ for this branch IP address 188.8.131.52). It is on this traffic tunnel that QoS preclassification has been configured.
The example configuration also shows that QoS preclassify has been successfully enabled on the crypto map named vpn. This crypto map has also been applied to S0/0. If QoS preclassify is only enabled on the crypto map and not on the tunnel interface, the router will see one flow only, the GRE tunnel (protocol 47).
These are a few restrictions when configuring the QoS for VPNs feature:
■ You can only enable the QoS for VPNs feature on IP packets.
■ If a packet is fragmented after encryption, only the first fragment is preclassified. Subsequent fragments might receive different classifications. This behavior is consistent with QoS classification of nontunneled fragments.
■ Interfaces that run cascading QoS features, such as generic traffic shaping or custom queuing, are required to have all QoS for VPNs either all enabled or all disabled on cascading features. If the QoS for VPNs feature is enabled on one cascading feature, the QoS for VPNs feature must be enabled on all cascading features. Similarly, if the QoS for VPNs feature is disabled on one cascading feature, the QoS for VPNs feature must be disabled on all cascading features.
■ When configuring VPN QoS in conjunction with GRE or IPSec tunnel interfaces, the only congestion management (queuing) strategy that you can employ on the tunnel interface is
FIFO, because the device on the other end of the tunnel expects to receive packets in order. Any packet not arriving in order, because of queue management, for example, will be discarded at the tunnel endpoint.
Was this article helpful?