Enabling Packet Information Pre-Extraction On The Ipsec Tunnel Interface; Applying A Qos Policy To An Ipsec Tunnel Interface - HP A6600 Configuration Manual
Hide thumbs
Also See for A6600:
- Configuration manual (426 pages) ,
- Getting started (222 pages) ,
- Limited warranty (41 pages)
Table of Contents
Advertisement
Enabling packet information pre-extraction on the IPsec tunnel
interface
Because packets that an IPsec tunnel interface passes to a physical interface are encapsulated, the QoS
module cannot obtain the 5-tuple (source IP, destination IP, source port, destination port, and protocol) of
the original packets. To address this problem, enable packet information pre-extraction on the tunnel
interface.
With packet information pre-extraction enabled, an IPsec tunnel interface buffers the IP 5-tuple data in
the original packets, so that the corresponding physical interface can perform QoS processing such as
traffic classification, IP precedence setting, rate limit, and congestion avoidance.
To implement QoS for IPsec packets, however, you must also apply a QoS policy to the physical
outbound interface. For more information, see ACL and QoS Configuration Guide.
CAUTION:
When the QoS policy applied to the physical outbound interface provides congestion management,
IPsec packets arriving at the destination may be out of order. This may cause IPsec out of order to be
dropped by the IPsec anti-replay function. For more information, see
function."
To enable packet information pre-extraction on an IPsec tunnel interface:
To do...
1.
Enter system view.
2.
Enter tunnel interface view.
3.
Enable packet information
pre-extraction.
Applying a QoS policy to an IPsec tunnel interface
The router allows you to apply a QoS policy to the IPsec tunnel interface. In this case, QoS is performed
before IPsec encapsulation, and the priority of a resulting packet is the same as that of the original
packet. In addition, the QoS congestion management is done to the packets before encapsulation,
avoiding the disorder of IPsec packets.
This method is much more explicit and flexible than the QoS implementation method of enabling packet
information pre-extraction on the IPsec tunnel interface, which requires applying a QoS policy to the
physical outbound interface.
Command...
system-view
interface tunnel number
qos pre-classify
268
"Configuring the IPsec anti-replay
Remarks
—
—
Required.
Disabled by default.
For more information, see ACL and QoS
Command Reference.
Advertisement
Table of Contents
Troubleshooting
