One of my sites occasionally has service degradation issues because they are maxing out their bandwidth allocation on a shared black core circuit. The circuit provider is also telling me the traffic is not being tagged properly. I'm assuming they are talking about QoS.
What are my options for prioritizing traffic before it hits the black core? Wouldn't it become a moot point once the traffic is encrypted?
Are the headers with source/destination and port numbers encrypted?
Take a look at the device doing the encryption, and look for an option to copy the QoS bits from the plain text packet to the cypher text packet. This is an option that some devices have.
-Otanx
As Otanx said. I've done this with my traffic to give voip priority and then allocate bandwidth to corp web apps. over a series of VPN tunnels between sites over the internet. Basically, give all the traffic a QoS tag that needs classification/priority, then copy that qos tag so that it's present post-encryption. Caveat is that you could tell which encrypted ESP packets are voice/video, or corp HTTP because they're effectively marked as such through qos.
Quoteinterface Tunnel41
qos pre-classify
I appreciate the input.
Frustratingly this is out of my hands at the moment. The service provider to our service provider "a.k.a. big daddy" has a QoS marking standard and if it's not implemented end to end the point is moot. Still waiting for feedback. I did learn more about QoS and tunneling through TACLANEs though. There is a check box "DSCP bypass" that allows the headers to pass unencrypted.