Enabling QoS pre-classify
CAUTION: If you configure both IPsec and QoS on an interface, make sure the IPsec traffic classification rules match the QoS traffic classification rules. If the rules do not match, QoS might classify the packets of one IPsec SA to different queues, causing packets to be sent out of order. When IPsec anti-replay is enabled, IPsec will drop the incoming packets that are out of the anti-replay window, resulting in packet loss. | ||
If you apply both an IPsec policy and a QoS policy to an interface, QoS classifies packets by using the new headers added by IPsec. If you want QoS to classify packets by using the headers of the original IP packets, enable the QoS pre-classify feature.
IPsec traffic classification rules are determined by the rules of the specified ACL. For more information about QoS policy and classification, see ACL and QoS Configuration Guide.
To enable the QoS pre-classify feature:
Step | Command | Remarks |
---|---|---|
1. Enter system view. | system-view | N/A |
2. Enter IPsec policy view or IPsec policy template view. |
| N/A |
3. Enable QoS pre-classify. | qos pre-classify | By default, QoS pre-classify is disabled. |