No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

CLI-based Configuration Guide - VPN

AR650, AR1600, and AR6100 V300R003

This document describes VPN features on the device and provides configuration procedures and configuration examples.
Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
(Optional) Enabling the QoS Function for IPSec Packets

(Optional) Enabling the QoS Function for IPSec Packets

Context

In network planning, QoS needs to be configured to provide differentiated services for different traffic flows to optimize network service capabilities. QoS groups the packets sharing common features into one class and provides the same QoS level for traffic of the same type. In this manner, QoS provides differentiated services for different types of packets.

QoS for IPSec packets implements refined QoS management on IPSec packets, choose either of the following configurations as required:
  • After packets are encapsulated using IPSec, the packets do not contain QoS related parameters, such as header of the original packet and protocol number. Pre-extraction of original IP packets needs to be configured if QoS needs to group encapsulated packets based on the 5-tuple information such as original packet header and protocol number.
  • When a device implements IPSec encapsulation and decapsulation on packets, it will result in transmission delay and require higher bandwidth. Therefore, the device needs to provide differentiated services for IPSec packets to reduce the delay, lower the packet loss ratio, and maximize bandwidth for IPSec traffic. You can group IPSec packets into one QoS group to allow QoS to implement differentiated services for IPSec packets.
Figure 4-26 shows the procedure for configuring QoS.
Figure 4-26  Procedure for configuring QoS
For details on QoS, see Huawei AR650&AR1600&AR6100 Series V300R003 Configuration Guide - QoS Configuring MQC.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Enter the view where QoS for IPSec packets is configured.

    • View of the IPSec policy established in manual mode

      Run ipsec policy policy-name seq-number manual

      An IPSec policy is created in manual mode and the IPSec policy view is displayed.

    • View of the IPSec policy established in IKE negotiation mode

      Run ipsec policy policy-name seq-number isakmp

      An IPSec policy is created in IKE negotiation mode and the IPSec policy view is displayed.

    • IPSec policy template view

      Run ipsec policy-template policy-template-name seq-number

      An IPSec policy template is created and the IPSec policy template view is displayed.

    Choose either of the preceding methods.

  3. Enable the QoS function for IPSec packets.

    • Run qos pre-classify

      Pre-extraction of original IP packets is enabled.

      By default, pre-extraction of original IP packets is disabled.

    • Run qos group qos-group-value

      The QoS group to which IPSec packets belong is configured.

      By default, no QoS group is configured.

    You only need to run one of the preceding commands.

Follow-up Procedure

  • After pre-extraction of original IP packets is enabled, run the if-match acl { acl-number | acl-name } command in the traffic classifier view to configure a matching rule based on the ACL.

  • After QoS for IPSec packets is enabled, run the if-match qos-group qos-group-value command in the traffic classifier view to configure a matching rule based on the QoS group.

Download
Updated: 2019-04-12

Document ID: EDOC1100041799

Views: 31269

Downloads: 43

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next