Configuring CoS for Tunnels

For Adaptive Services, Link Services, and Tunnel PICs installed on T-series and M-series routing platforms with enhanced Flexible PIC Concentrators (FPCs), class-of-service (CoS) information is preserved inside generic routing encapsulation (GRE) and IP-IP tunnels.

For the ES PIC installed on T-series and M-series routing platforms with enhanced FPCs, class-of-service information is preserved inside Secure IP (IPSec) tunnels. For IPSec tunnels, you do not need to configure CoS, because the ES PIC copies the type-of-service (ToS) byte from the inner IP header to the GRE or IP-IP header.

For IPSec tunnels, the IP header type-of-service (ToS) bits are copied to the outer IPSec header at encryption side of the tunnel. You can rewrite the outer ToS bits in the IPSec header using a rewrite rule. On the decryption side of the IPSec tunnel, the ToS bits in the IPSec header are not written back to the original IP header field. You can still apply a firewall filter to the ToS bits to apply a packet action on egress.

To configure CoS for tunnels, you can include the following statements at the [edit class-of-service] and [edit interfaces] hierarchy level of the configuration:

This chapter discusses the following topics:

• Configuring CoS for Tunnels
• Example: Configuring CoS for Tunnels
• Example: Configuring a GRE Tunnel to Copy ToS Bits to the Outer IP Header

Copyright © 2009, Juniper Networks, Inc. All rights reserved. Trademark Notice.