Scenario: Secure and predictable results (VPN and QoS)

 

If you are using a virtual private network (VPN), you can still create quality of service (QoS) policies.

 

Situation

You have a partner connected through a VPN and you want to combine VPN and QoS to provide security and predictable e-business flow for mission-critical data. The QoS configuration only travels in one direction. Therefore, if you have an audio or a video application, you need to establish QoS for the application on both sides of the connection.

The figure shows your server and your client in a host-to-host VPN connection. Each R represents differentiated service-enabled routers along the traffic's pathway. As you can see, QoS policies only flow in one direction.

Figure 1. Host-to-host VPN connection using a QoS differentiated service policy

 

Objectives

You might use VPN and QoS to establish not only protection, but also the priority for this connection. First, set up a host-to-host VPN connection. After you have the protection of your VPN connection, you can set up your QoS policy. You might create a differentiated service policy. This policy might be assigned a high, expedited-forwarding codepoint value to affect how the network prioritizes mission-critical traffic.

 

Prerequisites and assumptions

  • You have a service level agreement (SLA) with your Internet service provider (ISP) to ensure that the policies receive the requested priority. The QoS policy that you create on the system enables traffic (in the policy) to receive priority throughout the network. It does not guarantee it and is dependent on your SLA. In fact, taking advantage of QoS policies might give you some leverage to negotiate certain service levels and rates. Use the SLA link to find out more.

  • Differentiated Service policies require Differentiated Services-enabled routers along the network path. Most routers are Differentiated Services capable.

 

Configuration

After you verify the prerequisites steps, you are ready to create the Differentiated Service policy.

  1. Scenario details: Setting up a host-to-host VPN connection
    This topic contains information about setting up a host-to-host VPN connections.
  2. Scenario details: Creating the differentiated service policy
    This topic contains information about creating the differentiated service policy.
  3. Scenario details: Starting or updating the QoS server
    This topic contains information about starting or updating the QoS server.
  4. Scenario details: Verifying that the policy is working
    You need to use the monitor to verify that the policy is working as you configured it to work.
  5. Optional: Scenario details: Changing properties
    After looking at the monitor results, you can change any policy or class of service properties to achieve the results you expect.

 

Parent topic:

Scenarios: Quality of service policies

Related concepts
Service level agreement Differentiated service

Related reference
Monitoring QoS