QoS with VPNs
A Virtual Private Network (VPN) is a way of creating a virtual point-to-point
link over a shared network (often over the Internet). It can be used either for
user remote access or for intrasite links. Two types of remote access VPNs
are:
■ Client-initiated—The user has a VPN client application, such as
Cisco’s VPN Client, on their computer. After they are connected to the
Internet, they use the application to connect them to their network.
■ Network Access Server (NAS) initiated—Users connect into an access
server at their ISP. The NAS then sets up a VPN to the private network.
Two types of intrasite VPNs are:
■ Intranet VPN—Links sites within the same company to each other.
■ Extranet VPN—Links an external group (such as a customer or
supplier) to the company’s private network.
VPNs have several advantages, including:
■ The ability to encrypt traffic across the public network and keep it
confidential.
■ The ability to verify that the data was not changed between the source
and destination.
■ The ability to authenticate the packet sender.
Router-to-router VPN tunnels use a logical tunnel interface that is created on
the router. This interface is where you put configuration pertaining to the
tunnel itself. Tunnel traffic uses one of the router’s physical interfaces, determined
by the routing table. Configuration on this interface applies to all
traffic, even if several tunnels use that interface.
VPNs create an extra challenge for QoS. A VPN tunnels traffic from one
device to another by adding an IP header on top of the original one. Thus,
the original header, with its QoS markings, is hidden from routers in the
packet’s path. If the packet needs any special QoS treatment, the markings
must be copied from the original IP header into the tunnel IP header.