EasyManuals Logo

HPE FlexNetwork MSR Series Comware 5 Security Configuration Guide

HPE FlexNetwork MSR Series
547 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #190 background imageLoading...
Page #190 background image
177
With packet information pre-extraction enabled, an IPsec tunnel interface buffers the IP 5-tuple data
in the original packets, so that the corresponding physical interface can perform QoS processing
such as traffic classification, IP precedence setting, rate limit, and congestion avoidance.
To implement QoS for IPsec packets, however, you also need to apply a QoS policy to the physical
outbound interface. For more information about how to apply a QoS policy to a physical interface,
see HPE FlexNetwork MSR Router Series Comware 5 ACL and QoS Configuration Guide.
IMPORTANT:
When the QoS policy applied to the physical outbound interface provides congestion management,
IPsec packets arriving at the destination might be out of order. This might cause IPsec out of order
to be dropped by the IPsec anti-replay function. For more information, see "Configuring the IPsec
anti-replay function."
To enable packet information pre-extraction on an IPsec tunnel interface:
Step Command Remarks
1. Enter system view.
system-view
N/A
2. Enter tunnel interface view.
interface tunnel
number N/A
3. Enable packet information
pre-extraction.
qos pre-classify
Disabled by default.
For more information about the
command, see HPE
FlexNetwork MSR Router Series
Comware 5 ACL and QoS
Command Reference.
Applying a QoS policy to an IPsec tunnel interface
The device allows you to apply a QoS policy to the IPsec tunnel interface. In this case, QoS is
performed before IPsec encapsulation, and the priority of a resulting packet is the same as that of the
original packet. In addition, the QoS congestion management is done to the packets before
encapsulation, avoiding the disorder of IPsec packets.
This method is much more explicit and flexible than the QoS implementation method of enabling
packet information pre-extraction on the IPsec tunnel interface, which requires applying a QoS policy
to the physical outbound interface.
To apply a QoS policy to an IPsec tunnel interface:
Step Command Remarks
1. Enter system view.
system-view
N/A
2. Enter tunnel interface
view.
interface tunnel
number N/A
3. Apply a QoS policy to
the IPsec tunnel
interface.
qos apply policy
policy-name {
inbound
|
outbound
}
For more information about
the command, see HPE
FlexNetwork MSR Router
Series Comware 5 ACL and
QoS Command Reference.
Configuring IPsec for IPv6 routing protocols
Complete the following tasks to configure IPsec for IPv6 routing protocols:

Table of Contents

Other manuals for HPE FlexNetwork MSR Series

Preview: Configuration Guide
Configuration Guide861 pages
Preview: Comware 7 Layer 3 - Ip Services Configuration Guides
Comware 7 Layer 3 - Ip Services Configuration Guides554 pages
Preview: Guide
Guide213 pages
Preview: Command Reference
Command Reference120 pages
Preview: Comware 5 Layer 2 - Wan Access Configuration Guide
Comware 5 Layer 2 - Wan Access Configuration Guide420 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the HPE FlexNetwork MSR Series and is the answer not in the manual?

HPE FlexNetwork MSR Series Specifications

General IconGeneral
BrandHPE
ModelFlexNetwork MSR Series
CategoryNetwork Router
LanguageEnglish

Related product manuals