On Mon, Jul 8, 2019 at 2:59 PM Mark Tinka <mark.tinka@seacom.mu> wrote:
On 8/Jul/19 20:50, Warren Kumari wrote:
Depends -- I'd note that the OP said "How can we mark the trafic while keeping the security..." -- some people use the COS / DSCP bits to annotate packets with security information, and use that to make *security decisions* instead of using it to prioritize traffic. Now, I'm not saying that this is why the OP is asking (or that I think it is a good idea, because, well, I don't think it is!), but it *is* a practice worth knowing about.
Assuming we are discussing such packets traversing the public Internet, a little tricky to expect IPP/DSCP values to remain intact in the life of an Internet packet.
Goodness no -- I've only ever seen this done within a single network (including inside some tunnels); expecting this to work across the Big I-internet is crazypants time. I personally think that the idea itself is stupid, but, well, their network, their rules, and it "works" for them. W
Mark.
-- I don't think the execution is relevant when it was obviously a bad idea in the first place. This is like putting rabid weasels in your pants, and later expressing regret at having chosen those particular rabid weasels and that pair of pants. ---maf