I think the difficulty lies in appropriately marking the traffic. Like Joe said, the IPs are always changing.

On Tue, Jul 9, 2019, 9:15 AM Mark Tinka <mark.tinka@seacom.mu> wrote:


On 9/Jul/19 16:08, Joe Yabuki wrote:
> Hi all,
>
> Thanks for your replies,
>
> I'll rephrase just to clarify, our aim is to do QoS within our
> extended LAN (From remote sites to the Datacenter using the MPLS
> provider as transit) - and we can't use DIA for a security reasons...
>
> So arguably, we still need to mark/queue/police packets at the Edge of
> the Internet and on the remote site. For INTERNET we will throw
> bandwidth so it will not be a point of congestion (hopefully once we
> are in the Backbone's ISP we will go to Microsoft directly)

In that case, co-ordinate the QoS profile with your MPLS provider and
test both ends to make sure you receive what you send for on-net traffic.

Verifying that your MPLS provider is forwarding your traffic according
to the agreed-upon QoS profile is another thing.

As for the off-net traffic entering your network, well, you know about
that already...

Mark.