Warren Kumari Sent: Monday, July 8, 2019 8:06 PM
On Mon, Jul 8, 2019 at 2:59 PM Mark Tinka <mark.tinka@seacom.mu> wrote:
On 8/Jul/19 20:50, Warren Kumari wrote:
Depends -- I'd note that the OP said "How can we mark the trafic while keeping the security..." -- some people use the COS / DSCP bits to annotate packets with security information, and use that to make *security decisions* instead of using it to prioritize traffic. Now, I'm not saying that this is why the OP is asking (or that I think it is a good idea, because, well, I don't think it is!), but it *is* a practice worth knowing about.
Assuming we are discussing such packets traversing the public Internet, a little tricky to expect IPP/DSCP values to remain intact in the life of an Internet packet.
Goodness no -- I've only ever seen this done within a single network (including inside some tunnels); expecting this to work across the Big I- internet is crazypants time. I personally think that the idea itself is stupid, but, well, their network, their rules, and it "works" for them.
And yet the SD-WAN promising MPLS experience over the internet and other BS sells like crazy ;) adam