Cisco Bug: CSCsy94190 - IPSec:QoS: LLQ traffic doesn't go thru Hi Q w/ tunnel protection IPSec
Jan 27, 2017
- Cisco ASR 1000 Series Aggregation Services Routers
Known Affected Releases
Symptom: For IPSec + QoS configuration, the priority traffic might still be dropped if we have QoS policy configured on physical interface and IPSec is enabled on logical interface, such as on GRE tunnel via command 'tunnel protection IPSec profile <profile_name>". Conditions: The IPSec coprocessor would be notified about the priority (LLQ) traffic only if crypto map and QoS policy are both configured on the physical interface. So, when we enable IPSec on tunnel interface, IPSec coprocessor has no knowledge about the traffic classes, and all the traffic will be treated equally going thru the same (default) queue.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases