Routing

 View Only
last person joined: 20 hours ago 

Ask questions and share experiences about ACX Series, CTP Series, MX Series, PTX Series, SSR Series, JRR Series, and all things routing, including portfolios and protocols.
  • 1.  CoS + IPSec/GRE Tunnels

    Posted 12-06-2020 23:11
    Hi,

    I've been looking through some options for creating tunnels over the internet, while still including CoS. I'm using the SRX345 platform.
    I'm aware that I can use CoS with IPSec, which will create separate SA's for each forwarding class.

    I might need to use GRE tunnels within IPSec.  This is because I have two 'tenants' that I need to keep separate.
    I'm thinking something similar to this, but without the need for jumbo frames or MPLS:
    About This Network Configuration Example 

    If I have two GRE tunnels, will the IPSec tunnel still create a different SA per forwarding class, or will GRE break this behaviour?

    Thanks.


  • 2.  RE: CoS + IPSec/GRE Tunnels

    Posted 12-07-2020 09:44


  • 3.  RE: CoS + IPSec/GRE Tunnels

    Posted 12-07-2020 15:52

    Yes, thank you, I have read that one.

    I was interested in how GRE within IPSec would affect it. Would all traffic then be seen as a single flow (thereby ending up in the same forwarding class/SA) or can the SRX still see the DSCP markings?