> Warren Kumari > Sent: Monday, July 8, 2019 8:06 PM > > On Mon, Jul 8, 2019 at 2:59 PM Mark Tinka <mark.ti...@seacom.mu> wrote: > > > > > > > > On 8/Jul/19 20:50, Warren Kumari wrote: > > > > > Depends -- I'd note that the OP said "How can we mark the trafic > > > while keeping the security..." -- some people use the COS / DSCP > > > bits to annotate packets with security information, and use that to > > > make *security decisions* instead of using it to prioritize traffic. > > > Now, I'm not saying that this is why the OP is asking (or that I > > > think it is a good idea, because, well, I don't think it is!), but > > > it *is* a practice worth knowing about. > > > > Assuming we are discussing such packets traversing the public > > Internet, a little tricky to expect IPP/DSCP values to remain intact > > in the life of an Internet packet. > > Goodness no -- I've only ever seen this done within a single network > (including inside some tunnels); expecting this to work across the Big I- > internet is crazypants time. I personally think that the idea itself is > stupid, > but, well, their network, their rules, and it "works" for them. > And yet the SD-WAN promising MPLS experience over the internet and other BS sells like crazy ;)
adam