Comments to draft-declercq-l3vpn-ce-based-as-00.txt

This document really should expand CE when it is used first time in
the abstract... 

> 13. QoS, SLA
> 
>    In addition to the VPN service (reachability and security) from the
>    SP, the VPN customer may want to acquire QoS features for its VPN.
>    Dependent on the business scenario, the SLA will be provided by the
>    VPN SP or by the Network Provider.
> 
>    Note that the fact that customer IP packets are encapsulated (and
>    possibly encrypted) at the CE devices has an impact on the QoS
>    treatment of the IP packets: QoS-related information inside the
>    customer IP packets may become invisible.
> 
>    An eventual translation of QoS-related fields (e.g. DSCP) in the
>    inner IP header to QoS-related fields in the outer IP headers need to
>    be done at the CE-level and configured as such by the SP. Also the
>    'policing' rules (e.g. certain customers not being allowed to use
>    certain QoS values, etc.) need to be configured by the SP in the CE
>    devices. The security infrastructure of the CE device must prevent
>    the customer from messing with this provider-controlled
>    configuration.
> 
>    The CE-CE tunneling applied in Provider Provisioned CE-based IPsec
>    VPNs easily meets the DSCP transparency requirements of [REQS].

Note, that if packets having different QoS parameters are put inside
one IPsec SA tunnel, and the packets are really processed differently
by the network, this may cause the responder to drop all low priority