Hi,
if you configure QoS on the Virtual Controller for the traffic generated by two roles (Role A and Role B - different DSCP tags) and you send this traffic through a VPN tunnel between the VC and the controller (located in the DMZ).
Is it possible to mark the new IPsec header to differentiate traffic based on SSID (user role) and then apply qos policies before sending it through the MPLS to the controller?
Thanks,
Borja