Here's a scenario where I can't quite work out if what I'm trying to do is even possible, let alone how to do it...
Imagine you have two switches (in this exact instance, I have an X460 at both ends) that are used to terminate a fibre link between two locations on a network. This link carries most of its traffic at layer 3 - so it is basically a /30 point-to-point subnet. There are a couple of L2 VLANs, but ignore those for the purposes of this question.
Now throw in a routing protocol (I'm using BGP, but OSPF or IS-IS would have the same problem) to announce routes in both directions.
If there is a large flood of traffic - imagine a bit of a DoS against a server at the far end of the link - I want to ensure that the routing protocol packets are prioritized, so the routing doesn't fall over and everything stops.
Now here's the tricky part - the BGP/OSPF/IS-IS/RIP(!) packets are originated from the CPU, so I can't just whack an ingress ACL on a port to match them and set a higher qosprofile for those packets. Is there any way to set the qos profile (or alternatively, set the DSCP bits and then use diffserv replacement) in this instance?
Or am in in a situation where the only way to do this is to stick a router at each end, so there is an ingress port to put the ACL on?