Differentiated quality of service using tunnels with security as a service

What is claimed is: 1 . A computer-implemented method, comprising: sending a first request message to a first server associated with a first access network, the first request message indicative of a request for an indication of whether the first server is configured to support prioritization of tunneled traffic; receiving a first response message from the first server, the first response message indicative of whether the first server is configured to support prioritization of tunneled traffic; establishing one or more first tunnels with a security service when the first response message is indicative that the first server is configured to support prioritization of tunneled traffic, each first tunnel having priority information associated therewith; sending first flow characteristics and a first tunnel identifier to the first server; and receiving the first flow characteristics for each first tunnel from the first server at a first network controller, the first network controller configured to apply a quality of service (QoS) policy within the first access network for each tunnel in accordance with the flow characteristics. 2 . The computer-implemented method of claim 1 , further comprising: receiving traffic associated with a content session established between a client device and a content provider; receiving a result of classifying the traffic according to required flow characteristics received from the client device; and routing the classified traffic over a selected one of the one or more tunnels having the required flow characteristics. 3 . The computer-implemented method of claim 1 , wherein the first request message includes a port control protocol (PCP) proxy probe message. 4 . The computer-implemented method of claim 1 , wherein the first server is a port control protocol (PCP) server. 5 . The computer-implemented method of claim 1 , wherein the tunnel identifier is an Internet Protocol Security (IPsec) Security Parameter Index (SPI). 6 . The computer-implemented method of claim 1 , wherein the first network controller includes a software-defined networking (SDN) controller. 7 . The computer-implemented method of claim 1 , wherein the first network controller is configured to apply the quality of service policy within the first access network for each tunnel by configuring one or more network devices within the first access network to apply the QoS policy for each tunnel. 8 . The computer-implemented method of claim 7 , wherein the one or more network devices includes at least one of a router and a switch. 9 . The computer-implemented method of claim 1 , wherein the first request message is sent by at least one of a proxy within the first access network and a client device connected to the first network. 10 . The computer-implemented method of claim 1 , wherein the first access network is a Wi-Fi access network. 11 . The computer-implemented method of claim 1 , further comprising: sending a second request message to a second server associated with a second access network, the second request message indicative of a request for an indication of whether the second server is configured to support prioritization of tunneled traffic; receiving a second response message from the second server, the second response message indicative of whether the second server is configured to support prioritization of tunneled traffic; and establishing one or more second tunnels with the security service when the second response message is indicative that the second server is configured to support prioritization of tunneled traffic, each second tunnel having priority information associated therewith. 12 . The computer-implemented method of claim 11 , further comprising: sending second flow characteristics and a second tunnel identifier for each second tunnel through the second server; and receiving the second flow characteristics for each second tunnel from the second server at a second network controller, the second network controller configured to apply a quality of service (QoS) policy within the second access network for each second tunnel in accordance with the flow characteristics. 13 . The computer-implemented method of claim 11 , wherein the one or more second tunnels are established using a Mobility and Multihoming (MOBIKE) Protocol using Internet Key Exchange (IKE). 14 . The computer-implemented method of claim 11 , wherein the second access network includes a mobile network. 15 . A system, comprising: at least one processor; and memory including instructions that, when executed by the at least one processor, cause the system to: send a first request message to a first server associated with a first access network, the first request message indicative of a request for an indication of whether the first server is configured to support prioritization of tunneled traffic; receive a first response message from the first server, the first response message indicative of whether the first server is configured to support prioritization of tunneled traffic; establish one or more tunnels with a security service when the first response message is indicative that the first server is configured to support prioritization of tunneled traffic, each first access network tunnel having priority information associated therewith; send first flow characteristics and a first tunnel identifier for each first tunnel to the first server; and receive the first flow characteristics for each first tunnel from the first server at a first network controller, the first network controller configured to apply a quality of service (QoS) policy within the first access network for each tunnel in accordance with the flow characteristics. 16 . The system of claim 15 , wherein the at least one processor is further configured to: receive traffic associated with a content session established between a client device and a content provider; receiving a result of classify the traffic according to required flow characteristics received from the client device; and route the classified traffic over a selected one of the one or more tunnels having the required flow characteristics. 17 . The system of claim 15 , wherein the first request message includes a port control protocol (PCP) proxy probe message. 18 . The system of claim 15 , wherein the first server is a port control protocol (PCP) server. 19 . The system of claim 15 , wherein the tunnel identifier is an Internet Protocol Security (IPsec) Security Parameter Index (SPI). 20 . The system of claim 15 , wherein the first network controller includes a software-defined networking (SDN) controller. 21 . The system of claim 20 , wherein the first network controller is configured to apply the quality of service policy within the first access network for each tunnel by configuring one or more network devices within the first access network to apply the QoS policy for each tunnel. 22 . The system of claim 15 , wherein the at least one processor is further configured to: send a second request message to a second server associated with a second access network, the second request message indicative of a request for an indication of whether the second server is configured to support prioritization of tunneled traffic; receive a second response message from the second server, the second response message indicative of whether the second server is configured to support prioritization of tunneled traffic; and establi