Monitoring packets can be sent periodically across IP network tunnels that traverse internet connections to a customer location, and the monitoring packets used to determine current packet-loss, latency, and jitter metrics in each direction for each available circuit. Circuits may be assigned to circuit sets, each most appropriate to various classes of user traffic, and user traffic assigned to circuit sets based on traffic class. If monitored metrics change beyond set thresholds, a determination is made as to whether the changes are due to circuit saturation or some other cause. If saturation is the problem, logic at either or both tunnel endpoints dynamically adjusts QOS rate limits to optimum values (the highest rate that does not cause threshold violations) in near-real time.
