Qos on vpn (created on ethernet subinterface)

Unanswered Question
May 14th, 2007


i just formed a GRE VPN tunnel between two 1841 routers, which established on FastEthernet Subinterface (F0/1.1) at both. And want to apply an Qos control to classify some important traffic.

What i want to know is - Where should i apply the "service-policy" config?

1. physical interface (F0/1) and then apply "qos pre-classify" on tunnel?

2. sub-interface (F0/1.1) and then apply "qos pre-classify" on tunnel?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
sundar.palaniappan Wed, 05/16/2007 - 14:42

This should help you choose the right option.

Where Do I Apply the Service Policy?

You can apply a service policy to either the tunnel interface or to the underlying physical interface. The decision of where to apply the policy depends on the QoS objectives. It also depends on which header you need to use for classification.

* Apply the policy to the tunnel interface without qos-preclassify when you want to classify packets based on the pre-tunnel header.

* Apply the policy to the physical interface without qos-preclassify when you want to classify packets based on the post-tunnel header. In addition, apply the policy to the physical interface when you want to shape or police all traffic belonging to a tunnel, and the physical interface supports several tunnels.

* Apply the policy to a physical interface and enable qos-preclassify when you want to classify packets based on the pre-tunnel header.

Ref link: http://www.cisco.com/en/US/tech/tk543/tk545/technologies_tech_note09186a008017405e.shtml



lanzaiyam Thu, 05/17/2007 - 01:01

Thanks, Sundar

actually i have gone through the topic what you shown me before, but the behavior what i got is disappointed wherever i put the Service Policy at F0/1 or F0/1.1. The classified traffic cannot get the suitable result (like i use "bandwidth 1000", but the traffic is still the same at 4xx~5xx kbits before i apply the policy).

What i observed is:

- The traffic was hit to belong classes when i check from "sh policy-map interface"

- but the "bandwidth" command seems like do nothing

Did I miss something important on setup or has any other way to verify what going wrong?

Appretiate if you can help me!!

P.S. Partial config and result are attached.

mheusinger Wed, 05/23/2007 - 05:53


There are some thoughts on your problem:

First, what is your problem?

"bandwidth 1000" assures a minimum bandwidth of 1 Mbps to your important traffic, IF there is more than 3 Mbps overall traffic.

derived questions:

a) Are you sure your ACL is sufficient to describe the application?

b) Can your application achieve more than 500 kbps throughput? There might be limitations based on server ressources, client ressources, TCP session parameters (TCP throughput = window size/RTT), etc., i.e. not network related.

c) Are you also applying QoS in the opposite direction on ALL involved devices (switches, router)?

Besides that, your config looks good.

Regards, Martin

lanzaiyam Mon, 06/04/2007 - 17:30

Thanks Martin!

I think my testing environment is not good enough to prove our real case.

Anyway, I'll keep tyring on that. Appreciate for your help.


This Discussion