QoS on physical or tunnel interface ??

Unanswered Question
Jan 2nd, 2008
User Badges:

hi guys, in my scenario i have a router that is connected to other routers ( lets say 10 routers ) through an ISP that is providing full mesh connection b/w them, we have made tunnels from every router to other routers to run ospf and provide full reachability, now i m required to apply QoS, i m first classifying traffics that are incoming from routers lan interface and then applying the outgoing traffic policy to WAN physical interface ( over which lots of tunnels are terminating ), now i asked this question here and a frnd send me this link


but i m still confused that where should i apply the outbound policy ? on physical or tunnel ?? do i need the qos pre-classify command on tunnel interface ?? coz this link is saying that if i want to classify packets based on post tunnel header than i should apply on physical WIthout pre-classify, but i m classifying on my LAN interface !! i hope u r getting my confusion

waiting for positive feedback

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
guruprasadr Wed, 01/02/2008 - 02:07
User Badges:
  • Gold, 750 points or more


If i am not wrong in understanding your question means:

Apply the Service Policy to the Interface of your HO Router connected to the LAN Segment in OUTBOUND direction.

It means you pre-classify the Traffic before it reaches the Tunnel or Physical Interface.

Do Rate if HELPS

Best Regards,

Guru Prasad R

royalblues Wed, 01/02/2008 - 02:16
User Badges:
  • Green, 3000 points or more

You are classifying on the LAN interface (input) which classifies different types of traffic congestion management is done mostly on the Slower wan links by configuring assured bandwidth to certain types of traffic

class-map match-all voice

match protocol rtp

class-map match-all WAN-VOIP

match ip dscp ef

policy-map INPUT

class voice

set ip dcsp EF

class class-default

set dscp af31

Policy-map Parent-OUTPUT

class class-default

shape average 45000

service-policy Child

Policy-map Child

class WAN-VOIP

priority 15000

interface x/y

desc inside

service-policy input INPUT

interface tunnel 0

service-policy output Parent-OUTPUT



illusion_rox Wed, 01/02/2008 - 02:32
User Badges:

hi, like i said that on every router we have more than 10 tunnels, so u r suggesting that i have to apply service policy output to every tunnel interface ?? if yes then kindly tell me what difference does it actually make ? traffic is going outside from a physical interface then why dont we apply service-policy output at the physical interface ?

nordick26 Wed, 01/02/2008 - 03:26
User Badges:


the first question is, what you are marking your traffic on?

To mark your LAN traffic, you use IP address or something else (e.g. DSCP or ToS values)?

QoS pre-classify feauture allows you to mark traffic based on PRE-tunnel header, so that you can mark based on you LAN ip addresses. If you want to mark your traffic based on ToS, it is not necessary to use pre-classify, because ToS value is copied to the outer header by default. So only marking based on IP addresses require using pre-classify command.

So, when and where use pre-classify and QoS Policy:

- policy on tunnel int without pre-classify when you are classifying based on pre-tunnel header

- policy on physical int without pre-classify when you are classifying based on post-tunnel header

- policy on physical int WITH pre-classify when you are trying to classify traffic based on pre-tunnel header

*remark: tunneling happens before going out of physical int

*remark2: if you need to shape all your tunnels, you can do it on physical int in one step as well

So i think the third option could be the one for you.

Then your conf should looks like this:

int tunnel X

qos pre-classify

int "WAN" X/Y

service-policy output XXX

I guess you know all your QoS config so it's not necessary to post here.




[rate any helpful posts]


This Discussion