QoS on IPSec VPN (GRE tunnel) over DSL.

Unanswered Question
May 29th, 2008
User Badges:

I am trying to apply QoS to a clients 1800 router at a remote site. They have and IPSec VPN to a central router, with all the branch traffic coming down the VPN. There are 2 VLANs at the remote site, 1 for data and 1 for voice, and both are up and working and data & voice traffic is passing from remote subnets to central site fine. Voice quality suffers during congested periods, hence the need for some QoS (the client assures me that their SP does QoS across the WAN). I have tried to apply CBWFQ to the router, but am unsure of exactly where the policy should be applied, as some documents state physical i/f (ATM0), some the pvc, some the tunnel, and some the BVI i/f! Also a little unsure about whether I should do a nested parent/child policy. Below is the config from the router which did not work when we used WanKiller to overload the link. I have included Telnet traffic for ensuring we could still manage the router while we were using the WanKiller (didn't work!).


class-map match-all Telnet

match protocol telnet

class-map match-all VoIP_Traffic

match access-group name VoIP_Traffic

!

policy-map VoIP_QOS

class VoIP_Traffic

priority percent 50

class Telnet

bandwidth percent 10

!

interface Tunnel100

description Link to LAN-VPNCORE-R01

bandwidth 1024

ip unnumbered Loopback0

ip mtu 1410

qos pre-classify

cdp enable

tunnel source x.x.x.x

tunnel destination y.y.y.y

!

interface ATM0

mtu 1500

no ip address

no atm ilmi-keepalive

pvc 0/101

encapsulation aal5snap

!

bundle-enable

dsl operating-mode auto

bridge-group 1

bridge-group 1 spanning-disabled

service-policy output VoIP_QOS

!

interface Vlan1

no ip address

!

interface Vlan100

ip address 1.1.1.1 255.255.255.240

ip helper-address 1.1.1.12

!

interface Vlan300

ip address 2.2.2.2 255.255.255.224

ip helper-address 2.2.2.12

standby 0 ip 2.2.2.1

standby 0 priority 105

standby 0 preempt

!

interface BVI1

ip address x.x.x.192 255.255.240.0

ip access-group 100 out

crypto map INTERNET

!

ip access-list extended VoIP_Traffic

permit ip 192.168.224.0 0.0.0.31 any



I have done the qos pre-classify on the crypto map as well. Any ideas?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

Actions

This Discussion