QoS on tunnel using IPSec Profile

Unanswered Question
Jul 24th, 2008

I wanting to know whether the 'qos pre-classify' needs to be applied, and where it needs to be applied when using ipsec/gre tunnel with ipsec profile.

I notice on a 'pure' VTI tunnel the policy is applied to the tunnel directly without any 'qos pre-classify'. Does the same apply for a GRE/IPSec tunnel using ipsec profile?

Here is my config,

crypto ipsec profile VPNPROFILE

set transform-set VPN

class-map match-any E_QOS_CLASS

match access-group name E_QOS_ACL

class-map match-any VOICE_CLASS

match ip dscp ef

policy-map QOS_POLICY

class VOICE_CLASS

priority percent 33

class class-default

fair-queue

policy-map SHAPE_POLICY

class E_QOS_CLASS

shape average 112000

service-policy QOS_POLICY

interface Tunnel

bandwidth 128

ip address 192.168.xxx.xxx 255.255.255.252

ip mtu 1400

ip tcp adjust-mss 1360

qos pre-classify

tunnel source 192.168.xxx.xxx

tunnel destination 192.168.yyy.yyy

tunnel protection ipsec profile VPNPROFILE

service-policy output SHAPE_POLICY

interface FastEthernet0

bandwidth 128

ip address 192.168.ZZZ.XXX 255.255.255.0

no ip redirects

no ip unreachables

no ip proxy-arp

ip route-cache flow

duplex auto

speed auto

I notice that when I do a 'sh policy-map int tunnel' I get packets matched as well as shaping when I do a large file transfer, so to it me it's working.

Any ideas would be appreciated.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

Actions

This Discussion