QoS WAN ----DMVPN phase 3 ---MPLS cloud----

Unanswered Question
Oct 29th, 2008
User Badges:

Hi,


I would like to configure QoS in our C "customer" router. We are using DMVPN phase 3. The ISP cloud is MPLS "ISP guys are willing to put some QoS on their CE router if we need too".

We notice that any time some users are doing big file transfer or copy all users that are using VDI are suffering.

What we want is to give high priority to VDI "Virtual Desktop Infrastructure, it like Citrix, using RDP protocol" and also to Exchange Mail with 60% of the total bandwidth.

Applications like FTP, Netbios copy will have a lower priority.

My questions are:

1) How can I achieve that?

2) Can we do that on the CE Router eventhough the packets leaves our C router encrypted. If yes, how to do it


Our C router --HUB----

interface Tunnel0

bandwidth 5000

ip address 10.100.106.1 255.255.255.0

no ip redirects

ip mtu 1400

ip nhrp authentication DMVPN_NW

ip nhrp map multicast dynamic

ip nhrp network-id 100000

ip nhrp holdtime 360

ip nhrp redirect

ip tcp adjust-mss 1360

ip ospf message-digest-key 1 md5 <removed>

ip ospf network broadcast

ip ospf priority 10

tunnel source GigabitEthernet0/0

tunnel mode gre multipoint

tunnel key 100000

tunnel protection ipsec profile SDM_Profile2

!

interface GigabitEthernet0/0

description outside$ETH-WAN$

ip address 172.24.2.5 255.255.255.248

duplex full

speed 100

media-type rj45

standby 1 ip 172.24.2.10

standby 1 timers 1 10

standby 1 priority 150

standby 1 preempt

standby 1 name hsrp

standby 1 track GigabitEthernet0/1 60

!

interface GigabitEthernet0/1

description inside$ETH-LAN$

ip address 14.20.142.5 255.255.255.0

ip ospf message-digest-key 1 md5 <removed>

ip ospf priority 0

duplex full

speed 100

media-type rj45


Our C router --Spoke----

interface Tunnel0

bandwidth 5000

ip address 10.100.106.3 255.255.255.0

no ip redirects

ip mtu 1400

ip nhrp authentication DMVPN_NW

ip nhrp map 10.100.106.1 172.24.2.5

ip nhrp map 10.100.106.4 172.24.2.4

ip nhrp map multicast 172.24.2.5

ip nhrp map multicast 172.24.2.4

ip nhrp network-id 100000

ip nhrp holdtime 360

ip nhrp nhs 10.100.106.1

ip nhrp nhs 10.100.106.4

ip nhrp shortcut

ip tcp adjust-mss 1360

ip ospf message-digest-key 1 md5 <removed>

ip ospf network broadcast

ip ospf priority 0

tunnel source GigabitEthernet0/0

tunnel mode gre multipoint

tunnel key 100000

tunnel protection ipsec profile SDM_Profile1

!

interface GigabitEthernet0/0

description outside$ETH-WAN$

ip address 172.24.2.34 255.255.255.248

duplex full

speed 100

!

interface GigabitEthernet0/1

description inside$ETH-LAN$

ip address 13.9.6.1 255.255.0.0

ip ospf message-digest-key 1 md5 <removed>

duplex auto

speed auto


Thanks



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Joseph W. Doherty Wed, 10/29/2008 - 06:18
User Badges:
  • Super Bronze, 10000 points or more

Unable to discuss specifics for DMVPN phase 3, but in general CBWFQ applied at your congestion points (ofen WAN ingress/egress) is what you'll need.


Since your "C" routers doesn't have an interface on the actual WAN your two options are to shape (with a subordinate policy) to the WAN egress speed, or have the CE router process encrypted marked packets as desired. (Usually Cisco routers will copy the original packet's ToS to the encrypted packet's ToS, you just need to insure the ToS was correct before encryption.)


If your DMVPN cloud actually has multipoint communication, egress can congest from multiple sending locations. Here too you'll likely need a CBWFQ policy using ToS markings on the PE's egress. (Often MPLS vendors support some QoS models that you'll need to map your traffic into.)

Actions

This Discussion