QoS for VPN links

Unanswered Question
Jan 26th, 2009


I have branches connected with VPN and I wanna guarantee bandwidth for that traffic using the following configuration:

!Access list to mark internal traffic

ip access-list extended QOS

permit ip any


!Class-map to mark internal traffic

class-map match-all QOS-IN

match access-group name QOS


!Class-map to match the marked traffic

class-map match-all QOS-OUT

match qos-group 1


!Apply to markage

policy-map QOS-IN

class QOS-IN

set qos-group 1



!Apply the bandwidth reservation

policy-map QOS-OUT

class QOS-OUT

bandwidth percent 50



interface FastEthernet0/0

service-policy output QOS-OUT

bandwidth 512



interface FastEthernet0/1

service-policy input QOS-IN

Any comments about this configuration ? because I found that there is no match for the second class-map ?

Best regards,

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Joseph W. Doherty Mon, 01/26/2009 - 06:15

I had problems using qos-groups, although from its documentation what you've done, I believe, should be correct. You might also consider using the ToS instead.

Since you show the outbound policy on an Ethernet interface with a bandwidth statement of 512, your policy won't control bandwidth until there's interface congestion. You should probably shape to the actual outbound bandwidth. (Shaping appears to provide implicit FQ. Shaping alone might provide a noticable improvement.)


You're still going to have an issue for VPN bandwidth, inbound. That's very difficult to do well downstream.

Joseph W. Doherty Mon, 01/26/2009 - 09:15

Unclear what you're saying. If you're saying you not seeing any matches against the packets the first policy is marking, that I recall is the issue I've too seen with qos-groups, which is why I suggested using a ToS setting instead. I.e. use your inbound policy to tag with something like IP Predence 1 or DSCP CS1 and then match against that value.

omar.elmohri Tue, 01/27/2009 - 01:47

OK, I see.

I'll will try what you suggest and I'll give a feedback.




This Discussion