Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
786
Views
0
Helpful
8
Replies

QoS for VPN links

omar.elmohri
Level 1
Level 1

‎01-26-2009 01:01 AM - edited ‎03-04-2019 12:58 AM

Hello,

I have branches connected with VPN and I wanna guarantee bandwidth for that traffic using the following configuration:

!Access list to mark internal traffic

ip access-list extended QOS

permit ip any 192.168.0.0 0.0.255.255

!

!Class-map to mark internal traffic

class-map match-all QOS-IN

match access-group name QOS

!

!Class-map to match the marked traffic

class-map match-all QOS-OUT

match qos-group 1

!

!Apply to markage

policy-map QOS-IN

class QOS-IN

set qos-group 1

!

!

!Apply the bandwidth reservation

policy-map QOS-OUT

class QOS-OUT

bandwidth percent 50

!

!Outside

interface FastEthernet0/0

service-policy output QOS-OUT

bandwidth 512

!

!Inside

interface FastEthernet0/1

service-policy input QOS-IN

Any comments about this configuration ? because I found that there is no match for the second class-map ?

Best regards,

Labels:
0 Helpful
8 Replies 8

andrew.prince
Level 10
Level 10

‎01-26-2009 03:51 AM

You QoS config is 100% incorrect.

QoS Steps:-

1) Classify

2) Mark

3) Policing

What is the platform you are trying to perform QoS on?

0 Helpful

omar.elmohri
Level 1
Level 1
In response to andrew.prince

‎01-26-2009 04:07 AM

I'm using a C2800

0 Helpful

Joseph W. Doherty
Hall of Fame
Hall of Fame

‎01-26-2009 06:15 AM

I had problems using qos-groups, although from its documentation what you've done, I believe, should be correct. You might also consider using the ToS instead.

Since you show the outbound policy on an Ethernet interface with a bandwidth statement of 512, your policy won't control bandwidth until there's interface congestion. You should probably shape to the actual outbound bandwidth. (Shaping appears to provide implicit FQ. Shaping alone might provide a noticable improvement.)

PS:

You're still going to have an issue for VPN bandwidth, inbound. That's very difficult to do well downstream.

0 Helpful

omar.elmohri
Level 1
Level 1
In response to Joseph W. Doherty

‎01-26-2009 07:12 AM

Not that but.. I'm not seeing matches on the outside policy-map

0 Helpful

andrew.prince
Level 10
Level 10
In response to omar.elmohri

‎01-26-2009 07:15 AM

Read the urls I sent.

0 Helpful

Joseph W. Doherty
Hall of Fame
Hall of Fame
In response to omar.elmohri

‎01-26-2009 09:15 AM

Unclear what you're saying. If you're saying you not seeing any matches against the packets the first policy is marking, that I recall is the issue I've too seen with qos-groups, which is why I suggested using a ToS setting instead. I.e. use your inbound policy to tag with something like IP Predence 1 or DSCP CS1 and then match against that value.

0 Helpful

omar.elmohri
Level 1
Level 1
In response to Joseph W. Doherty

‎01-27-2009 01:47 AM

OK, I see.

I'll will try what you suggest and I'll give a feedback.

Regards,

Omar

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card