02-24-2009 08:12 PM - edited 03-04-2019 03:42 AM
I have a requirement to configure QoS on an internet link that is limited to 1mbps upload speed. There are remote sites connecting to this HO site that have much larger bandwidth limits so i want to control outbound bandwidth from this site.
As an example I have created a sample configuration below. In the example I have assumed that I will be allocating 256kbps to each IPSEC VPN and 256kbps to http and https traffic.
Is this along the right lines and will I need a class-default class for all other traffic?
Many thanks
class-map match-any HTTP
match access-group HTTP
class-map match-any VPN1
match access-group VPN1
class-map match-any VPN2
match access-group VPN2
policy-map output
class HTTP-TRAFFIC
bandwidth 256
class VPN1
bandwidth 256
class VPN2
bandwidth 256
ip access-list extended VPN1
permit esp host x.x.x.x host y.y.y.y (where x.x.x is my router IP address and y.y.y.y is the vpn peer 1)
ip access-list extended VPN2
permit esp host x.x.x.x host z.z.z.z (where x.x.x is my router IP address and z.z.z.z is the vpn peer 2)
ip access-list extended HTTP
permit tcp any any eq 80
permit tcp any any eq 443
permit tcp any eq 80 any
permit tcp any eq 443 any
interface dialer0
service-policy output output
02-25-2009 04:12 AM
Unless you physical interface is 1 Mbps, you'll want a "parent" policy shaper to match the downstream bandwidth. (E.g. Ethernet handoff to ADSL.)
e.g.
policy-map limit1mbps
class class-default
shape average 1000000 (or 850000 if you need to account for Ethernet overhead)
service-policy output
Then use the parent policy where you would use your existing policy.
Your child policy could be similar to what you've defined, although using a shaper alone or child policy with just a class-default FQ might suffice too.
BTW: there's always a class-default, it's implicit if you don't define it. However, when working with explict classes, I prefer to explicitly define it as FIFO (no FQ) so I can precisely allocate bandwidth for that class.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide