QoS on DMVPN spoke router

Unanswered Question
Jun 5th, 2009
User Badges:

I have a DMVPN setup and on the spoke router the tunnel interface is T0 and it's on FE0/0 where the ISP router is connected. The total bandwidth is 1.5Mbps.

I have IP phone traffic on the VPN tunnel and I want to prioritize it. However the local internet traffic goes directly out of FE0/0, not through the tunnel. How can I setup the QoS so the phone traffic on the vpn tunnel will have priority and guaranteed bandwidth while the internet traffic will still be able to fully utilize the 1.5 link when there is no phone traffic? Thanks!

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
ricey Tue, 06/09/2009 - 08:36
User Badges:

I am doing a very similar setup at he mo, the only difference is that internet traffic is tunneled to the hub site as well, but I don't think that should make a difference. If you add qos pre-classify statement to the tunnel interface that will ensure traffic is classified for QoS prior to being encrypted. Use a priority command to use low latency queueing for voice traffic (other traffic will be able to use this bandwdith when voice does not require it) something like.....

int tunnel0

qos pre-classify

class-map voice

match dscp ef

policy map enterprise

class voice

priority 256 (kbps, that may be too much)

class class-default

fair queue

You may want to shape the traffic as well to stop packets leaving your router at 100 mbps you can do this something like.....

policy-map shape

class class-default

service-policy enterprise

Then apply the new policy map to the interface, e.g.

interface fast0/0

service-policy shape

The other thing you may want to consider is auto qos (this will monitor packets based on NBAR or DSCP (I reckon DSCP is better) and provide info and recommend (but not implement a policy) to do this...

interface fast0/0

auto discovery qos trust (trust specifies using dscp, if you don't use that you would need to enable nbar)

I'm no expert on QoS but thats how I am currently setting it up

ricey Tue, 06/09/2009 - 08:49
User Badges:

forgot the shape command which might help if you want to shape traffic, so it would be......

policy-map shape

class class-default

service-policy enterprise

shape average 1500000

Difan Zhao Wed, 06/10/2009 - 08:13
User Badges:

Thank you for your reply Ricey! It's very helpful! Just some questions about the config:

1. So the policy-map "shape" only needs to be put under f0/0, but not T0 interface?

2. "qos pre-classify" under t0 interface, what does it do?

3. I see that you nest policy-map "enterprise" under "shape". Can I simply use "enterprise" under f0/0?


Joseph W. Doherty Wed, 06/10/2009 - 11:37
User Badges:
  • Super Bronze, 10000 points or more

Richard (Ricey) hope you don't mind me answering these questions.

#1 The real interface would be the preferred location (in case there was other traffic besides just the one tunnel's traffic).

#2 It allows the service policy to see packet information before it was encrypted. (An alternative approach is to rely on ToS tags, e.g. DSCP.)

#3 You could, but the shaper is critical to create congestion that corresponds to the downstream bandwidth. Otherwise, VoIP wouldn't be treated better until the f0/0 congested. (Also, when working with Ethernet that hands off [eventually] to another media, you may need to allow for Ethernet framing overhead in your shaping. Also for VoIP, you might need to decrease the shaper's Tc.)


This Discussion