Remarking eigrp packets to precedence 3, is it possible?

g.eleftheriou · ‎09-03-2010

Hi People,

I have a DMVPN with 100 spokes and two hubs over MPLS. I have eigrp over encrypted gre and I notice that I have a lot of hold time expired for some spokes. First I think I should increase hold time from 15secs to 60secs since this is a wan link. Is this a good idea?

2nd, my provider only treats preferably packets matched with precedence 3 and everything else is remarked to 0.

So I would like to remark eigrp packets generated from the spoke router to precedence 3. Is this possible?

I tried a policy with match protocol eigrp, set precedence 3, but I don't see any matches.

class-map match-any preced-3
match protocol eigrp

policy-map new_branch_policy
class preced-3
bandwidth percent 50
set precedence 3

Lei Tian · ‎09-03-2010

Hi,

Yes, it is possible to remark eigrp packets. Which interface did you apply the policy-map? On what platform?

I think you try to increase the hold timer and leave the hello timer as default, see if that helps.

Regards,

Lei Tian

g.eleftheriou · ‎09-03-2010

ok, i think i made a mistake by applying the policy map on the physical outbound interface.

However since the eigrp gets encrypted I think it should be applied on the dmvpn tunnel interface.

My only problem is that the tunnel interface doesn't accept service-policy.

So how can I remark eigrp packets generated from the same router before they leave the outbound interface?

Lei Tian · ‎09-03-2010

Yes, apply on physical interface will not match eigrp packets.

Tunnel is a logical interface, there is no tx-ring to generate back pressure for software queueing to kick in. You cannot CBWFQ on tunnel interface. Remove the bandwidth statement and then apply the policy-map on tunnel should be fine.

If you want use CBWFQ, then you have to use HQOS.

Regards,

Lei Tian

francisco_1 · ‎09-03-2010

if you apply it on the physical, you could use qos preclassify command on the physical. The 'qos pre-classify' command configures the IOS to make a temporary copy of the IP packet before it is encapsulated or encrypted so that the service policy on the (egress) interface can do its classification based on the original (inner) IP packet fields rather than the encapsulating (outer) IP packet header.

Francisco

g.eleftheriou · ‎09-03-2010

qos preclassify is on on the tunnel interface. on the physical is not possible to add it.

the service-policy command is not accepted at all at the tunnel interface (this is mgre interface, on gre I could put it)

I get % Invalid input detected at '^' marker. IOS is adv security 124-22.T5 on 2811

Lei Tian · ‎09-03-2010

Yes, starts from 12.4(22)T, the DMVPN QOS model has changed to per-tunnel qos. The remarking policy need to be configured on hub site. See the configuration example.

http://www.cisco.com/en/US/docs/ios/sec_secure_connectivity/configuration/guide/sec_per_tunnel_qos_ps10592_TSD_Products_Configuration_Guide_Chapter.html#wp1054152

Regards

Lei Tian

Lei Tian · ‎09-03-2010

Just tested another way do remark EIGRP packet. Apply policy-map on physical interface use follwing config.

class-map REMARK

match ip dscp 48

policy-map REMARK

class REMARK

set ip prec 3

int X/X physical interace

service-policy out REMARK

Regards,

Lei Tian