09-17-2010 11:37 AM - edited 03-06-2019 01:02 PM
Hello!
I have a QoS related question.
We have Site A and Site B
Every Site has a WAN Internet Connection on Subint Gi0/1 with Gi0/1.1 and Gi0/1.2
Thats the WAN Part. Internals surft thru NAT there. (only on one Connection currently)
This Connections host a GRE IPSEC TUNNEL Tunnel1 from Site A to Site B and Vice Versa.
The Tunnel runs on exactly one Internet Connection (currently Gi0/1.1)
Also on Site A and Site B there is a LAN. Both LAN are Connected thru the IPSEC Tunnel. We have Static routes and different Subnets.
What i want to do (but i am to stupid to do so):
1) Limit "surfing" Traffic (which is everything except the Traffic needed for the Tunnel to 7MBIT (from 10))
2) Reserve 3MBIT of the Tunnel Connection for SIP,RTP and SSH (nbar is running)
3) Make Tunnel Traffic more important than Surfing Traffic (e.g. Copy Files should not be reduced by iso downloads) but respect 3MBIT reserved for SIP RTP SSH
Gi0/1 - Main Interface
Gi0/1.1 - SubInterface for WAN Internet
Tunnel1 - source is WAN on Gi0/1.1 GRE with IPSEC
This is all running on 12.4 advipserv on a C2821
I tried fiddling around with parent and child policies and policie command etc but it doesnt seem to work
Thanks for your help!
;)
Solved! Go to Solution.
09-18-2010 05:05 AM
Hi,
You can start from the following config, and modify from there.If you experience high cpu after configure the QoS, you can disable nbar, and match base on ACL.
class-map match-any mark_critical
match protocol SIP
match protocol RTP
match protocol SSH
policy-map mark
class mark_critical
set ip dscp 46
class class-default
police 7000000 conform-action set-dscp-tranmit af21
int x/x (LAN interface)
service-policy in mark
policy-map shape_10m
class class-default
shape 10000000 100000
service-policy qos
class-map critical
match ip dscp 46
policy-map qos
class critical
priority 3m
class class-default
fair-queue
random-detect dscp_based
int g0/1.1
service-policy out shape_10m
HTH,
Lei Tian
09-18-2010 05:05 AM
Hi,
You can start from the following config, and modify from there.If you experience high cpu after configure the QoS, you can disable nbar, and match base on ACL.
class-map match-any mark_critical
match protocol SIP
match protocol RTP
match protocol SSH
policy-map mark
class mark_critical
set ip dscp 46
class class-default
police 7000000 conform-action set-dscp-tranmit af21
int x/x (LAN interface)
service-policy in mark
policy-map shape_10m
class class-default
shape 10000000 100000
service-policy qos
class-map critical
match ip dscp 46
policy-map qos
class critical
priority 3m
class class-default
fair-queue
random-detect dscp_based
int g0/1.1
service-policy out shape_10m
HTH,
Lei Tian
09-18-2010 03:05 PM
Thanks i made some syntactical changes:
class-map match-any markcritical
match protocol SIP
match protocol RTP
match protocol SSH
policy-map mark
class markcritical
set ip dscp 46
class class-default
police 7000000 conform-action set-dscp-transmit af21
int gi0/0.1
service-policy in mark
policy-map shape10m
class class-default
shape average 10000000 100000
service-policy qos
class-map critical
match ip dscp 46
policy-map qos
class critical
priority 3000
class class-default
fair-queue
random-detect dscp-based
int g0/1.1
service-policy out shape10m
So this mean i have QOS on my tunnel olso (qos pre-classify)
09-18-2010 05:32 PM
Hi,
This looks good; let's deploy it and see if that meets all requirements.
qos pre-classify is used when we want to classify based on L3 information from inner IP header (before encapsulation/encryption). Here, we are classifying on the LAN interface, and set DSCP. The DSCP valure will be copied to GRE header and ESP header by default, so, we don't have to configure qos pre-classify under tunnel and crypto-map here.
HTH,
Lei Tian
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide