×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

QOS on DMVPN topology

Unanswered Question
Feb 21st, 2014
User Badges:
Click here to signup or login to your jollywallet account, check your cash back balance, and to manage your account and app preferences.
Manage jollywallet
About
jollywallet makes you money by giving you cash back when shopping thousands of online merchants such as Gap.com, Skype.com, Heels.com and many more...


For more details please click here.
Share
Facebook
Twitter
Email

We're running dual hub dual dmvpn topology as you can see on the picture with 12spokes which I want to implement qos for.


There are 2 major possible ways to implement QoS:


1: service policies applied to physical interfaces

int Gi0/0

service-policy output group1_parent


2: service policies applied to tunnel interfaces (on HUBs)

interface tunnel 1

ip nhrp map group spoke_group1 service-policy output group1_parent

http://www.cisco.com/en/US/docs/ios-xml ... el-qos.pdf



I  wanted to go for the second option, because I thought that HUBs would  force its qos policies to SPOKES via nhrp, but then realised that those  qos policies apply only for traffic from HUBs to other SPOKEs. But what  about SPOKE->SPOKE and SPOKE->HUB traffic?


What option is better to go for... option 1 only? or mix both options?



Thanks

Attachment: 
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4.5 (2 ratings)
Loading.
Vishesh Verma Fri, 02/21/2014 - 17:28
User Badges:
  • Bronze, 100 points or more

Hi Zuno,


To this date dynamic QoS for spoke-to-spoke traffic is not supported on DMVPN. You can only apply it to physical interface on the spokes.


spoke-to-spoke QoS is supported in FlexVPN. If you want to, you can plan the migration. (Following are some migration docs)


http://www.cisco.com/c/en/us/support/docs/security/flexvpn/116678-configure-product-00.html

http://www.cisco.com/c/en/us/support/docs/security/dynamic-multipoint-vpn-dmvpn/115726-flexvpn-hardmove-same-00.html

http://www.cisco.com/c/en/us/support/docs/security/flexvpn/115727-flexvpn-hard-hub-00.html


Frederic Detienne(Distinguished Engineer at Cisco) explained about FlexVPN and its QoS implementation in session BRKSEC-3013 at Cisco Live(Use following link to watch for video and presentation slides)


https://www.ciscolive.com/online/connect/sessionDetail.ww?SESSION_ID=6051&tclass=popup


-Vishesh

zuno_bank Mon, 02/24/2014 - 07:23
User Badges:
Click here to signup or login to your jollywallet account, check your cash back balance, and to manage your account and app preferences.
Manage jollywallet
About
jollywallet makes you money by giving you cash back when shopping thousands of online merchants such as Gap.com, Skype.com, Heels.com and many more...


For more details please click here.
Share
Facebook
Twitter
Email
Coupons
$5 off $50+, $10 of $100+, $15 off $150+, $25 off $200+ or $40 off $30...
Plus 3.00% cash back!
Only 5 days left !
Code:SAVEAFF03012014

Hello Vishesh,


thanks for reply.


I would rather stay with DMVPN and workaround QoS.

Would you prefer standard qos applied on physical interfaces only or mixing it with DMVPN qos on HUBs?

I can't accept DMVPN qos on hubs only because I necessarily need SPOKE-TO-SPOKE qos especially for VoIP.


-Richard

Vishesh Verma Tue, 02/25/2014 - 15:03
User Badges:
  • Bronze, 100 points or more

If you are interested in setting QoS for voice, then you should apply qos on physical interface of the spokes and classify traffic via dscp marking. QoS pre-classify would be required on the tunnel.


-Vishesh

Joseph W. Doherty Wed, 02/26/2014 - 03:18
User Badges:
  • Super Bronze, 10000 points or more

Disclaimer


The  Author of this posting offers the information contained within this  posting without consideration and with the reader's understanding that  there's no implied or expressed suitability or fitness for any purpose.  Information provided is for informational purposes only and should not  be construed as rendering professional advice of any kind. Usage of this  posting's information is solely at reader's own risk.


Liability Disclaimer


In  no event shall Author be liable for any damages whatsoever (including,  without limitation, damages for loss of use, data or profit) arising out  of the use or inability to use the posting's information even if Author  has been advised of the possibility of such damage.


Posting


If you are interested in setting QoS for voice, then you should apply qos on physical interface of the spokes and classify traffic via dscp marking. QoS pre-classify would be required on the tunnel.

BTW, if you're using ToS for physical egress, most DMVPN, I believe, copies original packet's ToS to GRE's ToS, so pre-classify isn't necessary.  Pre-classify is necessary if your physical egress wants to examine other than ToS.  An example, would be using FQ within an egress class which needs to "see" original src/dest to identify different flows.

zuno_bank Wed, 02/26/2014 - 08:21
User Badges:
Click here to signup or login to your jollywallet account, check your cash back balance, and to manage your account and app preferences.
Manage jollywallet
About
jollywallet makes you money by giving you cash back when shopping thousands of online merchants such as Gap.com, Skype.com, Heels.com and many more...


For more details please click here.
Share
Facebook
Twitter
Email
Coupons
$5 off $50+, $10 of $100+, $15 off $150+, $25 off $200+ or $40 off $30...
Plus 3.00% cash back!
Only 3 days left !
Code:SAVEAFF03012014

Yes, thats true. The original packet's ToS is copied to GRE's ToS and to IPsec's ToS even without using pre-classification.


In my case it would be neccessary because of doing queuing and classification within the same policy-map on an egress interface.

Joseph W. Doherty Wed, 02/26/2014 - 12:45
User Badges:
  • Super Bronze, 10000 points or more

Your postings have some kind of overlay.  Unable to read you response.

zuno_bank Thu, 02/27/2014 - 00:24
User Badges:
Click here to signup or login to your jollywallet account, check your cash back balance, and to manage your account and app preferences.
Manage jollywallet
About
jollywallet makes you money by giving you cash back when shopping thousands of online merchants such as Gap.com, Skype.com, Heels.com and many more...


For more details please click here.
Share
Facebook
Twitter
Email
Coupons
$5 off $50+, $10 of $100+, $15 off $150+, $25 off $200+ or $40 off $30...
Plus 3.00% cash back!
Only 2 days left !
Code:SAVEAFF03012014

Yes, thats true. The original packet's ToS is copied to GRE's ToS and to IPsec's ToS even without using pre-classification.


In  my case it would be neccessary because of doing queuing and  classification within the same policy-map on an egress interface.

Joseph W. Doherty Thu, 02/27/2014 - 02:12
User Badges:
  • Super Bronze, 10000 points or more

Disclaimer


The   Author of this posting offers the information contained within this   posting without consideration and with the reader's understanding that   there's no implied or expressed suitability or fitness for any purpose.   Information provided is for informational purposes only and should not   be construed as rendering professional advice of any kind. Usage of  this  posting's information is solely at reader's own risk.


Liability Disclaimer


In   no event shall Author be liable for any damages whatsoever (including,   without limitation, damages for loss of use, data or profit) arising  out  of the use or inability to use the posting's information even if  Author  has been advised of the possibility of such damage.


Posting


Same as before, but I was able to read email copy, although it too has overlay (just not same positions).  Something about jollywallet and coupons.


As to doing classification on egress, again, pre-classify is needed if you classify on more than ToS.  If you do, then you'll want to enable it.

Actions

This Discussion

Related Content