Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Simple shaping and QoS on a IPSEC/GRE tunnel

Unanswered Question

Hi !

We have a VPN gateway with around 20 tunnels to different locations around the world. Customers buy a certain bandwith from us, which often, but not always is limited by their remote internet connection.

Central internet connection is big, so no bottleneck there..

I'm looking for to provide a traffic shaping functionality to shape them to their "paid-for" bandwith.

Both for our cause, not to give anything for free, and also not to overload the remote end.

I would also like to provide a basic QoS, unfortunately it seems like CBWFQ is not supported on tunnel interfaces. RED works though...

I've done a basic configuration - what do you think of this ? :

class-map match-any tunnel

match any


policy-map qos

class tunnel

bandwidth percent 95



policy-map 384kb

class class-default

shape average 384000

service-policy qos


interface Tunnel11

bandwidth 384

ip address x.x.x.x

ip mtu 1420

load-interval 30

service-policy output 384kb

tunnel source FastEthernet0/0

tunnel destination x.x.x.x

crypto map ToRemote

/ Daniel

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Anonymous (not verified) Tue, 03/16/2004 - 15:52
User Badges:

I guess the config is right. The min CIR which the customer will configure was 1/2 CIR and he will be bursting his traffic to the access rate of the link. So you should calculate the bandwidth guranteed accordingly


This Discussion