Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
313
Views
0
Helpful
2
Replies

Traffic prioritisation within Ipsec tunnels

crhodes
Level 1
Level 1

‎02-12-2004 09:58 PM - edited ‎02-21-2020 01:02 PM

I have a WAN link between two IOS routers that will be encrypting all traffic via IPsec. I need to prioritise traffic across this link.

I'm aware of two methods I can use:

a) priority queuing and qos pre-classify

b) manipulation of diffserv bits (TOS) and service policies

One of the routers is running 12.1.22b(GD) and cannot be upgraded to 12.2.

Neither of the above mechanisms appear to be available in 12.1 GD.

Can anyone suggest another way I can achieve this with IOS 12.1 GD?

Thanks in advance for any suggestions.

Labels:
0 Helpful
2 Replies 2

owillins
Level 6
Level 6

‎02-18-2004 11:39 AM

Priority queuing is available with 12.1 and you could use this feature. Below is the link to the QoS configuration guide for 12.1. It'll help you with the options that are available.

http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/qos_c/index.htm

0 Helpful

crhodes
Level 1
Level 1
In response to owillins

‎02-18-2004 02:16 PM

Thanks for that.

I've worked out how I can set IP Precedence bits on the ingress of the IOS12.1 router via route-map, however, I don't know how to manage the traffic on the egress interface, given that all traffic is within an IPsec tunnel, and I cannot see how I can define more than one class. (eg how I could define classes according to IP Precedence bit)

So I end up with one class say IPsecTunnel, and then try and manage congestion within a single class.

eg.

interface Ethernet0/0

ip policy route-map IPsetPrecedence

route-map IPsetPrecedence permit 10

match ip route-source IP-Precedence1-acl

set ip precedence priority

!

route-map IPsetPrecedence permit 20

match ip route-source IP-Precedence2-acl

set ip precedence immediate

interface Serial3/2.1

service-policy output WBC-WANlink

crypto map LOCALMAP

policy-map WBC-WANlink

class IPsecTunnel

bandwidth percent 100

random-detect

random-detect precedence 1 64 256 100

random-detect precedence 2 96 256 100

class-map IPsecTunnel

match protocol ip

Is there a better way? (other than upgrading to IOS 12.2 and using classes based on dscp value

Thanks in advance for any advice.

0 Helpful
Customers Also Viewed These Support Documents