03-01-2012 04:57 PM - edited 03-04-2019 03:30 PM
I am trying to configure QOS on a Cisco 861 router. The problem we are trying to solve is that when someone downloads a file from the internet it causes the RDP sessions that connect to an offsite server to slow down tremendously. I no very little about QOS but I think that this solution should be fairly simple.
The Goal:
I want to setup QOS so that all traffic going over the GRE Tunnel is prioritized over general internet traffic in particular large downloads.
Current setup:
The router has a T1 connection coming in on the WAN interface
It has an IPsec over GRE tunnel going to another site where a Windows Terminal server is hosted.
This is what i have so far. Am I heading in the right direction?
ip access-list extended WAN-QOS-ACL
permit gre any any
class-map match-any WAN-QOS-CM
match access-group name WAN-QOS-ACL
policy-map WAN-QOS-PM
class WAN-QOS-CM
priority 1024
class class-default
fair-queue
int fa0 (LAN interface)
service-policy input WAN-QOS-PM
03-01-2012 05:11 PM
Yes you are good with the configs. But this won't work unless you specify qos pre-classify command under your tunnel interface. The reason behind that is, QoS policy is enforced only after the encapsulation happens.
So, do the below as an example
interface tunnel 0
ip address x.x.x.x
qos pre-classify
Hope this helps
Vivek
03-01-2012 06:08 PM
Thanks for the reply Vivek. I added the qos pre-classify command in but it is still not working for me. One thing I found too is that i cannot put the service-policy inbound on the internal LAN interface like i was hoping to do. When I try it gives me the error: "Low Latency Queueing feature not supported in input policy." I have tried applying it to both the WAN facing and LAN facing interfaces using the output command but as i expected this did not work. Does this router simply not support this method of QOS?
03-01-2012 06:45 PM
I think i missed to see some important things. Apply the service policy on the outbound direction.
03-01-2012 06:52 PM
It does not seem to work after having put it on the outbound interface. I have tried it on both the WAN and the LAN links. I don't know if it makes a difference but the LAN side is a Layer 2 interface and does not support layer three. I have it assigned to a VLAN that has an IP address assigned to it and acts as the default gateway address.
03-01-2012 08:05 PM
Please provide me the model of cisco router you are on.
03-01-2012 08:07 PM
it is an 861 ISR
03-01-2012 08:33 PM
asking you lot of questions, sorry
1) What is the bandwidth of your internet link?
2) Is there a congestion noticed while downloading a huge file over internet?
You can apply the LLQ on the tunnel interface by creating a low level policy & applying then policy over a high level. You need to have a class based shaping configured though. Below is the config you may have to do
policy-map WAN-QOS-PM_CHILD (child policy)
class WAN-QOS-CM
priority 1024
!
policy-map WAN-QOS-PM_PARENT (Parent top level policy)
class class-default
shape average 2000000 (depends on the bandwidth of your link - just a sample)
service-policy WAN-QOS-PM_CHILD
interface Tunnel0
service-policy output WAN-QOS-PM_PARENT
You cannot apply your service policy on your LAN interface as it's Layer2. You will never get a match on your ACL on that interface so you need this to be applied on the tunnel interface in my opinion.
Hope this will help.
Vivek
03-01-2012 08:46 PM
The wan link is a T1 so 1536k.
There is very noticeable congestion when downloading files.
03-01-2012 08:57 PM
i tried this configuration on my router with the shape average set to 150000 and i did not get any noticeable difference unfortunately.
While I was tinkering with the bandwidth command with the original configuration i was able to get some results but it was not as much as I was hoping for.
My test i have been using is downloading a file accross the tunnel and then starting an internet download. I typically will get a full 150KBPS download from the internet but when i use the bandwidth command and the original config I have been able to get it to lower the download rate from the internet to about 100KBPS. This was with bandwidth setting set to 1024. I also used a different access list for this that permitted the local IPs used within the LAN on both sides of the tunnel. I was expecting to see something more like a 50KBPS download from inet and 1024K reserved for my tunnel's use.
03-01-2012 09:49 PM
Could you please post me the below outputs
show policy-map interface
03-02-2012 08:55 AM
Disclaimer
The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
Liability Disclaimer
In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
Posting
If the congestion issue is inbound (to you) from Internet, it's very, very difficult to manage this kind of congestion without a special traffic shaping appliance (and even they can struggle) unless you can also manage the far side's egress.
I recommend for consideration two Internet links, one for "routine" Internet traffic and one for dedicated VPN tunnels running across the Internet. With a Internet link dedicated to VPN, you can often achieve QoS results similar to dedicated links.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide