cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1160
Views
3
Helpful
9
Replies

VPN GRE QOS tunnel how do i ?

c.goona
Level 1
Level 1

i have two sites connected by VPN, i run a GRE tunnel between both so that eigrp works. This is fine for data but voip is poor.

I would like to prioritorise the voip traffic over the GRE tunnel but can't find any examples where this has been done.

Has anyone done this?

2 Accepted Solutions

Accepted Solutions

dtayman10
Level 1
Level 1

Mark the packets coming into the router at the LAN interafce. Add the command QOS pre-classify to the Tunnel interface and Crypto-map. At this point you can either enable Fair-queueing on the WAN interface or build a Service policy and add that to the WAN interface. Fair-queueing, by default will use the precedence bits to prioritize traffic. So the packets will already be in the correct order (prioritized) by the time they enter the tunnel. You can also use a service policy and guarantee bandwidth to certain classes. The policy also uses Fair-queue to prioritize the highest TOS bits first.

In the attached sample:

#Policy "LAN" would go on the LAN interface

interafce FAST0/0

service-policy input LAN

#Policy "QOS-128-Port" would go on the WAN interface

interface s0/0

service-policy output QOS-128-Port

*You cannot have fair-queue enabled on an inbound service policy

----------------------------------------------------

View solution in original post

afueloep
Level 1
Level 1

Hallo c.goona,

you want to use LLQ for Voice with dscp marking and the command

"qos pre-classify" for your (gre+3des) tunnel.

Router(config-crypto-map)# qos pre-classify

regards

Alfred

View solution in original post

9 Replies 9

smalkeric
Level 6
Level 6

Did you try the qos pre-classify command??

Hi Sam

Thanks for taking the time to look at my problem, I probably didnt explain the problem very well. I can mark the packets no problem but its what to do with them when they hit the tunnel that throws me.I have attached a basic config showing what i am tring to do

dtayman10
Level 1
Level 1

Mark the packets coming into the router at the LAN interafce. Add the command QOS pre-classify to the Tunnel interface and Crypto-map. At this point you can either enable Fair-queueing on the WAN interface or build a Service policy and add that to the WAN interface. Fair-queueing, by default will use the precedence bits to prioritize traffic. So the packets will already be in the correct order (prioritized) by the time they enter the tunnel. You can also use a service policy and guarantee bandwidth to certain classes. The policy also uses Fair-queue to prioritize the highest TOS bits first.

In the attached sample:

#Policy "LAN" would go on the LAN interface

interafce FAST0/0

service-policy input LAN

#Policy "QOS-128-Port" would go on the WAN interface

interface s0/0

service-policy output QOS-128-Port

*You cannot have fair-queue enabled on an inbound service policy

----------------------------------------------------

Hi Dave

Thanks for you reply. It sounds like the command i need. Problem i have now is that out 5500 RSM does not support an IOS version that allows the qos pre-classify command. I am ordering another router so i can try this out on our VoIP connection

afueloep
Level 1
Level 1

Hallo c.goona,

you want to use LLQ for Voice with dscp marking and the command

"qos pre-classify" for your (gre+3des) tunnel.

Router(config-crypto-map)# qos pre-classify

regards

Alfred

Hello Alfred,

Just to clarify, if I am using GRE tunnnel without IPSEC, do I still need the 'qos pre-classify' or are the precedence bits copied anyway ?

Thanks for any help

Antonis

Hi Alfred

Thanks for your reply, our VPN tunnel is built on a concentrator. The pre-classify command is the one i need though.

thanks

Dont see any support for 1700 routers with the QoS pre-classify command ? Does any one know if its possible to do QOS preclassify on a 1720 or 1721 router with a VPN module in it ?

Sankar Nair
UC Solutions Architect
Pacific Northwest | CDW
CCIE Collaboration #17135 Emeritus

i have it working on a 1760 but had to change the ios to get it.I used the cisco software advisor under tools to find it. Hope this helps

colin

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: