Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
542
Views
11
Helpful
5
Replies

Control Congestion on ADSL / IPSec VPN WAN

scottchamings
Level 1
Level 1

‎01-30-2006 03:20 AM - edited ‎03-03-2019 11:35 AM

Hi,

We have a wan consisting of a mix of ADSL 1 and ADSL 2+ links with variable sync speeds. Over the ADSL links we run 3DES IPSec Site to Site VPN.

Over this WAN we would like to put Citrix ICA traffic as the highest priority and let everything else battle over what is left.

We have tried Priority based queing but found that can lead to loads of interface resets and other errors on ethernet interfaces.

We thought of LLQ but as the sync speed can vary dpending on line conditions I had no idea what value to put into kbps for shaping etc.

Hardware wise we run a mox of 32mb, 48Mb and 64MB 837-k9's, 877-k9's with a core router of a 2821 K9 Hsec (with AIM VPN Module).

Any ideas on how to perhaps use LLQ but what values to use, does the % option work? When I look at the recorded bandwidth on the dialer or atm interfaces it doesnt equal the sync speed.....

Thanks

Scott

Labels:
0 Helpful
5 Replies 5

s.jankowski
Level 4
Level 4

‎02-03-2006 07:16 AM

check out the following link for configuring LLQ for IPSec Encryption Engine :

http://www.cisco.com/en/US/products/ps6350/products_configuration_guide_chapter09186a0080443155.html

scottchamings
Level 1
Level 1
In response to s.jankowski

‎02-05-2006 02:41 AM

thanks for the link, which gives me more confidence on configuring for IPSec tunnels. One query though is that the CIR or at least the sync speed of the links varies on a daily/weekly basis depending on line quality. SO how should I specify bandwidths?

0 Helpful

mheusinger
Level 10
Level 10
In response to scottchamings

‎02-05-2006 05:14 PM

Hello,

as a rule of thumb when setting the bandwidth: at least make sure, that there is enough for your CITRIX class. In case the speed varies it still means that there will be a guaranty of say 512 kbps (or any other value which makes sense in your environment) to this traffic. Anything else will "battle for the rest".

Queueing is only involved, when there is an overload situation detected (HW queue full). So I would be cautious in setting bandwidth. A too high value hurts and a too low value does not.

Also be aware, that you only can control the output interface, i.e. what you send to the ISP. You cannot prioritize the return traffic without the help of the ISP. It is his interface towards you which would require qos settings as well (presumably).

Hope this helps! Please rate all posts.

Regards, Martin

scottchamings
Level 1
Level 1
In response to mheusinger

‎02-05-2006 05:39 PM

Just wondering how does using the percent option go with LLQ Priority?

0 Helpful

pkhatri
Level 11
Level 11
In response to scottchamings

‎02-05-2006 05:44 PM

Hi Scott,

That option works quite well. We use it in our network when we intend to apply the same policy to interfaces with different bandwidths (allowing better re-use of policies).

You will, of course, have to accept that if your interface bandwidth changes dynamically, your actual priority bandwidth allocation (in kbps) will also vary.

Hope that helps - pls rate the post if it does.

Paresh

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card