Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

DMVPN Hub Router QoS

Hello DMVPN Experts,

 

As we knew DMVPN Hub routers can have per-tunnel QoS configuration for the spokes.

But I am not sure the QoS configuration for the Hub site itself. I assume it should be seperated from the per-tunnel QoS and the service-policy should be applied at the physical WAN interfaces and tunnel interfaces? Need help please. Some sample configuration would be appreciated.

 

Thanks

Cedar

Everyone's tags (1)
1 ACCEPTED SOLUTION

Accepted Solutions
Super Bronze

DisclaimerThe Author of this

Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

For starters, much of the restictions you've listed apply to using both a policy on the physical interface and on the tunnel interfaces.  I recall this used to be an either or situation but some of the later IOS versions support some combinations of both (which can be very handly when you shape tunnels for far side bandwidth, but the aggregate of all your tunnels can exceed your physical interface).

That aside, I'm unsure if you understand how the hub side QoS works (as I described).

Assuming the branch just has a single tunnel to a single hub, you can apply egress QoS on the physical interface or the tunnel interface.  The latter, though, may need to be shaped, and shapers don't exactly mimic transmissions of a physical interface.  (NB: much like QoS for a p2p tunnel.)

On the hub, you define QoS service policies, which (at least on 7200s - where I've used them) can include shapers.  However, it's the branch which informs the hub which QoS policy to be used on the hub's tunnel, for egress.  Again, QoS policies and tunnels are defined on the hub, but it's the branch that determines which policy is applied to hub tunnel, for egress, to that particular branch.

On the branch tunnel interface, you use:

ip nhrp group group-name

On the DMVPN tunnel interface, you use:

ip nhrp map group group-name service-policy output qos-policy-map-name

.

.

ip nhrp map group group-nameN service-policy output qos-policy-map-name

The hub matches the group-name passed to it (via NHRP - similar to passing the branch's external IP) from the branch, and uses that to select a QoS policy for egress usage on the tunnel to that branch.

6 REPLIES
Super Bronze

DisclaimerThe Author of this

Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

The later DMVPN implementations support (hub) per tunnel QoS.  You define Qos templates on the hub, but the spoke "informs" the hub which QoS template to use on the tunnel towards it.

New Member

Hi Joseph,Thanks for the

Hi Joseph,

Thanks for the reply. 

But maybe my wording cause some mis-understanding of my question. 

Your answer is right about the per-tunnel QoS. However, my question is about the QoS for the hub site itself, instead of for the spokes. 

Sorry for the confusion.

 

Thanks

Cedar

Super Bronze

DisclaimerThe Author of this

Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

No confusion.  I understood your question.  My answer applies to the hub side.

New Member

Hi Joseph,I am afraid I am

Hi Joseph,

I am afraid I am having a bit difficulty to understand and would like to hear more if you don't mind.

We are on the same page that Per-Tunnel QoS let the spokes to control the traffics toward the hub site, which is considered inbound traffic from the WAN/Tunnel interfaces of hub router point of view. However, in order to control the inbound and/or outbound traffic of the WAN/Tunnel interfaces of the hub router, how should we configure seperate QoS configuration other than Per-Tunnel QoS templates, if we should? 

Here is what I know so far based on ASR1000 document.

http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_conn_dmvpn/configuration/xe-3s/asr1000/sec-conn-dmvpn-xe-3s-asr1000-book/sec-conn-dmvpn-per-tunnel-qos.html

Restrictions for Per-Tunnel QoS for DMVPN

...........

• The class default shaper with the QoS service policy on a physical interface that is applied to the DMVPN tunnel does not support point-to-point generic routing encapsulation (GRE) tunnels, shaper on physical interfaces, and shaper on VLAN/subinterfaces.

• QoS on a physical interface is limited only to the class default shaper on the physical interface. No other QoS configurations on the physical interface are supported when two separate QoS policies are applied to the physical and tunnel interfaces.

• Addition of a QoS policy with a class default shaper on a physical interface is not supported when multiple QoS policies are utilized.

• You can attach a per-tunnel QoS policy on the tunnel only in the egress direction.

• The class default shaper policy map on the main interface must be applied before the tunnel policy map is applied.

• The class default shaper policy map must contain only the class class-default and shape commands.

• The main interface policy map is checked for validity only when a QoS service policy is applied on the tunnel interface. The main interface policy map is not checked during a tunnel move or modification.

• Adding new classes or features to the main interface policy map is not supported. Doing so, however, will not be blocked.

 

After reading the above document, my understanding is that

1. We could have seperate policy map for physical WAN interface.

2. The policy-map for the physical WAN interface is limited to a class default shaper only.

3. The policy-map for physical WAN interface must be applied at the physical WAN interface before the tunnel policy-maps are applied at the tunnel interface.

But I am not 100% sure if it's correct.

 

Thanks,

Cedar

Super Bronze

DisclaimerThe Author of this

Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

For starters, much of the restictions you've listed apply to using both a policy on the physical interface and on the tunnel interfaces.  I recall this used to be an either or situation but some of the later IOS versions support some combinations of both (which can be very handly when you shape tunnels for far side bandwidth, but the aggregate of all your tunnels can exceed your physical interface).

That aside, I'm unsure if you understand how the hub side QoS works (as I described).

Assuming the branch just has a single tunnel to a single hub, you can apply egress QoS on the physical interface or the tunnel interface.  The latter, though, may need to be shaped, and shapers don't exactly mimic transmissions of a physical interface.  (NB: much like QoS for a p2p tunnel.)

On the hub, you define QoS service policies, which (at least on 7200s - where I've used them) can include shapers.  However, it's the branch which informs the hub which QoS policy to be used on the hub's tunnel, for egress.  Again, QoS policies and tunnels are defined on the hub, but it's the branch that determines which policy is applied to hub tunnel, for egress, to that particular branch.

On the branch tunnel interface, you use:

ip nhrp group group-name

On the DMVPN tunnel interface, you use:

ip nhrp map group group-name service-policy output qos-policy-map-name

.

.

ip nhrp map group group-nameN service-policy output qos-policy-map-name

The hub matches the group-name passed to it (via NHRP - similar to passing the branch's external IP) from the branch, and uses that to select a QoS policy for egress usage on the tunnel to that branch.

New Member

Hi Joseph,I will try policy

Hi Joseph,

I will try policy maps on both physical WAN interface and tunnel interfaces on the hub router.

And thanks for the explaination of how per-tunnel QoS works on the hub site. I think I mis-understood how it works.

Appreciate it.

Cedar

182
Views
0
Helpful
6
Replies
CreatePlease login to create content