08-01-2010 01:19 PM - edited 03-04-2019 09:16 AM
Ladies & Gentlemen:
Can you please review the proposed attached QOS design file, and please provide your comment. I got two WAN Core Router, dedicated for each Serivce Provider and I also got two dedicated VPN termination router. For braches connectivity to Head Office vice versa I am using IPSec transport mode with encrypted GRE Tunnel (using EIGRP). Below is my QOS plan.
WAN Core Router - Apply "service-policy output" into physical interface or sub.interface (facing to PE)
VPN Termination Router - Apply "qos pre-classify" on Interface Tunnel Interface & Crypto map.
Hope to receive your comment and suggestion soon.
Thanks very much,
Arnold
08-01-2010 05:19 PM
Arnold,
The design seems sound. The only thing I am curious about is why are you configurating QoS pre-classify on the tunnel interface on the VPN router if you have no egress service-policy on that router?
Thanks,
Greg
08-01-2010 09:03 PM
Hi George,
Thanks for prompt reply, here's my plan, please make any suggestion on this
Data Center Swtich - Traffic classification & marking for server traffic based on IP Address, then set its DSCP to the following:
High Priority Application = AF31
Low Priority Application = AF21 or AF11
Unclassified Traffic = Best Effort
Access Switches - Traffic classification & marking for RTP & Call/Controll signaliing traffic
RTP = EF
Call/Control Signalling = CS3
Core Switch - DSCP to Queue mapping
VPN Terminaton Router - Since classification and marking is not done here (done before entering the router) so no need to put a "qos pre-classify" on the tunnel interface and crypto map? is this correct?
WAN Core Router = Service policy will be apply on the physical interface facing PE Router
Note: by matching traffic from Data Center Switch & Access Switch based on its DSCP value
Any comment or suggesiton on the above plan will be appreciated.
Regards,
08-10-2010 01:47 PM
Hi Gregory,
Hope you're doing well,
The reason why I am considering applying it on the VPN router Tunnel interface is that I want to have full controll of the traffic going to remote branch. Like for instance.
Head Office Classification.
RTP (Voice ) = 5mb/s
Critical Application = 5mb/s
Less Critical Application = 5mb/s
Best Effort = 5mb/s
Remote Office 1
RTP (Voice) = 256kb/s
Critical Application = 256kb/s
Less Critical Application = 256kb/s
Best Effort = 256kb/s
Remote Office 2
RTP (Voice) = 500kb/s
Critical Application = 500kb/s
Less Critical Application = 500kb/s
Unclassified = 500kb/s
If I will apply "service-policy output" to the WAN Edge Router (HO) interface (facing PE), the Router in Head Office might send morethan 1mb of RTP traffic say for example to Remote Office 1 as per example above I allocate 5mb/s for RTP in HO, which if this happen can cause huge amount of inbound traffic to Remote Office 1. Unlike in VPN tunnel interface I have a full controll on what amount of bandwidth I will assign to a particular class going to its peer tunnel (remote office).
Regards,
08-02-2010 02:02 AM
Your QoS design is Ok, except that you dont (QoS pre-classify) because your IP packet is already classified before entering this router.
HTH
Mohamed
08-02-2010 11:43 AM
what's the best approach to apply "service-policy"? is it in VPN Termination Router Tunnel Interface or in WAN Core Router?
08-03-2010 04:37 AM
Arnold,
you should apply your QoS policy outbound direction on the Network Edge wher your WAN link is terminated.
In this situation, it should be applied on the WAN routers not the VPN router.
HTH
Mohamed
08-04-2010 12:53 PM
The reason why I am considering applying it on the VPN router Tunnel interface is that I want to have full controll the traffic going to remote branch.
Head Office Classification.
RTP (Voice ) = 5mb/s
Critical Application = 5mb/s
Less Critical Application = 5mb/s
Best Effort = 5mb/s
Remote Office 1
RTP (Voice) = 256kb/s
Critical Application = 256kb/s
Less Critical Application = 256kb/s
Best Effort = 256kb/s
Remote Office 2
RTP (Voice) = 500kb/s
Critical Application = 500kb/s
Less Critical Application = 500kb/s
Unclassified = 500kb/s
If I will apply "service-policy output" to the WAN Edge Router interface (facing PE), the Router in Head Office might send moretan 1mb of RTP traffic say for example to Remote Office 1 as per example above I allocate 5mb/s for RTP in HO, which if its happen can cause inbound traffic to Remote Office 1 saturated. Unlike in VPN tunnel interface I have a full controll on what amount of bandwidth I will assign to a particular class going to its peer tunnel (remote office).
Regards,
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: