Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

IPSEC VPN over GRE Tunnels - QoS

We have multiple IPSEC VPN over GRE tunnels and I am looking at QoS over the WAN for these tunnels. Can anyone suggest where to start? Reading material? Blog?

10 REPLIES
Community Member

Anyone? 

Anyone?

 

Super Bronze

DisclaimerThe Author of this

Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

Where to start depends on what you know, or don't know, about QoS.

Depending on the platform, you can place QoS on the tunnel interface and/or the physical interface.  For the latter, there's often an option to "shadow" the original IP header for QoS processing of the tunnel packets.  Without the "shadow" copy, you can still process tunnel packets using the ToS as most Cisco implementations copy it from the original packet.  (This is all that transit devices' QoS have to work with.)

With tunnels, encrypted or not, shaping is often a requirement for an effective QoS implementation.  Also with tunnels, it's a good idea to avoid packet fragmentation caused by encapsulation.

 

Community Member

I have used auto QoS only and

I have used auto QoS only and local LAN only as well. So WAN is a new thing for me. So articles and some config examples would be helpful too. QoS is a beast I hear.

Super Bronze

DisclaimerThe Author of this

Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

Oh, there's much for you to learn then.

QoS isn't really too difficult, but you need to know a lot of it to understand how to use it (well).

You might start here: http://www.cisco.com/c/en/us/solutions/enterprise/design-zone-application-performance/landing_cVideo.html

Community Member

Is NBAR still a popular thing

Is NBAR still a popular thing these days? Can you recommend any lab type scenarios that I can verify my learning with?

Super Bronze

DisclaimerThe Author of this

Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

I don't know how popular NBAR is.  I liked it and Cisco has developed NBAR2.  So, I guess they like it too.  wink

QoS labs can be difficult to setup, as you need to push traffic to cause congestion for many kinds of QoS to "engage", and then, you really want to simulate different traffic behaviors.

Community Member

How can you start to get an

How can you start to get an idea of what traffic is going through your device?

Super Bronze

DisclaimerThe Author of this

Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

One possibility, NBAR has an analysis mode.

Community Member

I assume you must enable NBAR

I assume you must enable NBAR first and let it collect data.

Super Bronze

Yep.

Yep.

102
Views
0
Helpful
10
Replies
CreatePlease to create content