Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5747
Views
5
Helpful
8
Replies

QOS on GRE over IPSec Tunnel

Go to solution
Brunhuber Adrian
Level 1
Level 1

‎01-23-2012 10:26 AM - edited ‎03-04-2019 03:00 PM

Hi i`m familiar with the QOS concepts and i have done some implementations.

I have a 20+ remote locations with users trying to access a server over site2site VPN (GRE over Ipsec tunnels)
I have created the folowing diagram

qos.jpg

I want on the remote routers to prioritize (priority or bandwidth) the traffic going to the 192.168.0.10 server.The configuration i`ve made so far is :

class-map match-any QOS

match access-group 160

!

!

policy-map output

class QOS

  bandwidth 2000 class-map match-any QOS
match access-group 160
!
!
policy-map output
class QOS
  bandwidth 2000

I have created the folowind ACL
access-list 160 permit ip any host 192.168.0.10
(i have the route in my routing table via OSPF that goes to reache the server via Tunnel 0)


When i try to apply the policy map to the tunnel interface in the output direction i get the folowing error.


Weighted Fair Queueing feature is not supported in user defined class of parent level policy

When it try applying the policy map to the fizical interface it works but i don`t get any matches.
How would you do QOS in my scenario and where i`m doing wrong.
Thanks.

1 person had this problem
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Edison Ortiz
Hall of Fame
Hall of Fame

‎01-23-2012 10:50 AM

When an interface becomes congested and packets start to queue, you can apply a queueing method to packets that are waiting to be transmitted. Cisco IOS logical interfaces—tunnel interfaces in this example—do not inherently support a state of congestion and do not support the direct application of a service policy that applies a queueing method. Instead, you need to apply a hierarchical policy. Create a "child" or lower-level policy that configures a queueing mechanism, such as low latency queueing with the priority command and class-based weighted fair queueing (CBWFQ) with the bandwidth command.

policy-map child 

class voice

priority 512

Create a "parent" or top-level policy that applies class-based shaping. Apply the child policy as a command under the parent policy because admission control for the child class is done according to the shaping rate for the parent class.

policy-map tunnel 

class class-default

shape average 2000000

service-policy child

Apply the parent policy to the tunnel interface.

interface tunnel0 

service-policy tunnel

http://www.cisco.com/en/US/docs/ios/12_4/interface/configuration/guide/inb_tun.html#wp1078284

Regards,

Edison

View solution in original post

8 Replies 8

Go to solution
Edison Ortiz
Hall of Fame
Hall of Fame

‎01-23-2012 10:50 AM

When an interface becomes congested and packets start to queue, you can apply a queueing method to packets that are waiting to be transmitted. Cisco IOS logical interfaces—tunnel interfaces in this example—do not inherently support a state of congestion and do not support the direct application of a service policy that applies a queueing method. Instead, you need to apply a hierarchical policy. Create a "child" or lower-level policy that configures a queueing mechanism, such as low latency queueing with the priority command and class-based weighted fair queueing (CBWFQ) with the bandwidth command.

policy-map child 

class voice

priority 512

Create a "parent" or top-level policy that applies class-based shaping. Apply the child policy as a command under the parent policy because admission control for the child class is done according to the shaping rate for the parent class.

policy-map tunnel 

class class-default

shape average 2000000

service-policy child

Apply the parent policy to the tunnel interface.

interface tunnel0 

service-policy tunnel

http://www.cisco.com/en/US/docs/ios/12_4/interface/configuration/guide/inb_tun.html#wp1078284

Regards,

Edison

Go to solution
Brunhuber Adrian
Level 1
Level 1
In response to Edison Ortiz

‎01-23-2012 11:27 AM

Thanks for your answer.
I have done in the same manner some time ago,but i thought it was a "workaround" and in the industry there must be a "cleaner" way to do this.
Let me understand,the priority is in effect only when the shaping is on ? Or how the router senses the congestion because from what i have read the QOS mechanisms are on only when is congestion.
Thanks.

0 Helpful

Go to solution
Edison Ortiz
Hall of Fame
Hall of Fame
In response to Brunhuber Adrian

‎01-23-2012 11:29 AM

It won't sense congestion per say since it's a logical interface.

The perceived congestion will be reflected once you hit the shaper limit.

For instance, if you set a shaper to 1Mb, that will be the point of congestion.

0 Helpful

Go to solution
Brunhuber Adrian
Level 1
Level 1
In response to Edison Ortiz

‎01-23-2012 11:32 AM

Thanks a lot for the quick answer.Yes,it makes sense now. One last question.
How a fizical interface is able to sense congestion then ? (i read a lot of stuff,token bucket,etc) but i don`t get it.

0 Helpful

Go to solution
Edison Ortiz
Hall of Fame
Hall of Fame
In response to Brunhuber Adrian

‎01-23-2012 11:42 AM

In plain english... internal clock mechanism where packets are arriving or leaving the router faster than able to process them..

0 Helpful

Go to solution
Brunhuber Adrian
Level 1
Level 1
In response to Edison Ortiz

‎01-23-2012 11:48 AM

Thanks for your answers.

0 Helpful

Go to solution
jyoung
Level 1
Level 1

‎01-23-2012 05:21 PM

For tunnel QoS, I always put the QoS policy on the WAN interface and add the QoS pre-classify command to the tunnel interface.

Sent from Cisco Technical Support iPhone App

0 Helpful

Go to solution
Joseph W. Doherty
Hall of Fame
Hall of Fame

‎01-24-2012 07:09 AM

Disclaimer

The   Author of this posting offers the information contained within this   posting without consideration and with the reader's understanding that   there's no implied or expressed suitability or fitness for any purpose.   Information provided is for informational purposes only and should not   be construed as rendering professional advice of any kind. Usage of  this  posting's information is solely at reader's own risk.

Liability Disclaimer

In   no event shall Author be liable for any damages whatsoever (including,   without limitation, damages for loss of use, data or profit) arising  out  of the use or inability to use the posting's information even if  Author  has been advised of the possibility of such damage.

Posting


Edison has provided the method to control bandwidth with a shaper.  However, to use this technique effectively depends on correctly managing bandwidth between your sites.  For example, if you all sites had the same physical bandwidth to the Internet, and the tunnels were only between the hub and each branch, the hub would not need a shaper as its physical egress bandwidth would be the same as the remote's ingress bandwidth.  The converse is different as the aggregate shaped egress bandwidth allowances of the three branches should not exceed the hub's ingress bandwidth.

Other common issues that might be an issue include: trying to share the Internet connection for raw access with your VPN tunnels and accounting for L2 overhead in the shaper.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card