Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

QOS over a TLS network

We have a TLS network provided by our local LEC. Basically we have a 100Mb coming into my office that I connect 10 other sites to and they range from 2Mb up to 100Mb.  So basically I do not control the equipment that limits each side down to the purchased bandwidth.  Any suggestions on doing QOS at the main site and at the 2Mb site?   



Cisco Employee

Re: QOS over a TLS network


You can use HQoS on remote site to shape down to the proper CIR. On your main office site, you can use class based shaping to shape the outbound traffic based on remote sites subnets. If you run DMVPN between sites, you can consider per tunnel QoS which does the shaping on hub site based on spoke profile.

Lei Tian
Sent from Cisco Technical Support iPhone App

Super Bronze

Re: QOS over a TLS network


The   Author of this posting offers the information contained within this   posting without consideration and with the reader's understanding that   there's no implied or expressed suitability or fitness for any purpose.   Information provided is for informational purposes only and should not   be construed as rendering professional advice of any kind. Usage of  this  posting's information is solely at reader's own risk.

Liability Disclaimer

In   no event shall Author be liable for any damages whatsoever (including,   without limitation, damages for loss of use, data or profit) arising  out  of the use or inability to use the posting's information even if  Author  has been advised of the possibility of such damage.


If you traffic flows are strictly hub-and-spoke, you can shape egress to the other locations such that if there's any congestion, your QoS polices can manage it.

As your one of your branch (?) sites also has 100 Mbps, you would need to shape it slower so your hub site's ingress doesn't congest without a QoS policy.  (From what you've shown, you would shape the bottom's site's 100 Mbps egress for 80 Mbps).

If you allow/have site-to-site traffic, you can also create QoS policies such that an ingress link to a site won't be overrun, but this is very difficult to manage.  Normally for multi-point traffic flows, you work with the service provider to manage their egress bandwidth to each site (unfortunately, not all can or will do so).

CreatePlease to create content