Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

QoS WAN ----DMVPN phase 3 ---MPLS cloud----

Hi,

I would like to configure QoS in our C "customer" router. We are using DMVPN phase 3. The ISP cloud is MPLS "ISP guys are willing to put some QoS on their CE router if we need too".

We notice that any time some users are doing big file transfer or copy all users that are using VDI are suffering.

What we want is to give high priority to VDI "Virtual Desktop Infrastructure, it like Citrix, using RDP protocol" and also to Exchange Mail with 60% of the total bandwidth.

Applications like FTP, Netbios copy will have a lower priority.

My questions are:

1) How can I achieve that?

2) Can we do that on the CE Router eventhough the packets leaves our C router encrypted. If yes, how to do it

Our C router --HUB----

interface Tunnel0

bandwidth 5000

ip address 10.100.106.1 255.255.255.0

no ip redirects

ip mtu 1400

ip nhrp authentication DMVPN_NW

ip nhrp map multicast dynamic

ip nhrp network-id 100000

ip nhrp holdtime 360

ip nhrp redirect

ip tcp adjust-mss 1360

ip ospf message-digest-key 1 md5 <removed>

ip ospf network broadcast

ip ospf priority 10

tunnel source GigabitEthernet0/0

tunnel mode gre multipoint

tunnel key 100000

tunnel protection ipsec profile SDM_Profile2

!

interface GigabitEthernet0/0

description outside$ETH-WAN$

ip address 172.24.2.5 255.255.255.248

duplex full

speed 100

media-type rj45

standby 1 ip 172.24.2.10

standby 1 timers 1 10

standby 1 priority 150

standby 1 preempt

standby 1 name hsrp

standby 1 track GigabitEthernet0/1 60

!

interface GigabitEthernet0/1

description inside$ETH-LAN$

ip address 14.20.142.5 255.255.255.0

ip ospf message-digest-key 1 md5 <removed>

ip ospf priority 0

duplex full

speed 100

media-type rj45

Our C router --Spoke----

interface Tunnel0

bandwidth 5000

ip address 10.100.106.3 255.255.255.0

no ip redirects

ip mtu 1400

ip nhrp authentication DMVPN_NW

ip nhrp map 10.100.106.1 172.24.2.5

ip nhrp map 10.100.106.4 172.24.2.4

ip nhrp map multicast 172.24.2.5

ip nhrp map multicast 172.24.2.4

ip nhrp network-id 100000

ip nhrp holdtime 360

ip nhrp nhs 10.100.106.1

ip nhrp nhs 10.100.106.4

ip nhrp shortcut

ip tcp adjust-mss 1360

ip ospf message-digest-key 1 md5 <removed>

ip ospf network broadcast

ip ospf priority 0

tunnel source GigabitEthernet0/0

tunnel mode gre multipoint

tunnel key 100000

tunnel protection ipsec profile SDM_Profile1

!

interface GigabitEthernet0/0

description outside$ETH-WAN$

ip address 172.24.2.34 255.255.255.248

duplex full

speed 100

!

interface GigabitEthernet0/1

description inside$ETH-LAN$

ip address 13.9.6.1 255.255.0.0

ip ospf message-digest-key 1 md5 <removed>

duplex auto

speed auto

Thanks

1 REPLY
Super Bronze

Re: QoS WAN ----DMVPN phase 3 ---MPLS cloud----

Unable to discuss specifics for DMVPN phase 3, but in general CBWFQ applied at your congestion points (ofen WAN ingress/egress) is what you'll need.

Since your "C" routers doesn't have an interface on the actual WAN your two options are to shape (with a subordinate policy) to the WAN egress speed, or have the CE router process encrypted marked packets as desired. (Usually Cisco routers will copy the original packet's ToS to the encrypted packet's ToS, you just need to insure the ToS was correct before encryption.)

If your DMVPN cloud actually has multipoint communication, egress can congest from multiple sending locations. Here too you'll likely need a CBWFQ policy using ToS markings on the PE's egress. (Often MPLS vendors support some QoS models that you'll need to map your traffic into.)

347
Views
0
Helpful
1
Replies