I am trying to configure QOS on a Cisco 861 router. The problem we are trying to solve is that when someone downloads a file from the internet it causes the RDP sessions that connect to an offsite server to slow down tremendously. I no very little about QOS but I think that this solution should be fairly simple.
I want to setup QOS so that all traffic going over the GRE Tunnel is prioritized over general internet traffic in particular large downloads.
The router has a T1 connection coming in on the WAN interface
It has an IPsec over GRE tunnel going to another site where a Windows Terminal server is hosted.
This is what i have so far. Am I heading in the right direction?
ip access-list extended WAN-QOS-ACL
permit gre any any
class-map match-any WAN-QOS-CM
match access-group name WAN-QOS-ACL
int fa0 (LAN interface)
service-policy input WAN-QOS-PM
Yes you are good with the configs. But this won't work unless you specify qos pre-classify command under your tunnel interface. The reason behind that is, QoS policy is enforced only after the encapsulation happens.
So, do the below as an example
interface tunnel 0
ip address x.x.x.x
Hope this helps
Thanks for the reply Vivek. I added the qos pre-classify command in but it is still not working for me. One thing I found too is that i cannot put the service-policy inbound on the internal LAN interface like i was hoping to do. When I try it gives me the error: "Low Latency Queueing feature not supported in input policy." I have tried applying it to both the WAN facing and LAN facing interfaces using the output command but as i expected this did not work. Does this router simply not support this method of QOS?
It does not seem to work after having put it on the outbound interface. I have tried it on both the WAN and the LAN links. I don't know if it makes a difference but the LAN side is a Layer 2 interface and does not support layer three. I have it assigned to a VLAN that has an IP address assigned to it and acts as the default gateway address.
asking you lot of questions, sorry
1) What is the bandwidth of your internet link?
2) Is there a congestion noticed while downloading a huge file over internet?
You can apply the LLQ on the tunnel interface by creating a low level policy & applying then policy over a high level. You need to have a class based shaping configured though. Below is the config you may have to do
policy-map WAN-QOS-PM_CHILD (child policy)
policy-map WAN-QOS-PM_PARENT (Parent top level policy)
shape average 2000000 (depends on the bandwidth of your link - just a sample)
service-policy output WAN-QOS-PM_PARENT
You cannot apply your service policy on your LAN interface as it's Layer2. You will never get a match on your ACL on that interface so you need this to be applied on the tunnel interface in my opinion.
Hope this will help.
i tried this configuration on my router with the shape average set to 150000 and i did not get any noticeable difference unfortunately.
While I was tinkering with the bandwidth command with the original configuration i was able to get some results but it was not as much as I was hoping for.
My test i have been using is downloading a file accross the tunnel and then starting an internet download. I typically will get a full 150KBPS download from the internet but when i use the bandwidth command and the original config I have been able to get it to lower the download rate from the internet to about 100KBPS. This was with bandwidth setting set to 1024. I also used a different access list for this that permitted the local IPs used within the LAN on both sides of the tunnel. I was expecting to see something more like a 50KBPS download from inet and 1024K reserved for my tunnel's use.
The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
If the congestion issue is inbound (to you) from Internet, it's very, very difficult to manage this kind of congestion without a special traffic shaping appliance (and even they can struggle) unless you can also manage the far side's egress.
I recommend for consideration two Internet links, one for "routine" Internet traffic and one for dedicated VPN tunnels running across the Internet. With a Internet link dedicated to VPN, you can often achieve QoS results similar to dedicated links.