WAN QOS setup

kevinlowery · ‎03-01-2012

I am trying to configure QOS on a Cisco 861 router. The problem we are trying to solve is that when someone downloads a file from the internet it causes the RDP sessions that connect to an offsite server to slow down tremendously. I no very little about QOS but I think that this solution should be fairly simple.

The Goal:

I want to setup QOS so that all traffic going over the GRE Tunnel is prioritized over general internet traffic in particular large downloads.

Current setup:

The router has a T1 connection coming in on the WAN interface

It has an IPsec over GRE tunnel going to another site where a Windows Terminal server is hosted.

This is what i have so far. Am I heading in the right direction?

ip access-list extended WAN-QOS-ACL
permit gre any any

class-map match-any WAN-QOS-CM
match access-group name WAN-QOS-ACL

policy-map WAN-QOS-PM
class WAN-QOS-CM
priority 1024
class class-default
fair-queue

int fa0 (LAN interface)

service-policy input WAN-QOS-PM

Vivek Ganapathi · ‎03-01-2012

Yes you are good with the configs. But this won't work unless you specify qos pre-classify command under your tunnel interface. The reason behind that is, QoS policy is enforced only after the encapsulation happens.

So, do the below as an example

interface tunnel 0

ip address x.x.x.x

qos pre-classify

Hope this helps

Vivek

kevinlowery · ‎03-01-2012

Thanks for the reply Vivek. I added the qos pre-classify command in but it is still not working for me. One thing I found too is that i cannot put the service-policy inbound on the internal LAN interface like i was hoping to do. When I try it gives me the error: "Low Latency Queueing feature not supported in input policy." I have tried applying it to both the WAN facing and LAN facing interfaces using the output command but as i expected this did not work. Does this router simply not support this method of QOS?

Vivek Ganapathi · ‎03-01-2012

I think i missed to see some important things. Apply the service policy on the outbound direction.

kevinlowery · ‎03-01-2012

It does not seem to work after having put it on the outbound interface. I have tried it on both the WAN and the LAN links. I don't know if it makes a difference but the LAN side is a Layer 2 interface and does not support layer three. I have it assigned to a VLAN that has an IP address assigned to it and acts as the default gateway address.

Vivek Ganapathi · ‎03-01-2012

Please provide me the model of cisco router you are on.

kevinlowery · ‎03-01-2012

it is an 861 ISR

Vivek Ganapathi · ‎03-01-2012

asking you lot of questions, sorry

1) What is the bandwidth of your internet link?

2) Is there a congestion noticed while downloading a huge file over internet?

You can apply the LLQ on the tunnel interface by creating a low level policy & applying then policy over a high level. You need to have a class based shaping configured though. Below is the config you may have to do

policy-map WAN-QOS-PM_CHILD (child policy)

class WAN-QOS-CM

priority 1024

!

policy-map WAN-QOS-PM_PARENT (Parent top level policy)
class class-default
shape average 2000000 (depends on the bandwidth of your link - just a sample)
service-policy WAN-QOS-PM_CHILD

interface Tunnel0
service-policy output WAN-QOS-PM_PARENT

You cannot apply your service policy on your LAN interface as it's Layer2. You will never get a match on your ACL on that interface so you need this to be applied on the tunnel interface in my opinion.

Hope this will help.

Vivek

kevinlowery · ‎03-01-2012

The wan link is a T1 so 1536k.

There is very noticeable congestion when downloading files.

kevinlowery · ‎03-01-2012

i tried this configuration on my router with the shape average set to 150000 and i did not get any noticeable difference unfortunately.

While I was tinkering with the bandwidth command with the original configuration i was able to get some results but it was not as much as I was hoping for.

My test i have been using is downloading a file accross the tunnel and then starting an internet download. I typically will get a full 150KBPS download from the internet but when i use the bandwidth command and the original config I have been able to get it to lower the download rate from the internet to about 100KBPS. This was with bandwidth setting set to 1024. I also used a different access list for this that permitted the local IPs used within the LAN on both sides of the tunnel. I was expecting to see something more like a 50KBPS download from inet and 1024K reserved for my tunnel's use.

Vivek Ganapathi · ‎03-01-2012

Could you please post me the below outputs

show policy-map interface

Joseph W. Doherty · ‎03-02-2012

Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

If the congestion issue is inbound (to you) from Internet, it's very, very difficult to manage this kind of congestion without a special traffic shaping appliance (and even they can struggle) unless you can also manage the far side's egress.

I recommend for consideration two Internet links, one for "routine" Internet traffic and one for dedicated VPN tunnels running across the Internet. With a Internet link dedicated to VPN, you can often achieve QoS results similar to dedicated links.