05-22-2008 03:14 AM - edited 02-21-2020 02:01 AM
Hi,
I have been tasked with implementing QoS over some GRE tunnels that a client has in place.
To give a general idea of the setup,
Central (hub) Site - Cisco 2811 connected to a 2048kbps Internet leased line - This holds down three GRE IPSec Tunnels to three seperate sites (spokes).
Each site is configured with a Cisco 1801 connected to an ADSL (estimated 8mb down, 800k up) links which are obviously the endpoints for each of the three GRE IPSec tunnels
2 of the sites mainly use Citrix traffic over the link back to the central site, whilst the third site is a larger branch office with their own Exchange Server, domain controller etc....
Most things performance wise are fine - However there is a UNIX based terminal app hosted at the central site which performs very poorly to the larger branch office (there arent enough Citrix Licenses to allow the branch office to use the Terminal based app over Citrix - So they are Telneting in directly to the server at the central site).
The larger branch office also sends the following over their Tunnel - smtp email, AD Replication, AD DNS etc....
So - I need to look at implementing some form of QoS on the network to hopefully improve the performance of the telnet based app in the first instance whilst not negatively impacting on the perfomance of all other apps.
I have some vague idea's about how to achieve this - but I just need some pointers to assist in achieveing my goal
For info the Tunnels are laid out in the following logical Interfaces
Central Site
Serial0/0/0 - Connected to the 2mb leased Line
Tunnel0 - Goes to the large Branch Office
Tunnel1 - Goes to small citrix based site
Tunnel2 - Goes to the second small citrix based site
All remote sites use logical interface Tunnel0 back to their respective Tunnel at the central site
I have enabled qos pre-classify on the GRE tunnels and crypto maps, from what I have read it would be the best starting point
I will try and post some config snippets from the devices if this info is needed.
As you can probably guess - Im quite new to QoS!! (the books are on order ;-)
Thanks
Paul
05-22-2008 11:47 AM
You might want to check the MTU size over GRE IPSec tunnels. Usually you see poor performance over GRE IPsec tunnels when the packets are fragmented by the intermediate routers.
See below link:
http://www.cisco.com/en/US/tech/tk827/tk369/technologies_white_paper09186a00800d6979.shtml
Also, since you have different protocols running over WAN, you will definitely need some QoS for better performance and monitoring
06-01-2008 05:23 AM
First thing you want to identify is where your bottlenecks are. From your description, for outbound from hub to spokes, your bottleneck is the hub's physical 2 Mbps interface, since each spoke can accept 8 Mbps. I.e. so you'll want QoS there.
For inbound, each spoke will bottleneck at the 800 Kbps. (NB: you have a second possible bottleneck, the hub's 2 Mbps inbound, since the aggregate of 3 sites at 800 Kbps could be up to 2.4 Mbps. Assuming typical asymmetric hub/spoke traffic, and the small oversubscription of 400 Kbps, I doubt it will be an issue. But if it is, shape the aggregate of your 3 sites not to exceed 2 Mbps.) Also for your spokes, assuming the ADSL is an Ethernet interface, we'll need to shape to the uplink speed.
Although we could make a very advanced QoS policy, simple is nice if it works. In this case, if we can implement FQ and/or WFQ, we may be able to avoid complex QoS.
For the spokes, see if you can implement a shaper for 800 Kbps on the outbound tunnel. Something like:
interface tunnel #
!shape for 800 Kbps
shape 800000
For the hub, since there are multiple tunnels, we need to do something at the physical interface. Try this:
interface tunnel 0
qos pre-classify
interface tunnel 1
qos pre-classify
interface tunnel 2
qos pre-classify
interface serial0/0/0
fair-queue
or for the serial, instead of fair-queue, try
policy-map CBWFQ
interface serial0/0/0
service-policy output CBWFQ
Assuming the above works, but we want even better treatment for Citrix and/or Telnet, you might next (additionally) try something like.
class-map match-any GoldTraffic
match protocol telnet
match protocol citrix
policy-map TagTraffic
class GoldTraffic
set ip precedence (2,3 or 4)
class class-default
set ip precedence 0
interface (fast)Ethernet #
service policy input TagTraffic
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide