03-16-2003 07:56 PM - edited 03-02-2019 05:54 AM
I was wondering whether it's possible to provide QOS such as CBWFQ inside a VPN tunnel? To explain things a bit, I currently running QOS on a private FR WAN and management is looking at the possibility of migrating to a broadband DSL WAN running over VPN. I'm concerned about all the CBWFQ QOS that I've setup and wanted to know whether it's posible to provide QOS on a VPN tunnel? Thanks in advance for your answer.
03-16-2003 08:27 PM
Very doable. If memoroy serves as long as you do your priortizing before the packet is encrypted you should be fine. You will also need a device on the other end doing QoS after the packet is de-crypted. Some devices can see the precedence even on an encrypted packet. If you can give a little more info on the proposed hardware and what you already have in place you will probably get more specific information.
03-25-2003 06:48 PM
Sorry it took a while to get back to you. It has been a few extremely busy days. Thanks for your reply. I currently have a 3662 at the Central office running ATM and several branches on 1700 and 2620 running FR. To provide QOS, I've configured CBWFQ at both the Central and branch offices. Using a Cisco on-line document outlining a sample config, I've applied application/traffic marking at the Ethernet interface and then apply application/traffic prioritization as outbound. Here is an example of what I did:
class-map match-any Transactional-mark
description **Transactional Application**
match protocol sqlnet
match protocol sqlserver
!
!
policy-map QOS-Policy
class Interactive
bandwidth percent 20
class Transactional
bandwidth percent 20
class Batch
bandwidth percent 8
class Bulk
bandwidth percent 8
class OS
bandwidth percent 8
policy-map QOS-Policy-Mark
description **Marking and Identifying Applications**
class OS-mark
set ip dscp 20
class Interactive-mark
set ip dscp 26
class Transactional-mark
set ip dscp 18
class Batch-Mark
set ip dscp 20
class Bulk-mark
set ip dscp 10
!
interface FastEthernet0/0.3
description ** Common Server Subnet 10.95.3.0/24 **
encapsulation dot1Q 3
ip address 192.168.155.125 255.255.255.248 secondary
ip address 10.95.3.13 255.255.255.0
no ip redirects
no ip proxy-arp
no ip mroute-cache
ntp broadcast
service-policy input QOS-Policy-Mark
!
interface ATM1/0.33 point-to-point
description *** ATM PVC to Melbourne - 768K CIR/1024 (MFPVC11677003) ***
mtu 1500
bandwidth 768
ip address 192.168.155.13 255.255.255.252
ip nbar protocol-discovery
ip summary-address eigrp 112 0.0.0.0 0.0.0.0 5
pvc 3/33
vbr-nrt 1024 768 32
service-policy output QOS-Policy
!
***********************
What management asking me to do at the moment is to look into the possibility of providing a WAN based on broadband technology since it's pretty cheap comparing to FR/ATM. Obviously I'll have to protect my traffic now that they've exposed to the Internet. One way of protecting the traffic is to run IPSec and hence other stuff came along such as VP. I've just been back from a Cisco VPN course and was wondering:
1. Wanted to find out HOW to configure CBWFQ QOS that works with VPN
2. Are the Cisco concentrator 3000 able to provide QOS
Thanks in advance fro your answer.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide