cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
5049
Views
0
Helpful
14
Replies

DMVPN qos tunnel configuration

ramiro.espinoza
Level 1
Level 1

im trying to set up qos for voice but the tunnel interface doesnt support

class based wheighted fair is there another way to protirize voice traffice on the tunnel?

14 Replies 14

Marcin Zgola
Level 4
Level 4

this is an example i am connecting to internet via multinlink, and this is a hub for my 85 dmvpn sites. qos works fine.

class-map match-any VOICE

match ip dscp ef

class-map match-any CALL-SETUP

match ip dscp af31

match ip dscp cs3

!

!

policy-map VOICE

class CALL-SETUP

bandwidth percent 3

class VOICE

bandwidth percent 40

class class-default

fair-queue

interface Tunnel1

bandwidth 1000

ip address 192.168.20.1 255.255.252.0

no ip redirects

ip mtu 1340

no ip next-hop-self eigrp 100

ip pim sparse-dense-mode

ip nhrp authentication dmvpn

ip nhrp map multicast dynamic

ip nhrp network-id 100

ip nhrp holdtime 300

no ip split-horizon eigrp 100

ip summary-address eigrp 100 10.0.0.0 255.0.0.0 5

no ip mroute-cache

delay 1000

qos pre-classify

cdp enable

tunnel source Loopback1

tunnel mode gre multipoint

tunnel key 1000

tunnel path-mtu-discovery

tunnel protection ipsec profile xxxxx

!

interface Multilink1

ip address xxxxxx yyyyyyyy

ip access-group 101 in

no ip redirects

no ip unreachables

no ip proxy-arp

rate-limit input access-group 160 64000 8000 8000 conform-action transmit exceed-action drop

ip route-cache flow

load-interval 30

ppp multilink

ppp multilink fragment delay 20

ppp multilink interleave

ppp multilink group 1

ppp multilink multiclass

crypto map ipsecvpn

service-policy output VOICE

CCIE 18676

i got it to work but i did some different,

i used auto qos on the wan interface of the spoke route, then i did qos prequalify on the tunnel interface and on the hub i did qos prequalify only on the tunnel interface, would this work ok? i have another question i probably gonna have 5 spokes now why would i need a multilink and a tunnel interface instead of just the tunnul interface?

multilink is just how i connect to internet, you can have serial or fa0/0 or gi0/0, this does not matter.

CCIE 18676

is there a way that i can use active directory or the IAS (radius) server to autehnticate users using webvpn?

yes using aaa create authentication for network

aaa authentication network group radius

and point to your IAS server.

CCIE 18676

do you have an exaple configuration i tried that and i cant seem to get it to work

looks like i still need you help, here is the policy for the hub qos prequlify is being apply to interface tunnel 0, the policy map below is being apply to wan link

****when im uploading, the phone still garbled

what else do i need to configure?

class-map match-all avaya-traffic

match ip dscp af31

class-map match-all avaya-voice

match ip dscp ef

!!

policy-map DMVPN

class avaya-voice

priority percent 33

class avaya-traffic

bandwidth percent 10

class class-default

fair-queue

interface Tunnel0

description DMVPN Interface for remote access

bandwidth 1000

ip address 10.0.0.1 255.255.255.0

no ip redirects

ip mtu 1400

no ip next-hop-self eigrp 1

ip nhrp authentication westmont

ip nhrp map multicast dynamic

ip nhrp network-id 99

ip nhrp holdtime 300

ip nhrp cache non-authoritative

ip tcp adjust-mss 1360

no ip split-horizon eigrp 1

delay 1000

qos pre-classify

tunnel source GigabitEthernet0/0

tunnel mode gre multipoint

tunnel key 100000

tunnel protection ipsec profile vpnippro

interface GigabitEthernet0/0

description Public Network Interface$ETH-LAN$

ip address 38.113.137.150 255.255.255.248

ip nat outside

ip virtual-reassembly

duplex auto

speed auto

service-policy output DMVPN

+++++++++++++++++++++++++++++++++++

======Spoke==================

samething on this one to0

class-map match-any Voice

match ip dscp ef

!!

policy-map voip

class Voice

bandwidth 128

random-detect dscp-based

class class-default

fair-queue

nterface Tunnel0

bandwidth 100

ip address 10.0.0.2 255.255.255.0

no ip redirects

ip mtu 1400

no ip next-hop-self eigrp 1

ip nhrp authentication westmont

ip nhrp map 10.0.0.1 38.113.137.150

ip nhrp map multicast 38.113.137.150

ip nhrp network-id 99

ip nhrp holdtime 300

ip nhrp nhs 10.0.0.1

ip tcp adjust-mss 1360

delay 1000

qos pre-classify

tunnel source FastEthernet4

tunnel mode gre multipoint

tunnel key 100000

tunnel protection ipsec profile vpn

interface FastEthernet4

bandwidth 384

bandwidth receive 768

ip address dhcp

ip nat outside

ip virtual-reassembly

duplex auto

speed auto

auto discovery qos trust

service-policy output voip

+++++++++HUB++++++++++++++++

y output: DMVPN

Class-map: avaya-voice (match-all)

2233 packets, 795686 bytes

5 minute offered rate 0 bps, drop rate 0 bps

Match: ip dscp ef (46)

Queueing

Strict Priority

Output Queue: Conversation 264

Bandwidth 33 (%)

Bandwidth 330000 (kbps) Burst 8250000 (Bytes)

(pkts matched/bytes matched) 0/0

(total drops/bytes drops) 0/0

Class-map: avaya-traffic (match-all)

2857 packets, 950126 bytes

5 minute offered rate 0 bps, drop rate 0 bps

Match: ip dscp af31 (26)

Queueing

Output Queue: Conversation 265

Bandwidth 10 (%)

Bandwidth 100000 (kbps)Max Threshold 64 (packets)

(pkts matched/bytes matched) 0/0

(depth/total drops/no-buffer drops) 0/0/0

Class-map: class-default (match-any)

204497 packets, 62183144 bytes

5 minute offered rate 1000 bps, drop rate 0 bps

Match: any

Queueing

Flow Based Fair Queueing

Maximum Number of Hashed Queues 256

(total queued/total drops/no-buffer drops) 0/0/0

ok, your hub is souring out of gig interface. qos will never work until this interface is utilized at 100%. what kind of internet connection do you have, lets say if your upload in only 5meg. this is what i would do.

class-map match-all avaya-traffic

match ip dscp af31

class-map match-all avaya-voice

match ip dscp ef

!!

policy-map DMVPN

class avaya-voice

priority percent 33

class avaya-traffic

bandwidth percent 10

class class-default

fair-queue

policy-map INTERNET

class class-default

shape average 5000000 50000

fair-queue

random-detect

service-policy DMVPN

fair-queue

int g0/0

service-policy output INTERNET

this will shape the traffic to 5meg, and if 5mg is at 100% then qos will kick in, you can always adjust 500000 to what ever your upload speed is.

hope this helps

CCIE 18676

do i need to do anything on the spoke, the phone is on he spokes network

same concept, i noticed your spoke connects via fastethernet, so again qos will not work if traffic is not at 100% of 100mg.

CCIE 18676

i decided to migrate to GETVPN now can i having a couple of issue can you send me an exaple config with details and qos

nevermind GETVPN doesnt support NAT, weird but oh well

ramiro.espinoza
Level 1
Level 1

is there a way that i can use active directory or the IAS (radius) server to autehnticate users using webvpn?

ramiro.espinoza
Level 1
Level 1

i decided to migrate to GETVPN now can i having a couple of issue can you send me an exaple config with details and qos