Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
839
Views
0
Helpful
1
Replies

Apply QOS to IPSEC VTI?

CiscoBrownBelt
Level 6
Level 6

‎02-22-2021 01:51 PM

There a good way to monitor just how much traffic each customer is doing for the applicable QOS policy (lets say each policy limits bandwidth for Cus1 going to Site2)? So meaning if I apply multiple policies to one VTI interface, what is good way to keep traffic of how much traffic one customer is doing?

Would it be better to create let's say additional sub-interfaces that correspond to eah customer or something on the router, apply QOS to each sub=interface,  then direct that traffic to the VTI to be encrypted? That way I can just quilckly reference the sub-interface QOS traffic or monitor these interfaces in program like Solarwinds or something?

Labels:
0 Helpful
1 Reply 1

TJ-20933766
Spotlight
Spotlight

‎02-22-2021 03:09 PM

I think you could do everything on a single interface. For example, lets say I have two customers:

ip access-list extended CUST-1-ACL
 permit ip any 10.0.120.0 0.0.0.255
ip access-list extended CUST-2-ACL
 permit ip any 10.0.121.0 0.0.0.255
!
class-map match-all CUST-1-CMAP
 match access-group name CUST-1-ACL
class-map match-all CUST-2-CMAP
 match access-group name CUST-2-ACL
!
policy-map PMAP
 class CUST-1-CMAP
  police 150000
 class CUST-2-CMAP
  police 50000000
!
interface Tunnel0
 service-policy output PMAP

Then you could watch the statistics of the policy-map with the following command:

R1#show policy-map interface t0
 Tunnel0

  Service-policy output: PMAP

    Class-map: CUST-1-CMAP (match-all)
      0 packets, 0 bytes
      5 minute offered rate 0000 bps, drop rate 0000 bps
      Match: access-group name CUST-1-ACL
      police:
          cir 150000 bps, bc 4687 bytes
        conformed 0 packets, 0 bytes; actions:
          transmit
        exceeded 0 packets, 0 bytes; actions:
          drop
        conformed 0000 bps, exceeded 0000 bps

    Class-map: CUST-2-CMAP (match-all)
      0 packets, 0 bytes
      5 minute offered rate 0000 bps, drop rate 0000 bps
      Match: access-group name CUST-2-ACL
      police:
          cir 50000000 bps, bc 1562500 bytes
        conformed 0 packets, 0 bytes; actions:
          transmit
        exceeded 0 packets, 0 bytes; actions:
          drop
        conformed 0000 bps, exceeded 0000 bps

    Class-map: class-default (match-any)
      69 packets, 7616 bytes
      5 minute offered rate 0000 bps, drop rate 0000 bps
      Match: any

Is this what you are looking for?

0 Helpful
Customers Also Viewed These Support Documents