Hi Hugh.

Does all traffic go out of the tunnel and nothing goes out the physical interface? It might be that all the class-default traffic is actually GRE traffic sourced from f2/0 so none of it will match your other classes as the traffic is not coming from those interfaces.

You can see if this is right or not by adding between class 'low' and class-default a class which matches all GRE traffic. Then if you check your 'show policy-map' command you can see if it is getting hits.

Have you tried putting the service policy on the tunnel interface? Not sure if this is possible, can't test in a the lab at the mo.

Cheers

Simon

Simon,

Thanks for the quick reply.

Interface Tunnel0 would not accept the "service-policy output TRAFFIC" and the error message was "Weighted Fair Queueing feature is not supported in user defined class of parent level policy." I don't know if a child level polity for the tunnel can work around the issue.

Yes, the traffic does seem like comming from GRE tunnel. I added a class "gre" to match protocol GRE traffic, not sure if that was what you suggested but here're the configuration:

class-map match-any high

match input-interface FastEthernet2/14

class-map match-any low

match input-interface GigabitEthernet2/0

class-map match-any gre

match protocol gre

!

!

policy-map TRAFFIC

class high

bandwidth 200

class low

bandwidth 700

class gre

bandwidth 9000

policy-map FQ

class class-default

fair-queue

The "show policy-map int f2/0" did show hit on class gre.

Would you please give me some advice on any other work around method. Thanks.

Hugh

Hi Hugh

looks like the only option supported on a gre tunnel is shaping

try adding PARENT to the tunnel interface

policy-map PARENT

class-default

shape average 100000000

service-policy TRAFFIC

Simon,

Thanks for the input. I added the policy-map PARRENT but class high and class low still did not get any hit. Here's current interfaces and policy configuration along with "show policy-map int t0" data:

!

class-map match-any high

match input-interface FastEthernet2/14

class-map match-any low

match input-interface GigabitEthernet2/0

!

!

policy-map TRAFFIC

class high

bandwidth 2000

class low

bandwidth 7000

policy-map FQ

class class-default

fair-queue

policy-map PARENT

class class-default

shape average 10000000

service-policy TRAFFIC

!

!

!

interface FastEthernet2/14

description HIGH PRIORITY INGRESS TRAFFIC

no switchport

ip address 192.168.12.40 255.255.255.0

load-interval 30

ipv6 enable

ospfv3 1 area 0 address-family ipv4 instance 64

!

!

!

interface GigabitEthernet2/0

description LOW PRIORITY INGRESS TRAFFIC

no switchport

ip address 192.168.2.40 255.255.255.0

load-interval 30

ipv6 enable

ospfv3 1 area 0 address-family ipv4 instance 64

!

!

!

interface Tunnel0

bandwidth 10000

ip address 10.1.1.1 255.255.255.0

load-interval 30

ipv6 enable

ospfv3 instance 64 network manet

ospfv3 1 area 0 address-family ipv4 instance 64

tunnel source FastEthernet2/0

tunnel destination 142.x.x.10

service-policy output PARENT

!

!

!

interface FastEthernet2/0

description EGRESS TRAFFIC TO THE WAN

no switchport

bandwidth 10000

ip address 192.x.x.10 255.255.255.0

load-interval 30

Router6-w-AXP#show policy-map int t0

Tunnel0

Service-policy output: PARENT

Class-map: class-default (match-any)

1924994 packets, 1358517804 bytes

30 second offered rate 10065000 bps, drop rate 0 bps

Match: any

Queueing

queue limit 64 packets

(queue depth/total drops/no-buffer drops) 0/0/0

(pkts output/bytes output) 0/0

shape (average) cir 10000000, bc 40000, be 40000

target shape rate 10000000

Service-policy : TRAFFIC

Class-map: high (match-any)

0 packets, 0 bytes

30 second offered rate 0 bps, drop rate 0 bps

Match: input-interface FastEthernet2/14

0 packets, 0 bytes

30 second rate 0 bps

Queueing

queue limit 64 packets

(queue depth/total drops/no-buffer drops) 0/0/0

(pkts output/bytes output) 0/0

bandwidth 2000 kbps

Class-map: low (match-any)

0 packets, 0 bytes

30 second offered rate 0 bps, drop rate 0 bps

Match: input-interface GigabitEthernet2/0

0 packets, 0 bytes

30 second rate 0 bps

Queueing

queue limit 64 packets

(queue depth/total drops/no-buffer drops) 0/0/0

(pkts output/bytes output) 0/0

bandwidth 7000 kbps

Class-map: class-default (match-any)

1924994 packets, 1358517804 bytes

30 second offered rate 10066000 bps, drop rate 0 bps

Match: any

queue limit 64 packets

(queue depth/total drops/no-buffer drops) 0/0/0

(pkts output/bytes output) 0/0

Hi Joe,

It finally worked but not as expected. I don't know what I mucked around with that got it to work. I still see class low gets more than 7Mbps bandwidth and class high only get about 1Mbps. I changed bandwidth to priority and saw the same bandwidth ratio. I'll try your suggestion and let you know the result.

Here's show policy data with current configuration:

Router6-w-AXP#sh policy-map int t0

Tunnel0

Service-policy output: PARENT

Class-map: class-default (match-any)

6008931 packets, 4240298312 bytes

30 second offered rate 10498000 bps, drop rate 0 bps

Match: any

Queueing

queue limit 64 packets

(queue depth/total drops/no-buffer drops) 0/0/0

(pkts output/bytes output) 0/0

shape (average) cir 10000000, bc 40000, be 40000

target shape rate 10000000

Service-policy : TRAFFIC

queue stats for all priority classes:

queue limit 64 packets

(queue depth/total drops/no-buffer drops) 0/0/0

(pkts output/bytes output) 0/0

Class-map: high (match-any)

303905 packets, 214533040 bytes

30 second offered rate 1061000 bps, drop rate 0 bps

Match: input-interface FastEthernet2/14

104215 packets, 73575172 bytes

30 second rate 1061000 bps

Priority: 2000 kbps, burst bytes 50000, b/w exceed drops: 0

Class-map: low (match-any)

1842540 packets, 1300348088 bytes

30 second offered rate 9436000 bps, drop rate 0 bps

Match: input-interface GigabitEthernet2/0

738719 packets, 521343420 bytes

30 second rate 9436000 bps

Priority: 7000 kbps, burst bytes 175000, b/w exceed drops: 0

Class-map: class-default (match-any)

3862466 packets, 2725403064 bytes

30 second offered rate 0 bps, drop rate 0 bps

Match: any

queue limit 64 packets

(queue depth/total drops/no-buffer drops) 0/0/0

(pkts output/bytes output) 0/0

Router6-w-AXP#

Could you post the "working" policy?

As to seeing a class obtain more bandwidth then the defined bandwidth statement, that's normal for non-LLQ classes. Their bandwidth statements defined a minimum, not maximum. Even with your LLQ, the implicit policer only engages if there's congestion and the defined rate is exceeded. (Also note that policing can be "rough" on traffic; something you might not want. Shaping is often a better approach.)

Depending on your requirements, physical interfaces QoS generally behaves better than a shaper (which QoS on the tunnel appears to require).

Here's the policy:

class-map match-any high

match input-interface FastEthernet2/14

class-map match-any low

match input-interface GigabitEthernet2/0

!

!

policy-map DATA

class high

priority 8000

class low

priority 1000

policy-map FQ

class class-default

fair-queue

policy-map PARENT

class class-default

shape average 10000000

service-policy DATA

!

!

With or without the command line "qos pre-classify" the policy worked the same. Class low still competed with class high for bandwidth during congestion:

!

!

interface Tunnel0

bandwidth 10000

ip address 10.1.1.1 255.255.255.0

load-interval 30

ipv6 enable

ospfv3 instance 64 network manet

ospfv3 1 area 0 address-family ipv4 instance 64

tunnel source FastEthernet2/0

tunnel destination 142.x.x.10

service-policy output PARENT

!

!

Router6-w-AXP#sh policy-map int t0

Tunnel0

Service-policy output: PARENT

Class-map: class-default (match-any)

6008931 packets, 4240298312 bytes

30 second offered rate 10498000 bps, drop rate 0 bps

Match: any

Queueing

queue limit 64 packets

(queue depth/total drops/no-buffer drops) 0/0/0

(pkts output/bytes output) 0/0

shape (average) cir 10000000, bc 40000, be 40000

target shape rate 10000000

Service-policy : TRAFFIC

queue stats for all priority classes:

queue limit 64 packets

(queue depth/total drops/no-buffer drops) 0/0/0

(pkts output/bytes output) 0/0

Class-map: high (match-any)

303905 packets, 214533040 bytes

30 second offered rate 1061000 bps, drop rate 0 bps

Match: input-interface FastEthernet2/14

104215 packets, 73575172 bytes

30 second rate 1061000 bps

Priority: 2000 kbps, burst bytes 50000, b/w exceed drops: 0

Class-map: low (match-any)

1842540 packets, 1300348088 bytes

30 second offered rate 9436000 bps, drop rate 0 bps

Match: input-interface GigabitEthernet2/0

738719 packets, 521343420 bytes

30 second rate 9436000 bps

Priority: 7000 kbps, burst bytes 175000, b/w exceed drops: 0

Class-map: class-default (match-any)

3862466 packets, 2725403064 bytes

30 second offered rate 0 bps, drop rate 0 bps

Match: any

queue limit 64 packets

(queue depth/total drops/no-buffer drops) 0/0/0

(pkts output/bytes output) 0/0

Router6-w-AXP#

"With or without the command line "qos pre-classify" the policy worked the same."

That's because your policy is configured on the tunnel. The purpose of the command is to allow QoS to "see" pre-tunnel traffic packet headers on the interface that's sending the tunnel traffic.

"Class low still competed with class high for bandwidth during congestion:"

Unclear what you mean. Results look alright for this configuration altough the policy itself, with the two LLQ classes may not. Then again, you haven't described what you want to accomplish.

Hi Joe,

I want to reserve a minimum tunnel bandwidth of 2Mbps for class high (i.e. traffic from interface fa2/14). I tried either "bandwidth" or "priority" but did not acchieved the minimum reserved bandwidth of 2Mbps for class high. I would like to limit class low bandwidth (i.e. traffic from g2/0) to below 8Mbps over the tunnel. Thanks.

Hugh