DMVPN QoS Challenge

philip moore · ‎12-07-2012

Dear All,

Trying to figure this put and really struggling. If anyone can offer any advice it would be much appreciated.

The scenario is this:

- the WAN consists of a in-house satellite network using comtech CDM-570 IP-Enabled Satellite Modems

- there is a group of HUB tx modems, each one is shared for approx remote 10 sites with a total bandwidth tx 2048k

- each remote site is to be guaranteed min 512k but can burst into the 2048

- remote sites must be somehow grouped to a member of each modem to set the bandwidth constraints

- a single DMVPN/multipoint GRE is configured on HUB. all remote sites connect to this (redundancy comes later )

The challenge is how to configure the QoS on the HUB side to meet this policy

Currently, I use ip nhrp group MODEM1 on each remote site, and ip nhrp map group MODEM1 service-policy output MODEM1 on the HUB. This is working ok

This works nicely, however I am left with the constraint that within each modem group I must define a class for each site and set the guaranteed bandwidth. As the policy is applied pre-encapsulation, I must create a class with an acl matching the remote sites IP ranges. An administration nightmare and prone to failure! I want to avoid this if possible.

Here is the qos config on hub, this is applied as output policy on LAN interface (i.e. to the tx modem):

policy-map MODEM1-TUNNEL

class SITE1

bandwidth 512

service-policy child1

class SITE2

bandwidth 512

service-policy child2

policy-map MODEM1

class class-default

shape average 2048000

service-policy MODEM1-TUNNEL

The alternative I thought of was to use the nhrp group to apply the child1 policy in the tunnel. Then on the outgoing LAN interface apply a shape policy per tx modem:

policy-map MODEM1-TUNNEL

class SITE1

bandwidth 512

class SITE2

bandwidth 512

!

policy-map MODEM1-TUNNEL

class SITE1

bandwidth 512

class SITE2

bandwidth 512

!

policy-map WAN-EGRESS

class MODEM1

shape average 2048000

service-policy MODEM1-TUNNEL

class MODEM2

shape average 2048000

service-policy MODEM2-TUNNEL

...etc

This is not so bad as all I would need to do is create a class for each SITE with acl match for the GRE tunnel IP addresses, still a bit clunky but certainly more reliable. I did not try this yet and I am bit concerned that the tunnel would use the pre-classified.

Any ideas.

thanks!!!!

paolo bevilacqua · ‎12-07-2012

ACL configuration can be quite complicated (and sometime not bring the expected results), especially when there are tunnels and LAN interfaces involved.

So, you need to configure everything punctually, on the other hand is not like the router can know what has to do without being told.

Joseph W. Doherty · ‎12-07-2012

Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

Later IOS versions' DMVPN, supports QoS polices per (physical) hub-to-spoke tunnel. The remote spoke tells tell the hub what policy to use towards it. Seems a bit backwards, but if many spokes can use the same policy, it's just defined once as a policy on the hub and the spokes "request" it.

philip moore · ‎12-07-2012

Thanks for the replies.

Yes absolutely, that is exactly the feature I am leveraging here:

Remote:

int tun 0

ip nhrp group MODEM1

HUB:

int tun 0

ip nhrp map group MODEM1 service-policy output MODEM1

The problem is that I need to somehow group a series of tunnel end points (remote) by their tx modem, apply a shape to the overall group to restrict total b/w to 2048, then for each site connected to that modem apply committed rate per site of 512k.