cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2041
Views
0
Helpful
7
Replies

GRE tunnels, Shaping and CBWFQ

clark.adam.p
Level 1
Level 1

Hi everybody,

We have connectivity between two sites one with a 4/4SHDSL connection, the other has 2x 2048/384 ADSL connections. We are using GRE tunnels and EIGRP to load balance.

We are currently being shaped at the proivider edge out to the site with the 2 ADSL connections, causing delay for some specific interactive traffic, for arguments sake, telnet.

What we would like to do shape at the WAN edge for the 4/4 Site. Each tunnel would be shaped to 2000 thus shaping at the WAN edge rather than within the WAN where we have no control.

Within each shaper use CBWFQ to ensure bandiwidth the interactive traffic.

If I want to shape the tunnels, I can use the endpoint addresses, but there is no granularity to ensure that the interactive traffic is serviced over other traffic.

I cannot use qos pre-classify as the source and destination addresses are identical regardless of the tunnel used.

Also tunnel interfaces do not support CBWFQ policies

Its sort of a catch 22 at the moment.

Any thoughts on a general direction to persue?

Many thanks

Adam

7 Replies 7

Joseph W. Doherty
Hall of Fame
Hall of Fame

Mark traffic of interest (e.g. TELNET) as desired before it enters tunnel. Use heirarchical CBWFQ on outbound tunnel's physical interface against encrypted traffic.

The problem isnt marking traffic, as the place that we are getting shaped does not utilize these markings.

I want to be able to shape a tunnel to a given site to a certain rate, then within that shaper guarantee bandwidth. Which I am doing to another remote site that does not use redundant tunnels.

I've read your message a half dozen times, and I'm still not entirely clear what your attempting to do or where you're attempting to control the traffic or how many routers you have.

But I did see one item that I think you're mistaken on. You can shape quite effectively with WFQ/CBWFQ on a tunnel interface...

This is a snippet out of one of our routers.

!

policy-map wfq

class class-default

fair-queue 1024

policy-map clearqos

class class-default

set dscp default

shape average 1400000 5632 5632

service-policy wfq

!

interface Loopback1

ip address 255.255.255.255

!

interface Tunnel774

ip unnumbered Loopback1

ip tcp adjust-mss 536

keepalive 1 3

cdp enable

tunnel source Serial0/0.719

tunnel destination

service-policy output clearqos

!

You can put in any form of qos that you'd like on a gre tunnel. There is one important issue with this though, GRE overhead is not accounted for when placing qos on such a tunnel interface. So actual line utilization will be based on the size of the packet plus GRE overhead.

Rob

Adam, I too am confused. Might need a drawing to understand. Otherwise, if you mean the provider's existing shaper doesn't use markings, that's not a problem as long as you mark and shape upstream of what the provider is doing.

Rob, re: "But I did see one item that I think you're mistaken on. You can shape quite effectively with WFQ/CBWFQ on a tunnel interface... ". It depends on the IOS version. From: http://www.cisco.com/en/US/tech/tk543/tk545/technologies_tech_note09186a008017405e.shtml, "Cisco IOS Software Release12.0(7)T introduced support for applying generic traffic shaping (GTS) directly on the tunnel interface."

Attached is the drawing. I read that tech note, I was shaping the GRE tunnel then trying to attach a bare CBWFQ policy to the tunnel as outlined in the tech note:

The router prints this log message when a tunnel interface is configured with a service policy that applies queuing without shaping.

router(config)# interface tunnel1

router(config-if)# service-policy output child

Class Based Weighted Fair Queueing not supported on this interface

That was the error message that I was reporting.

I am happy to shape on the tunnel, that would seem the most logical place to put it now that I know it is possible.

Which bring up a new question

In the attached file you see an additional site which is linked by a 512/128k ADSL line, there is roughly 8 or so of these sites.

To shape to each remote site, I will shape on the physical interface as there is no tunnels required. The 4/4 SHDSL is oversubscribed so I want to give minimum bandwidth guarantees to each.

policy-map ShapeSites

class CLASS-TunnelEndpoints

bandwidth remaining percent 20

class CLASS-WAN1

shape average 500000

bandwidth remaining percent 5

class CLASS-WAN2

shape average 500000

bandwidth remaining percent 5

policy-map ShapeTunnel

class CLASS-Tunneled-Site

shape average 2000000

int fa0/0

service-policy output ShapeSites

int tunnel1

tunnel source fa0/0

service-policy output ShapeTunnel

int tunnel2

tunnel source fa0/0

service-policy output ShapeTunnel

where:

CLASS-TunnelEndpoints matches GRE IP addresses

CLASS-WANx matches remote WAN subnet addresses

CLASS-Tunneled-Site matches remote tunneled WAN subnet address

Should this accomplish my goals?

If there is a polcy on the physical and a policy on the tunnel, is there an order in which takes place first?

Adam

Ok, I have implemented that in my test environment and it works as expected.

Except that as soon as I start sending lots of traffic over the links I get the following once every 15-30 secs or so:

*Mar 13 23:56:39.121: %ARP-3-ARPINT: ARP table accessed at interrupt level 3

, -Traceback= 0x4179B7C8 0x4117E7FC 0x4117BEFC 0x41E0842C 0x41E084EC 0x41E14A14 0x41A66A7C 0x41DFA834 0x42E2CFA8 0x403F93C4 0x40061790 0x439F65F8 0x439F3EA4 0x400469F0 0x4000FCC0

*Mar 13 23:56:57.345: %ARP-3-ARPINT: ARP table accessed at interrupt level 3

, -Traceback= 0x4179B7C8 0x4117E7FC 0x4117BEFC 0x41E0842C 0x41E084EC 0x41E14A14 0x41A66A7C 0x41DFA834 0x42E2CFA8 0x403F93C4 0x40061790 0x439F65F8 0x439F3EA4 0x400469F0 0x4000FCC0

*Mar 13 23:57:25.421: %ARP-3-ARPINT: ARP table accessed at interrupt level 3

When the traffic stops, the messages stop.

Coll2811#show version

Cisco IOS Software, 2800 Software (C2800NM-ADVENTERPRISEK9_IVS-M), Version 12.4(15)T1, RELEASE SOFTWARE (fc2)

Technical Support: http://www.cisco.com/techsupport

Copyright (c) 1986-2007 by Cisco Systems, Inc.

Compiled Wed 18-Jul-07 06:22 by prod_rel_team

ROM: System Bootstrap, Version 12.3(8r)T7, RELEASE SOFTWARE (fc1)

Coll2811 uptime is 1 week, 21 hours, 15 minutes

System returned to ROM by reload at 02:44:26 UTC Thu Mar 6 2008

System image file is "flash:c2800nm-adventerprisek9_ivs-mz.124-15.T1.bin"

I might try a mainline version.

Will get back to you.

Adam

Just for reference

%ARP-3-ARPINT: ARP table accessed at interrupt level 3

, -Traceback= 0x4179B7C8 0x4117E7FC 0x4117BEFC 0x41E0842C 0x41E084EC 0x41E14A14 0x41A66A7C 0x41DFA834 0x42E2CFA8 0x403F93C4 0x40061790 0x439F65F8 0x439F3EA4 0x400469F0 0x4000FCC0

seems like Cisco IOS bug # CSCsq05997 Excessive ARP related logging

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: