The problem isnt marking traffic, as the place that we are getting shaped does not utilize these markings.

I want to be able to shape a tunnel to a given site to a certain rate, then within that shaper guarantee bandwidth. Which I am doing to another remote site that does not use redundant tunnels.

I've read your message a half dozen times, and I'm still not entirely clear what your attempting to do or where you're attempting to control the traffic or how many routers you have.

But I did see one item that I think you're mistaken on. You can shape quite effectively with WFQ/CBWFQ on a tunnel interface...

This is a snippet out of one of our routers.

!

policy-map wfq

class class-default

fair-queue 1024

policy-map clearqos

class class-default

set dscp default

shape average 1400000 5632 5632

service-policy wfq

!

interface Loopback1

ip address 255.255.255.255

!

interface Tunnel774

ip unnumbered Loopback1

ip tcp adjust-mss 536

keepalive 1 3

cdp enable

tunnel source Serial0/0.719

tunnel destination

service-policy output clearqos

!

You can put in any form of qos that you'd like on a gre tunnel. There is one important issue with this though, GRE overhead is not accounted for when placing qos on such a tunnel interface. So actual line utilization will be based on the size of the packet plus GRE overhead.

Rob

Adam, I too am confused. Might need a drawing to understand. Otherwise, if you mean the provider's existing shaper doesn't use markings, that's not a problem as long as you mark and shape upstream of what the provider is doing.

Rob, re: "But I did see one item that I think you're mistaken on. You can shape quite effectively with WFQ/CBWFQ on a tunnel interface... ". It depends on the IOS version. From: http://www.cisco.com/en/US/tech/tk543/tk545/technologies_tech_note09186a008017405e.shtml, "Cisco IOS Software Release12.0(7)T introduced support for applying generic traffic shaping (GTS) directly on the tunnel interface."

Attached is the drawing. I read that tech note, I was shaping the GRE tunnel then trying to attach a bare CBWFQ policy to the tunnel as outlined in the tech note:

The router prints this log message when a tunnel interface is configured with a service policy that applies queuing without shaping.

router(config)# interface tunnel1

router(config-if)# service-policy output child

Class Based Weighted Fair Queueing not supported on this interface

That was the error message that I was reporting.

I am happy to shape on the tunnel, that would seem the most logical place to put it now that I know it is possible.

Which bring up a new question

In the attached file you see an additional site which is linked by a 512/128k ADSL line, there is roughly 8 or so of these sites.

To shape to each remote site, I will shape on the physical interface as there is no tunnels required. The 4/4 SHDSL is oversubscribed so I want to give minimum bandwidth guarantees to each.

policy-map ShapeSites

class CLASS-TunnelEndpoints

bandwidth remaining percent 20

class CLASS-WAN1

shape average 500000

bandwidth remaining percent 5

class CLASS-WAN2

shape average 500000

bandwidth remaining percent 5

policy-map ShapeTunnel

class CLASS-Tunneled-Site

shape average 2000000

int fa0/0

service-policy output ShapeSites

int tunnel1

tunnel source fa0/0

service-policy output ShapeTunnel

int tunnel2

tunnel source fa0/0

service-policy output ShapeTunnel

where:

CLASS-TunnelEndpoints matches GRE IP addresses

CLASS-WANx matches remote WAN subnet addresses

CLASS-Tunneled-Site matches remote tunneled WAN subnet address

Should this accomplish my goals?

If there is a polcy on the physical and a policy on the tunnel, is there an order in which takes place first?

Adam

Ok, I have implemented that in my test environment and it works as expected.

Except that as soon as I start sending lots of traffic over the links I get the following once every 15-30 secs or so:

*Mar 13 23:56:39.121: %ARP-3-ARPINT: ARP table accessed at interrupt level 3

, -Traceback= 0x4179B7C8 0x4117E7FC 0x4117BEFC 0x41E0842C 0x41E084EC 0x41E14A14 0x41A66A7C 0x41DFA834 0x42E2CFA8 0x403F93C4 0x40061790 0x439F65F8 0x439F3EA4 0x400469F0 0x4000FCC0

*Mar 13 23:56:57.345: %ARP-3-ARPINT: ARP table accessed at interrupt level 3

, -Traceback= 0x4179B7C8 0x4117E7FC 0x4117BEFC 0x41E0842C 0x41E084EC 0x41E14A14 0x41A66A7C 0x41DFA834 0x42E2CFA8 0x403F93C4 0x40061790 0x439F65F8 0x439F3EA4 0x400469F0 0x4000FCC0

*Mar 13 23:57:25.421: %ARP-3-ARPINT: ARP table accessed at interrupt level 3

When the traffic stops, the messages stop.

Coll2811#show version

Cisco IOS Software, 2800 Software (C2800NM-ADVENTERPRISEK9_IVS-M), Version 12.4(15)T1, RELEASE SOFTWARE (fc2)

Technical Support: http://www.cisco.com/techsupport

Copyright (c) 1986-2007 by Cisco Systems, Inc.

Compiled Wed 18-Jul-07 06:22 by prod_rel_team

ROM: System Bootstrap, Version 12.3(8r)T7, RELEASE SOFTWARE (fc1)

Coll2811 uptime is 1 week, 21 hours, 15 minutes

System returned to ROM by reload at 02:44:26 UTC Thu Mar 6 2008

System image file is "flash:c2800nm-adventerprisek9_ivs-mz.124-15.T1.bin"

I might try a mainline version.

Will get back to you.

Adam

Just for reference

%ARP-3-ARPINT: ARP table accessed at interrupt level 3

, -Traceback= 0x4179B7C8 0x4117E7FC 0x4117BEFC 0x41E0842C 0x41E084EC 0x41E14A14 0x41A66A7C 0x41DFA834 0x42E2CFA8 0x403F93C4 0x40061790 0x439F65F8 0x439F3EA4 0x400469F0 0x4000FCC0

seems like Cisco IOS bug # CSCsq05997 Excessive ARP related logging