I am looking for some help with configuring a rather extensive DMVPN setup over WAN with some basic QoS policies to improve voice call quality for remote phones. I know there's some technical hurdles to overcome and some gotchas being over WAN (obviously can't control what happens in between point A and point B on the Internet), but I'm certain there's some stuff I can do to smooth things out.
First off, let me describe my existing setup...
At my home office, I have 4 physical buildings all connected by gigabit fiber uplinks to Catalyst 3750 switch stacks. There are two routers (both 2911 ISR) on the network for voice routing and DR voice traffic. All of that is configured for Auto-QoS on the LAN side and at the desk side is setup for phone/data smartport roles.
There is a third router (2921 ISR) at home office for Internet traffic. There is no QoS on this router at all currently. It is configured with one legacy L2L VPN tunnel to a remote site, and it is configured for a hub DMVPN which connects to 70 remote sites, each of which are also DMVPN connected.
The home office has a 10Mbps Internet Pipe (10Mbps Down/Up, burstable to 100Mbps). I will be upgrading it to a full 100Mbps in the near future.
The remote offices are all configured with a minimum 3Mbps/Down, 768Kbps/Up, so that's what I'd like to set as a template for the remote sites. For a couple sites that have more, I'd alter the template accordingly. The sites use 881W ISRs, and a 7925G Wireless Phone, ATA-187 for Fax, and a cash register that users Internet for credit cards. I need to prioritize the connections for a simultaneous call + fax with remaining bandwidth available for Internet traffic (register and a laptop for the manager).
From what I can see, there are 3 things that will be configured... home office 2921 router (core), and the 881W router and access point for each location.
I'm not terribly experienced with QoS setups. Ideally, I'd like to see some mock template code for use on the Tunnel0 (DMVPN) interfaces, G0/0 interface (Core WAN), G0/1 interface (Core LAN), and the FastEthernet4 interface (881W WAN).
Edited configuration files are attached.
Thanks for any assistance offered!
The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
In principle, to provide QoS dedicated like traffic treatment across the Internet, you need to shape your traffic to available bandwidth and then manage any congestion. So, for example, for the DSL connections, your hub would shape for 3 Mbps toward the branch and the branch would shape for 768K toward the hub. Ideally you also insure the aggregate of the branches doesn't oversubscribe the hub, but for hub to branches, you might be able to use secondary management of bandwidth congestion toward the Internet.
When working with the Internet, you cannot manage or provide QoS across the Internet itself, but you often can control/manage your bandwidth to/from the Internet. As part of the latter, you do not want to allow any "usual" Internet traffic on the Internet connections being used for VPN. (If you do, you introduce unknown bandwidth consumption, which makes QoS bandwidth management impossible from the Internet.) As part of bandwidth management, you also should not allow multi-point traffic flows (which is possible with DMVPN).
Regarding sample templates, much depends on the IOS versions you're using as QoS features and DMVPN features vary based on IOS version. Additionally, if you're unfamiliar with QoS, what you want to do is on the more complex side of QoS usage, so you might need a bit more hand-holding that can easily be provided via these forums. (I.e. you might want to consider retaining a consultant to help you with this kind of configuration.)
Updated the original post. The only difference in configs on the spoke side is that some of the connections are Dialer0 interface (rare PPPoE setup) vs FastEthernet4 interface (majority).
I understand all the concepts of QoS, I'm just unfamiliar with best way to implement on a WAN/Tunnel setting. I'm well aware of the issues present with not controlling anything in between sites, but if I can at least control everything over the tunnel, I believe it will help.
Thanks for taking a look!
Haven't had any updates to this in a couple weeks now so I just wanted to follow up on it and see if anyone had any thoughts or advice. Thanks!