DisclaimerThe Author of this

Steven Williams · ‎06-30-2014

We have multiple IPSEC VPN over GRE tunnels and I am looking at QoS over the WAN for these tunnels. Can anyone suggest where to start? Reading material? Blog?

Steven Williams · ‎07-01-2014

Anyone?

Joseph W. Doherty · ‎07-01-2014

Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

Where to start depends on what you know, or don't know, about QoS.

Depending on the platform, you can place QoS on the tunnel interface and/or the physical interface. For the latter, there's often an option to "shadow" the original IP header for QoS processing of the tunnel packets. Without the "shadow" copy, you can still process tunnel packets using the ToS as most Cisco implementations copy it from the original packet. (This is all that transit devices' QoS have to work with.)

With tunnels, encrypted or not, shaping is often a requirement for an effective QoS implementation. Also with tunnels, it's a good idea to avoid packet fragmentation caused by encapsulation.

Steven Williams · ‎07-01-2014

I have used auto QoS only and local LAN only as well. So WAN is a new thing for me. So articles and some config examples would be helpful too. QoS is a beast I hear.

Joseph W. Doherty · ‎07-01-2014

Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

Oh, there's much for you to learn then.

QoS isn't really too difficult, but you need to know a lot of it to understand how to use it (well).

You might start here: http://www.cisco.com/c/en/us/solutions/enterprise/design-zone-application-performance/landing_cVideo.html

Steven Williams · ‎07-01-2014

Is NBAR still a popular thing these days? Can you recommend any lab type scenarios that I can verify my learning with?

Joseph W. Doherty · ‎07-01-2014

Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

I don't know how popular NBAR is. I liked it and Cisco has developed NBAR2. So, I guess they like it too.

QoS labs can be difficult to setup, as you need to push traffic to cause congestion for many kinds of QoS to "engage", and then, you really want to simulate different traffic behaviors.

Steven Williams · ‎07-23-2014

How can you start to get an idea of what traffic is going through your device?

Joseph W. Doherty · ‎07-23-2014

Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

One possibility, NBAR has an analysis mode.

Steven Williams · ‎07-24-2014

I assume you must enable NBAR first and let it collect data.

Joseph W. Doherty · ‎07-24-2014

Yep.

IPSEC VPN over GRE Tunnels - QoS