Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
822
Views
5
Helpful
4
Replies

LYNC QOS on a tunnel interface IPSEC, where traffic shaping policy has already been pre-configured

Go to solution
AdamAlphonz
Level 1
Level 1

‎05-26-2015 07:42 PM - edited ‎03-05-2019 01:33 AM

Hi Support,

Our infrastructure is on IPSEC VPN and we have configured traffic shaping on the tunnel interface to cap max bw into the data center to be at 15 mb. 

Now that we have LYNC; theyre call jitters and delays; although not on MPLS we will like to mark the outgoing packets and prioritize voice and video .

So this is the current config on the tunnel interface : 

interface Tunnel10135
 description vpn to 
 bandwidth 15360
 ip address 192.168.10.37 255.255.255.252
 ip mtu 1400
 ip flow ingress
 ip flow egress
 keepalive 10 3
 traffic-shape rate 15360000 384000 384000 1000
 tunnel source 
 tunnel destination 
end

 

Proposed configuration : 

class-map match-any VOICE_CRITICAL

match ip dscp ef

class-map match-any VOICE_VIDEO

match ip dscp af31

match ip dscp af32

match ip dscp af41

match ip dscp af42

match ip dscp af43

 

policy-map QOS_Tunnel10135

class VOICE_CRITICAL

priority percent 10

class VOICE_VIDEO

bandwidth remaining 5

class class-default 

fair-queue

random-detect

 

And then will add the policy map to the tunnel interface : 

interface Tunnel10135
 description vpn to 
 bandwidth 15360
 ip address 192.168.10.37 255.255.255.252
 ip mtu 1400
 ip flow ingress
 ip flow egress
 keepalive 10 3
 traffic-shape rate 15360000 384000 384000 1000
 tunnel source 
 tunnel destination 

service-policy output QOS_Tunnel10135
end

Will this actually be ideal, or should a nested parent child policy be implemented with ACLs.

Thanks in advance.

 

1 person had this problem
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Vasilii Mikhailovskii
Level 7
Level 7

‎06-01-2015 01:32 PM

Hello.

You should not mix "traffic-shape" command (stale way) with service-policy (new way).

You need to configure hierarchical QoS and apply it on the tunnel or a physical egress interface.

The behaviour of your configuration depends on the IOS version you use.

Please provide "show policy-map interface  Tu10135" after new QoS has been applied.

PS: if it's IPSec tunnel, I would also configure ip tcp adjust-mss 1360 to avoid PMTU.

View solution in original post

4 Replies 4

Go to solution
Vasilii Mikhailovskii
Level 7
Level 7

‎06-01-2015 01:32 PM

Hello.

You should not mix "traffic-shape" command (stale way) with service-policy (new way).

You need to configure hierarchical QoS and apply it on the tunnel or a physical egress interface.

The behaviour of your configuration depends on the IOS version you use.

Please provide "show policy-map interface  Tu10135" after new QoS has been applied.

PS: if it's IPSec tunnel, I would also configure ip tcp adjust-mss 1360 to avoid PMTU.

Go to solution
AdamAlphonz
Level 1
Level 1
In response to Vasilii Mikhailovskii

‎06-11-2015 03:16 AM

Hello Vasili ,

Thanks for replying!

So what we are wanting to achieve here is to police bw to 15 MB and from that 15MB we would like to prioritize 10% of the bw for voice , will this config achieve what we would like to do :

 

class-map match-all voice
 match dscp ef
!
policy-map parent
 class voice
  bandwidth percent 10
policy-map grand-parent
 class class-default
  shape average 15360000 384000 384000
   service-policy parent

 

And will apply it on the tunnel interface : 

tunnel10135

service-policy output grand-parent

0 Helpful

Go to solution
Vasilii Mikhailovskii
Level 7
Level 7
In response to AdamAlphonz

‎06-28-2015 07:49 AM

Hello.

Sorry for delay - I was on PTO.

In the mentioned configuration you need to replace"bandwidth per 10" with "priority per 10" - then class "voice" would be in LLQ been prioritized.

PS: you need to be careful with BC/BE values (you did both 384000), as they must match our ISP's settings. Typically it's better to have BE=0, shape rate = 90% of contracted bandwidth and Tc = (Bc/CIR) = 4ms or, as maximum - 10ms. You may check the values with "show policy-map interface tunnel10135".

Best regards,

PS: do not hesitate to ask further about QoS, as it's slightly complicated concept and even a simple hint may conserve you some hours.

PS2: whenever you ask about QoS, it's important if it's L2 or L3, what platform (and Line Card, if any) you are running and what IOS release. In your case, it's L3 on ISR (?) box, but IOS version is not obvious ("show hqf int ..." may help as well).

0 Helpful

Go to solution
AdamAlphonz
Level 1
Level 1
In response to Vasilii Mikhailovskii

‎06-25-2015 02:43 AM

Hi Vasilii,

Is the config below workable ? 

Kindly awaiting a reply from you! 

Appreciate it!

Thanks,

0 Helpful
Customers Also Viewed These Support Documents