cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2362
Views
12
Helpful
7
Replies

Per-Tunnel QoS on ISR 4451-X

Hi,

we are migrating our VPN Hub routers from ISR 3825 to ISR 4451-X. With the 4451-X everything works fine, except the

per-tunnel qos

When a spoke is signaling its nhrp group, the hub returns this error message

%NHRP-3-QOS_POLICY_APPLY_FAILED: Failed to apply QoS policy SHAPE_BW2000

mapped to NHRP group BW2000 on interface

Tunnel0, to tunnel x.x.x.x

due to policy installation failure

The router installs the qos policy only when the policy is empty. So there is no action like

shape average

 or a child policy.

This is an example of my qos configuration for one group:

 

!acl for matching several dscp values
!
ip access-list extended Match_AK_CONTROL
 permit ip any any dscp cs6
 permit ip any any dscp cs5
!
!class-map matching dscp
!
class-map match-all AK_IPT
 match dscp ef
class-map match-all AK_CONTROL
 match access-group name Match_AK_CONTROL
!
!child policy
!
policy-map WAN_AGGREGATION_OUT_V200
 class AK_IPT
  priority 200
 class AK_CONTROL
  bandwidth remaining percent 5
 class class-default
  bandwidth remaining percent 95
!
!parent policy for bandwidth shaping
!
policy-map SHAPE_BW2000
 class class-default
  shape average 2000000
   service-policy WAN_AGGREGATION_OUT_V200
!
!nhrp group on Tunnel interface
!
interface Tunnel0
  ip nhrp map group BW2000 service-policy output SHAPE_BW2000
!

 

Any suggestions? Are there any changes I have to do in the configuration? I've tried many variations without any success. Only a

policy-map

like this is acceppted:

policy-map SHAPE_BW2000
 class class-default

But this policy is useless.

I've read about a bug, that there was a limitation to max. 8 spokes on the tunnel with ASR901 CSCts62082

Currently there are 82 spokes connected to this router.

 

Thanks,
Werner

 

1 Accepted Solution

Accepted Solutions

Hello.

I believe, that

appxk9

licence (not enabled) is your problem.

Please enable it and let me know how it goes.

View solution in original post

7 Replies 7

Hello.

What is the firmware version you are running?

Do you have license

appxk9

enabled?

What is the source interface for your tunnel?

hi,

im currently running Cisco IOS XE Software, Version 03.10.04.S, Version 15.3(3)S4

but I've already tried newer versions without success.

No,

appxk9

is not enabled. Installed licences are: 

securityk9, ipbasek9, hseck9, 

throughput

The source interface of the tunnel is 

GigabitEthernet0/0/1

On the source interface is no qos policy applied (this is recommended in config guides)

Hello.

I believe, that

appxk9

licence (not enabled) is your problem.

Please enable it and let me know how it goes.

I've tried this, activating the

appxk9 eval

licence. No change.

I'm only doing a normal QoS, no application routing or acceleration. So

appx

shouldn't matter.

Did you reload the router (after you enabled the license) and reapplied the policy after?

Could you provide

show lic and show ver

after the reboot it acutally works! So you really need the

appx license for qos!

Very very poor by cisco!!! There is no hint, neither in the documentation nor in the ordering guide.

 

Thanks for your help.

I know this issue has been resolved but maybe this link could help future comers. It is basically what has already been confirmed hear.

 

Per-Tunnel QoS for DMVPN
http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_conn_dmvpn/configuration/15-mt/sec-conn-dmvpn-15-mt-book/sec-conn-dmvpn-per-tunnel-qos.html#concept_F989BD3FC8CA49B6859F29CA3F1C07A6 

 

Restrictions for Per-Tunnel QoS for DMVPN

 On ISR 4K series routers, you have to enable the appxk9 license for per-tunnel QOS feature. If you do not enable the appxk9 license, the commands are accepted but the QoS feature will not be enabled on tunnels.

 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: