02-21-2014 08:02 AM - edited 03-04-2019 10:24 PM
We're running dual hub dual dmvpn topology as you can see on the picture with 12spokes which I want to implement qos for.
There are 2 major possible ways to implement QoS:
1: service policies applied to physical interfaces
int Gi0/0
service-policy output group1_parent
2: service policies applied to tunnel interfaces (on HUBs)
interface tunnel 1
ip nhrp map group spoke_group1 service-policy output group1_parent
http://www.cisco.com/en/US/docs/ios-xml ... el-qos.pdf
I wanted to go for the second option, because I thought that HUBs would force its qos policies to SPOKES via nhrp, but then realised that those qos policies apply only for traffic from HUBs to other SPOKEs. But what about SPOKE->SPOKE and SPOKE->HUB traffic?
What option is better to go for... option 1 only? or mix both options?
Thanks
02-21-2014 05:28 PM
Hi Zuno,
To this date dynamic QoS for spoke-to-spoke traffic is not supported on DMVPN. You can only apply it to physical interface on the spokes.
spoke-to-spoke QoS is supported in FlexVPN. If you want to, you can plan the migration. (Following are some migration docs)
http://www.cisco.com/c/en/us/support/docs/security/flexvpn/116678-configure-product-00.html
http://www.cisco.com/c/en/us/support/docs/security/flexvpn/115727-flexvpn-hard-hub-00.html
Frederic Detienne(Distinguished Engineer at Cisco) explained about FlexVPN and its QoS implementation in session BRKSEC-3013 at Cisco Live(Use following link to watch for video and presentation slides)
https://www.ciscolive.com/online/connect/sessionDetail.ww?SESSION_ID=6051&tclass=popup
-Vishesh
02-24-2014 07:23 AM
Hello Vishesh,
thanks for reply.
I would rather stay with DMVPN and workaround QoS.
Would you prefer standard qos applied on physical interfaces only or mixing it with DMVPN qos on HUBs?
I can't accept DMVPN qos on hubs only because I necessarily need SPOKE-TO-SPOKE qos especially for VoIP.
-Richard
02-25-2014 03:03 PM
If you are interested in setting QoS for voice, then you should apply qos on physical interface of the spokes and classify traffic via dscp marking. QoS pre-classify would be required on the tunnel.
-Vishesh
02-26-2014 03:18 AM
Disclaimer
The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
Liability Disclaimer
In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
Posting
If you are interested in setting QoS for voice, then you should apply qos on physical interface of the spokes and classify traffic via dscp marking. QoS pre-classify would be required on the tunnel.
BTW, if you're using ToS for physical egress, most DMVPN, I believe, copies original packet's ToS to GRE's ToS, so pre-classify isn't necessary. Pre-classify is necessary if your physical egress wants to examine other than ToS. An example, would be using FQ within an egress class which needs to "see" original src/dest to identify different flows.
02-26-2014 08:21 AM
Yes, thats true. The original packet's ToS is copied to GRE's ToS and to IPsec's ToS even without using pre-classification.
In my case it would be neccessary because of doing queuing and classification within the same policy-map on an egress interface.
02-26-2014 12:45 PM
Your postings have some kind of overlay. Unable to read you response.
02-27-2014 12:24 AM
Yes, thats true. The original packet's ToS is copied to GRE's ToS and to IPsec's ToS even without using pre-classification.
In my case it would be neccessary because of doing queuing and classification within the same policy-map on an egress interface.
02-27-2014 02:12 AM
Disclaimer
The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
Liability Disclaimer
In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
Posting
Same as before, but I was able to read email copy, although it too has overlay (just not same positions). Something about jollywallet and coupons.
As to doing classification on egress, again, pre-classify is needed if you classify on more than ToS. If you do, then you'll want to enable it.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide