cancel
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
2599
Views
9
Helpful
8
Replies

QOS on DMVPN topology

zuno_bank
Level 1
Level 1
Click here to signup or login to your jollywallet account, check your cash back balance, and to manage your account and app preferences.
About
jollywallet makes you money by giving you cash back when shopping thousands of online merchants such as Gap.com, Skype.com, Heels.com and many more...

For more details please click here.
Share

We're running dual hub dual dmvpn topology as you can see on the picture with 12spokes which I want to implement qos for.

There are 2 major possible ways to implement QoS:

1: service policies applied to physical interfaces

int Gi0/0

service-policy output group1_parent

2: service policies applied to tunnel interfaces (on HUBs)

interface tunnel 1

ip nhrp map group spoke_group1 service-policy output group1_parent

http://www.cisco.com/en/US/docs/ios-xml ... el-qos.pdf

I  wanted to go for the second option, because I thought that HUBs would  force its qos policies to SPOKES via nhrp, but then realised that those  qos policies apply only for traffic from HUBs to other SPOKEs. But what  about SPOKE->SPOKE and SPOKE->HUB traffic?

What option is better to go for... option 1 only? or mix both options?

Thanks

8 Replies 8

Vishesh Verma
Level 1
Level 1

Hi Zuno,

To this date dynamic QoS for spoke-to-spoke traffic is not supported on DMVPN. You can only apply it to physical interface on the spokes.

spoke-to-spoke QoS is supported in FlexVPN. If you want to, you can plan the migration. (Following are some migration docs)

http://www.cisco.com/c/en/us/support/docs/security/flexvpn/116678-configure-product-00.html

http://www.cisco.com/c/en/us/support/docs/security/dynamic-multipoint-vpn-dmvpn/115726-flexvpn-hardmove-same-00.html

http://www.cisco.com/c/en/us/support/docs/security/flexvpn/115727-flexvpn-hard-hub-00.html

Frederic Detienne(Distinguished Engineer at Cisco) explained about FlexVPN and its QoS implementation in session BRKSEC-3013 at Cisco Live(Use following link to watch for video and presentation slides)

https://www.ciscolive.com/online/connect/sessionDetail.ww?SESSION_ID=6051&tclass=popup

-Vishesh

About
Share
Facebook
Twitter
Email
Coupons
$5 off $50+, $10 of $100+, $15 off $150+, $25 off $200+ or $40 off $30...
Plus 3.00% cash back!
Only 5 days left !
Code:SAVEAFF03012014

Hello Vishesh,

thanks for reply.

I would rather stay with DMVPN and workaround QoS.

Would you prefer standard qos applied on physical interfaces only or mixing it with DMVPN qos on HUBs?

I can't accept DMVPN qos on hubs only because I necessarily need SPOKE-TO-SPOKE qos especially for VoIP.

-Richard

If you are interested in setting QoS for voice, then you should apply qos on physical interface of the spokes and classify traffic via dscp marking. QoS pre-classify would be required on the tunnel.

-Vishesh

Disclaimer

The  Author of this posting offers the information contained within this  posting without consideration and with the reader's understanding that  there's no implied or expressed suitability or fitness for any purpose.  Information provided is for informational purposes only and should not  be construed as rendering professional advice of any kind. Usage of this  posting's information is solely at reader's own risk.

Liability Disclaimer

In  no event shall Author be liable for any damages whatsoever (including,  without limitation, damages for loss of use, data or profit) arising out  of the use or inability to use the posting's information even if Author  has been advised of the possibility of such damage.

Posting

If you are interested in setting QoS for voice, then you should apply qos on physical interface of the spokes and classify traffic via dscp marking. QoS pre-classify would be required on the tunnel.

BTW, if you're using ToS for physical egress, most DMVPN, I believe, copies original packet's ToS to GRE's ToS, so pre-classify isn't necessary.  Pre-classify is necessary if your physical egress wants to examine other than ToS.  An example, would be using FQ within an egress class which needs to "see" original src/dest to identify different flows.

About
jollywallet makes you money by giving you cash back when shopping thousands of online merchants such as Gap.com, Skype.com, Heels.com and many more...

For more details please click here.
Share
Facebook
Twitter
Email
Coupons
$5 off $50+, $10 of $100+, $15 off $150+, $25 off $200+ or $40 off $30...
Plus 3.00% cash back!
Only 3 days left !
Code:SAVEAFF03012014

Yes, thats true. The original packet's ToS is copied to GRE's ToS and to IPsec's ToS even without using pre-classification.

In my case it would be neccessary because of doing queuing and classification within the same policy-map on an egress interface.

Your postings have some kind of overlay.  Unable to read you response.

Click here to signup or login to your jollywallet account, check your cash back balance, and to manage your account and app preferences.
About
jollywallet makes you money by giving you cash back when shopping thousands of online merchants such as Gap.com, Skype.com, Heels.com and many more...

For more details please click here.
Share
Facebook
Twitter
Email
Coupons
$5 off $50+, $10 of $100+, $15 off $150+, $25 off $200+ or $40 off $30...
Plus 3.00% cash back!
Only 2 days left !
Code:SAVEAFF03012014

Yes, thats true. The original packet's ToS is copied to GRE's ToS and to IPsec's ToS even without using pre-classification.

In  my case it would be neccessary because of doing queuing and  classification within the same policy-map on an egress interface.

Disclaimer

The   Author of this posting offers the information contained within this   posting without consideration and with the reader's understanding that   there's no implied or expressed suitability or fitness for any purpose.   Information provided is for informational purposes only and should not   be construed as rendering professional advice of any kind. Usage of  this  posting's information is solely at reader's own risk.

Liability Disclaimer

In   no event shall Author be liable for any damages whatsoever (including,   without limitation, damages for loss of use, data or profit) arising  out  of the use or inability to use the posting's information even if  Author  has been advised of the possibility of such damage.

Posting

Same as before, but I was able to read email copy, although it too has overlay (just not same positions).  Something about jollywallet and coupons.

As to doing classification on egress, again, pre-classify is needed if you classify on more than ToS.  If you do, then you'll want to enable it.

Review Cisco Networking for a $25 gift card