Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1679
Views
0
Helpful
16
Replies

Qos on GRE Tunnel interfaces

ayokunles
Level 1
Level 1

‎09-01-2011 04:55 AM - edited ‎03-04-2019 01:28 PM

I have a challenge. i want to implement QoS on our Core router but the core router makes use of GRE Tunnels to remote branch locations.

so far all QoS techniques i want to use cannot be implemented using tunnel interfaces.

the core router is a cisco 7604 router with IOS version 12.2 (33)SRE while the remote locations have ISRs (2821).

i would need help in deciding which QoS technique to use with respect to GRE Tunnels as there are times of congestion due to heavy network traffic to those remote locations.

thanks guys.

Labels:
0 Helpful
16 Replies 16

lgijssel
Level 9
Level 9

‎09-01-2011 05:53 AM

What you want to achieve is possible.

When packets are encapsulated by tunnel or encryption headers, QoS features are unable to examine the original packet headers and correctly classify the packets. Packets traveling across the same tunnel have the same tunnel headers, so the packets are treated identically if the physical interface is congested. With the introduction of the Quality of Service for Virtual Private Networks (VPNs) feature, packets can now be classified before tunneling and encryption occur.

The qos pre-classify command is used for enabling this.

http://www.cisco.com/en/US/tech/tk543/tk545/technologies_tech_note09186a008017405e.shtml#topic1

regards,

Leo

0 Helpful

ayokunles
Level 1
Level 1
In response to lgijssel

‎09-01-2011 06:00 AM

Hii Leo,

thanks, but the other question is would it work on a cisco 7604 router with the IOS mentioned in the first post?

0 Helpful

Amit Aneja
Level 3
Level 3
In response to ayokunles

‎09-01-2011 06:46 AM

It should work on the IOS that you have mentioned.

0 Helpful

ayokunles
Level 1
Level 1
In response to Amit Aneja

‎09-01-2011 07:05 AM

Hello Amit,

thanks but the command is not supported on my IOS.  i mean the qos pre-classify command.

any other ideas? i am really stuck.

0 Helpful

Amit Aneja
Level 3
Level 3
In response to ayokunles

‎09-01-2011 08:03 AM

Could you paste the complete IOS image name here?

What is the interface you are trying to enable "qos pre-classify"?

0 Helpful

Amit Aneja
Level 3
Level 3
In response to ayokunles

‎09-01-2011 08:07 AM

hey, I apologize, I just checked that it is not supported on 6k. It is hard to believe, but, it isn't.

Let me check if this is on the roadmap in upcoming releases.

0 Helpful

Amit Aneja
Level 3
Level 3
In response to Amit Aneja

‎09-01-2011 08:13 AM

qos pre-classify relies on keeping a copy of the original packet in some shared memory. 6500 is a

distributed architecture, there is not really shared memory at all, so this is something which is a hardware limitation.

The feature is *not* on the roadmap as well.

Regards,

Amit

0 Helpful

ayokunles
Level 1
Level 1
In response to Amit Aneja

‎09-01-2011 09:19 AM

so am stuck then...

what if i try to use hierachical policy maps

would it work.

0 Helpful

Joseph W. Doherty
Hall of Fame
Hall of Fame

‎09-01-2011 09:35 AM

Disclaimer

The  Author of this posting offers the information  contained within this  posting without consideration and with the  reader's understanding that  there's no implied or expressed suitability  or fitness for any purpose.  Information provided is for informational  purposes only and should not  be construed as rendering professional  advice of any kind. Usage of  this posting's information is solely at  reader's own risk.

Liability Disclaimer

In   no event shall Author be liable for any damages whatsoever (including,   without limitation, damages for loss of use, data or profit) arising  out  of the use or inability to use the posting's information even if  Author  has been advised of the possibility of such damage.

Posting

Assuming it's impossible to configure QoS on a "normal" 7600 GRE tunnel, it might be possible if you use a "WAN" type line card (assuming you're not now).  Another option would be to "front" the core 7604 with "regular" (e.g. 3900, 7200) WAN router that can deal with the bandwidth you're using.

0 Helpful

ayokunles
Level 1
Level 1
In response to Joseph W. Doherty

‎09-01-2011 09:58 AM

Hi Joseph,

I am not sure i understand the word "front".  All Service provider backhauls terminate on this core router.

Would "fronting" mean that i have to transfer all the connections to the the "new front" and reconfigure all the GRE tunnels.

I am also not sure if i am using a WAN type line card.

0 Helpful

Joseph W. Doherty
Hall of Fame
Hall of Fame
In response to ayokunles

‎09-01-2011 05:23 PM

Disclaimer

The  Author of this posting offers the information contained within this  posting without consideration and with the reader's understanding that  there's no implied or expressed suitability or fitness for any purpose.  Information provided is for informational purposes only and should not  be construed as rendering professional advice of any kind. Usage of this  posting's information is solely at reader's own risk.

Liability Disclaimer

In  no event shall Author be liable for any damages whatsoever (including,  without limitation, damages for loss of use, data or profit) arising out  of the use or inability to use the posting's information even if Author  has been advised of the possibility of such damage.

Posting

"Front" as having another software router "in front" of the core device, i.e. it would terminate the WAN connections and yes it would then have the GRE tunnels.  (In other words, a WAN edge.)

WAN type cards are those line cards with enhanced QoS features useful on WANs, for example FlexWAN or SIP-200 and SIP-400.  Some of the "ES" cards might too, but not sure about those.

Amit might also have a worthwhile suggestion about the VSPA.

0 Helpful

ayokunles
Level 1
Level 1
In response to Joseph W. Doherty

‎09-02-2011 12:12 AM

Hi Joseph,

please find attached a section of the sh version on the router.  I believe the SIP card is present.

besides the 7604 serves as the WAN edge already.

0 Helpful

Joseph W. Doherty
Hall of Fame
Hall of Fame
In response to ayokunles

‎09-02-2011 02:54 AM

Disclaimer

The   Author of this posting offers the information contained within this   posting without consideration and with the reader's understanding that   there's no implied or expressed suitability or fitness for any purpose.   Information provided is for informational purposes only and should not   be construed as rendering professional advice of any kind. Usage of  this  posting's information is solely at reader's own risk.

Liability Disclaimer

In   no event shall Author be liable for any damages whatsoever (including,   without limitation, damages for loss of use, data or profit) arising  out  of the use or inability to use the posting's information even if  Author  has been advised of the possibility of such damage.

Posting

Does the WAN interface use a SPA interface on the SIP-400 for the GRE tunnel source?  (Looks like it's hosting a single 10 gig.  What's the SPA interface?)

(NB: I know the FlexWAN offers additional QoS features.  I believe the SIP-200 is similar.  I also thought the SIP-400 does too, but not as sure about it.  Such features are limited to interfaces on that card.)

Understood that the 7604 serves as your WAN edge, but if it doesn't offer the features you need for your WAN, then the only alternative to obtain those features is to use a platform that does support your needs.

0 Helpful

ayokunles
Level 1
Level 1
In response to Joseph W. Doherty

‎09-02-2011 03:40 AM

Joseph,

there are two 5 port modules and each port is Gigabit SPA. 

yes all service providers are terminated on SPA interfaces.

what i'm not sure of is whether i have a VPN SPA module or would the SSC 400 serve as a VPN SPA module.

I'm not quite sure, really.

thanks

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card