Showing results for 
Search instead for 
Did you mean: 

QoS on GRE Tunnels - Guidance Requested

Big question:  Does the config below work?  My stress tests shows its utilizing the bandwidth commands, but thats about all I can tell.  I am unexpereienced with QoS.  Help please!

(Also, this is a repost - I added to part above to help clarify, modified title to see if I can encourage anyone to take a stab at it....thanks!)


Two branch locations that use MPLS to connect to a datacenter, and route to the internet through a hosted firewall at the datacenter.  Configuration example below is from a branch MPLS router.  Branch uses VOIP and some Core Vendor software (extremely network sensitive).

So the branches connect to each other and the internet via each of their MPLS routers (Cisco 1841's).

We want to accept any critiques, and know if the config below would work in general/at all.  In particular I would like to ensure the Core Vendor traffic never drops/has too high of a latency.

In the current configuration I saw just 4 packets drops for the Core Vendor due to WRED attempting to avoid congestion.

Note:  We set the DSCP values we do because those are the DSCP values that correspond to our ATT MPLS CoS values.

QoS Config Example:  [updated 12/11/2013 4:30PM CST]

class-map match-any Internal_Traffic

match access-group 106

class-map match-any Core_Vendor

match access-group 108

class-map match-any RDP

match access-group 107

class-map match-any Voice

match access-group 105



policy-map ToMPLS

class Voice

  set ip dscp ef

  priority percent 15

class Core_Vendor

  set ip dscp af31

  bandwidth remaining percent 30

class Internal_Traffic

  set ip dscp af21

  bandwidth remaining percent 35

class class-default

  set ip dscp default

  bandwidth remaining percent 20

policy-map ToMPLS-QUEUE

class class-default

  random-detect dscp-based

  service-policy ToMPLS

policy-map ToMPLS-Tunnel

class class-default

  shape average 1537000

  service-policy ToMPLS-QUEUE


interface Tunnel0

description Tunnel to DATACENTER

bandwidth 1540

qos pre-classify

tunnel source Serial0/0/0


interface Tunnel1

description Tunnel to OTHER BRANCH

bandwidth 1540

qos pre-classify

tunnel source Serial0/0/0


interface Serial0/0/0

description DHEC......etc...

encapsulation ppp

service-module t1 timeslots 1-24

service-module t1 remote-alarm-enable

service-policy output ToMPLS-Tunnel



Also, would it be possible to enable Priority instead of Bandwidth on the Core_Vendor class, and then disable policing? 

My thinking is we want the Core_Vendor traffic to have low-latency-queuing, but not be penalized when it exceeds its given bandwidth. 

Is there a better way to do that? 

VIP Expert


The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.


If this post is in lieu of another post, delete that one.

You don't need to shape if your physical port is the same as CDR.

On your branch, it appear you may only need the ToMPLS policy on the serial interface (you don't need the other two policies, you'll still need your pre-classify on the tunnels).


If you don't have them, you may want the following commands on your tunnel interfaces:

ip mtu 1476 !for just GRE

ip tcp adjust-mss 1436 !for just GRE

keepalive 10 3 !optional - takes down tunnel if end-to-end lost - helpful if using snmp

tunnel path-mtu-discovery

Content for Community-Ad