QoS on GRE Tunnels

dennylester · ‎12-05-2006

A while back the guru's here in these forums helped me with implementing traffic shaping on our frame relay circuits. With FRTS we specified the traffic that we wanted to have priorty and everything else took the back seat.

Now I need to do this with 40 GRE tunnels running over an MPLS network. I am wondering which one I should use.

We want Terminal Services to take priority and everything else to be throttled back.

GTS seems like it would be the easiest, but we would want to apply these to backup ISDN lines and I thought I read somewhere that GTS won't support ISDN.

Class-Based Traffic Shaping sounds like it would work but Policy-maps and class-maps and how they relate to each other are still a little foreign to me. The Cisco examples make sense when limiting the whole interface to a certain speed using policy-maps but I'm still a little lost at how to put an access-list into the loop.

TIA,

Denny

mark.edwards · ‎12-06-2006

I would use policing or Class Based WFQ If I were implementing this solution. Policing will give you a strict limit to the traffic classes where queuing will allow classes to use bandwidth if available. The example below shows policing. Just repeat classes for each type of traffic you want to police. Unpoliced flows will get WFQ applied. Remember if you are using GRE tunnels all the traffic will look like GRE unless you use the qos pre-classify command under the tunnel.

class-map match-all TERMINAL

match access-group 100

policy-map SHAPE

class TERMINAL

police cir 32000

conform-action transmit

exceed-action drop

class class-default

fair-queue

access-list 100 permit tcp any any eq

int tunnel1

service-policy output SHAPE

qos pre-classify

dennylester · ‎12-06-2006

Hi,

Thank you for responding.

I never considered policing and will need to read up on it.

Just to make sure I understand you, are you saying the traffic that matches the ACL would be limited?

Thank you again,

Denny

mark.edwards · ‎12-06-2006

that is correct. Traffic that matches the ACL will be policed. Another option would be to use NBAR. This is just another way of classifying traffic. When you configure your class-maps have a look at the "match protocol" option. There are a number of pre-defined protocols that you can select. Each way can be used to achieve the same results, just different ways of configuring the same thing.

Edison Ortiz · ‎12-06-2006

Mark,

Your approach will limit terminal services to a bandwidth, I don't think that's what the OP wants.

I recommend going with priority instead of policing.

policy-map SHAPE

class TERMINAL

priority [enter amount in Kilo bits]

dennylester · ‎12-07-2006

Hello,

I'd like to thank you both for replying to me. Priority sounds like it matches more of what we did with Frame Relay and would require less work since I only need to define one type of traffic as a priority verses limited dozens of other types of traffic.

So, if I have a 256K MPLS circuit and I set TERMINAL up with a priority of 200K, all other traffic would only use 56K assuming TERMINAL is consuming at least 200K. If TERMINAL is not using 200K then the other traffic would get more bandwidth?

Does this sound correct?

Denny

Edison Ortiz · ‎12-08-2006

Denny,

That sounds correct.