Thanks

I already have gre tunnels configured but not encrypted so I believe I don't need qos pre-classify. My problem here is that I have a 512K ADSL with two tunnels, where do I apply the QoS, LLQ?

I believe that my configuration below is correct if you have a single tunnel but with two tunnels I will potentially oversubscribe the link. Is it possible to apply the configuration to the either the physical or dialer interface instead?

My configuration below;

class-map match-all voice

match access-group 101

!

!

policy-map child

class voice

priority 384

policy-map tunnel

class class-default

shape peak 512000

service-policy child

interface ATM0

no ip address

no atm ilmi-keepalive

pvc 8/35

encapsulation aal5mux ppp dialer

dialer pool-member 1

!

dsl operating-mode auto

end

interface Dialer0

bandwidth 512

ip address negotiated

ip nat outside

encapsulation ppp

dialer pool 1

ppp authentication pap callin

ppp chap refuse

ppp pap sent-username

ppp multilink

ppp multilink fragment-delay 20

ppp multilink interleave

end

interface Tunnel0

description

ip address XX.XX.XX.XX

tunnel source XX.XX.XX.XX

tunnel destination XX.XX.XX.XX

service-policy output tunnel

!

interface Tunnel1

description

ip address XX.XX.XX.XX

tunnel source XX.XX.XX.XX

tunnel destination XX.XX.XX.XX

service-policy output tunnel

I believe you have another thread started with this same question that I have posted some questions to, but I thought I would add some expertise to your config above.

1) For a 512Kbps DSL circuit, there is no way that you can shape peak to 384Kbps on both tunnels! You are, by definition, oversubscribing the DSL circuit.

2) Is all traffic going through these tunnels ONLY, or are you allowing Internet traffic from each site directly as well? Keep in mind that your 512Kbps uplink speed (if that is what you stated) is for ALL traffic, your tunnel(s) AND any local traffic going out the DSL directly. You need to design this and pre-define the bandwidths that you will allocate to each tunnel and also to local Internet traffic. The sum of those bandwidths cannot exceed your provisioned DSL rate.

3) You are on the right track with applying the policy-map to the tunnel interfaces, but you should not be using 'shape peak', you should be using 'shape average' to a bandwidth that is 95% of your tunnel bandwidth and according to your pre-defined design.

4) The configuration is different depending on the design you choose:

a) all traffic utilizing the tunnels only OR

b) voice traffic using the tunnel(s) and all other traffic hitting the DSL/Internet directly OR

c) voice and enterprise data traffic using the tunnel(s) and Internet only traffic using the DSL directly (outside the tunnels)

5) In general, you should shape ALL the traffic leaving the outside DSL interface so as not to exceed the provisioned bandwidth AND you prioritize the voice (and voice signaling) traffic using the tunnel(s) into the parent shaper on the DSL interface.

The permutations get complicated on this, but as long as your config matches your design, all will be well.

Let me know the design you are trying to implement...

Hi,

Thanks for your reply, you are right I have another thread which I will abadon now.

I am trying to achieve design c as your outline in point 4, voice and enterprise data traffic using the tunnel(s) and Internet only traffic using the DSL directly (outside the tunnels).

The requirement is to only provide guarantee service for the voice traffic traversing through the two tunnels.

Can you please advice on how the configuration would be? If possible it would be great if the 512K bandwidth can be shared between the two tunnels and the internet access such that each can max up to 512K if there are no other traffic on the others.

Thanks.

Hi, I responded to your other thread which is more complete...