10-31-2008 08:07 AM - edited 03-04-2019 12:08 AM
If I have a gigabit ethernet router connection to a WAN service that's rate limited to 200 Mbps in the cloud, and I'm running a GRE tunnel that's encrypted with IPSEC, how can I configure my router to
1) shape all outbound traffic to 200 Mbps on the Gig interface that connects to the WAN provider
2) within the shaped traffic prioritize a particular class and give it up to 50 Mbps bandwidth
3) allow all the other traffic to fall into the default class with best effort delivery
I'm thinking that I first need to create a parent policy for the shaping, and a child policy under that for the priority, but am not really sure.
Also, does the plicy get applied to the physical gigabit ethernet interface or to the Tunnel interface ?
Any thoughts or suggestions would be very greatly appreciated.
10-31-2008 11:03 AM
Hi Richard,
I would do this task the way similar to this:
class-map C-PRIORITY - this will classify your priority traffic
match .....
policy-map SHAPINGPOLICY
class class-default
shape average 200000000
service-policy PRIORITIZE
policy-map PRIORITIZE
class C-PRIORITY
priority 50000
set dscp ef
class class-default
set dscp default
interface Gig1/1
service-policy output SHAPINGPOLICY
interface Tunnel0
qos pre-classify
crypto-map VPN_CONNECTION
qos pre-classify
Notes:
"qos pre-classify" command is needed only when you classify your traffic with the C-PRIORITY class-map based on fields other than the TOS byte in the original IP header.
If you classify your traffic based on the TOS-byte of the incoming traffic, then you can omit this command at both places. The TOS byte is by default copied from the original IP header to the tunnel IP header.
If you apply the service-policy to the physical interface then the QoS policies will take effect on all Tunnel interfaces sending traffic through Gig1/1.
If you apply the service-policy to the Tunnel interface then the QoS policies will be applied to the given Tunnel interface only.
In this case, too, you need to omit the qos pre-classify commands.
Cheers:
Istvan
10-31-2008 11:23 AM
Istvan,
This works perfectly.
Note: I'm using an extended ACL for class-map C-priority.
class-map match-any c-priority
match access-group 120
Thank you.
Rich
10-31-2008 12:30 PM
Hi Rich,
I'm glad I could help you.
Please rate my post if you think my post was valuable for you.
Thanks:
Istvan
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide