If I have a gigabit ethernet router connection to a WAN service that's rate limited to 200 Mbps in the cloud, and I'm running a GRE tunnel that's encrypted with IPSEC, how can I configure my router to
1) shape all outbound traffic to 200 Mbps on the Gig interface that connects to the WAN provider
2) within the shaped traffic prioritize a particular class and give it up to 50 Mbps bandwidth
3) allow all the other traffic to fall into the default class with best effort delivery
I'm thinking that I first need to create a parent policy for the shaping, and a child policy under that for the priority, but am not really sure.
Also, does the plicy get applied to the physical gigabit ethernet interface or to the Tunnel interface ?
Any thoughts or suggestions would be very greatly appreciated.
I would do this task the way similar to this:
class-map C-PRIORITY - this will classify your priority traffic
shape average 200000000
set dscp ef
set dscp default
service-policy output SHAPINGPOLICY
"qos pre-classify" command is needed only when you classify your traffic with the C-PRIORITY class-map based on fields other than the TOS byte in the original IP header.
If you classify your traffic based on the TOS-byte of the incoming traffic, then you can omit this command at both places. The TOS byte is by default copied from the original IP header to the tunnel IP header.
If you apply the service-policy to the physical interface then the QoS policies will take effect on all Tunnel interfaces sending traffic through Gig1/1.
If you apply the service-policy to the Tunnel interface then the QoS policies will be applied to the given Tunnel interface only.
In this case, too, you need to omit the qos pre-classify commands.
This works perfectly.
Note: I'm using an extended ACL for class-map C-priority.
class-map match-any c-priority
match access-group 120