Got this shared outbound 1 Mbps satellite link used by two remotes sites, inbound uplink is fixed dedicated 512Kbps to each.
They both connect to core using ipsec/gre tunnels through the same physical gigabit ethernet interface.
What I am trying to accomplish is use QoS to give unused bandwidth to whatever site needs it, but if congested each site should be guaranteed no less than 512Kbps
Using QoS-preclassification on the two tunnels we do outbound QoS at the core gigabit ethernet interface.
Parant class-default shape the traffic to 1024Kbps and has an attached child service-policy, this child policy has two classes one for each site matched by access-list on remote site IP range. Each child class has a bandwidth allocation using "bandwidth 512", nothing in class-default, each class has one further attached child service-policy doing the different classifications and prioritizations for VoIP, cirtix, snmp, telnet, ssh and such. (see below for config sample)
Now the policies sems to match and has an effect but latency is more affected that when using one policy for each location where each is shaped to 512Kbps. So is the current configuration allowed in current IOS 15.1 series and will it function as I expect ?
Could you in theory create an endless tree with childs of childs of childs and so forth?
Any better suggestions allowing both sites to enjoy 1Mbps when bandwidth is available but still guarantee 512Kbps ?
class-map match-any Office1
match access-group 121
class-map match-any dscp-critical
match dscp af31
match protocol citrix
match protocol snmp
match access-group 120
class-map match-any dscp-ef
match ip rtp 16384 16383
match dscp ef
match protocol telnet
match protocol skinny
match protocol icmp
match protocol ssh
class-map match-any dscp-video
match dscp af41
class-map match-any Office2
match access-group 122
priority percent 25
set dscp ef
set dscp af31
bandwidth percent 25
set dscp af41
bandwidth percent 45
shape average 1020000
well how the policy knows this is traffic belong to office one tunnel for example ?
you need to specify some sort of ACL with tunnel source ad least and use bandwidth command ( CBWFQ) without the child shaping
keep the shaping only to the parent policy
in this case the bandwidth command value will be used in the case of interface congested if not the child policy/traffic can use up to the parent shaping value which is about 1M
hope this help
Marwanshawi, thanks for answer.
Currently the only policy doing shaping is the parent.
The child policy of the shaping parent policy matches traffic on each tunnel using accss-lists in the classes Office1 and Office2, the access-list statments used are:
access-list 121 remark Match Office1 Traffic
access-list 121 permit ip any 172.28.111.0 0.0.0.255
access-list 122 remark Match Office2 Traffic
access-list 122 permit ip any 172.28.112.0 0.0.0.255
The classes matched above is used in the tunnel-cir policy, and each are given bandwidth 512. Since these child policies has another child policy attached (total three levels) will the last and third child policy in the original post function as expected ?