Showing results for 
Search instead for 
Did you mean: 

QoS with shared outbound links

Got this shared outbound 1 Mbps satellite link used by two remotes sites, inbound uplink is fixed dedicated 512Kbps to each.

They both connect to core using ipsec/gre tunnels through the same physical gigabit ethernet interface.

What I am trying to accomplish is use QoS to give unused bandwidth to whatever site needs it, but if congested each site should be guaranteed no less than 512Kbps

Using QoS-preclassification on the two tunnels we do outbound QoS at the core gigabit ethernet interface.

Parant class-default shape the traffic to 1024Kbps and has an attached child service-policy, this child policy has two classes one for each site matched by access-list on remote site IP range. Each child class has a bandwidth allocation using "bandwidth 512", nothing in class-default, each class has one further attached child service-policy doing the different classifications and prioritizations for VoIP, cirtix, snmp, telnet, ssh and such. (see below for config sample)

Now the policies sems to match and has an effect but latency is more affected that when using one policy for each location where each is shaped to 512Kbps. So is the current configuration allowed in current IOS 15.1 series  and will it function as I expect ?

Could you in theory create an endless tree with childs of childs of childs and so forth?

Any better suggestions allowing both sites to enjoy 1Mbps when bandwidth is available but still guarantee 512Kbps ?


class-map match-any Office1

match access-group 121

class-map match-any dscp-critical

match  dscp af31

match protocol citrix

match protocol snmp

match access-group 120

class-map match-any dscp-ef

match ip rtp 16384 16383

match  dscp ef

match protocol telnet

match protocol skinny

match protocol icmp

match protocol ssh

class-map match-any dscp-video

match  dscp af41

class-map match-any Office2

match access-group 122



policy-map standard-policy

class dscp-ef

  priority percent 25

  set dscp ef

class dscp-critical

  set dscp af31

  bandwidth percent 25

class dscp-video

  set dscp af41

  bandwidth percent 45

class class-default


  random-detect dscp-based

policy-map tunnel-cir

class Office1

  bandwidth 505

  service-policy standard-policy

class Office2

  bandwidth 505

  service-policy standard-policy

policy-map output

class class-default

  shape average 1020000

  service-policy tunnel-cir



Everyone's tags (2)

QoS with shared outbound links

well how the policy knows this is traffic belong to office one tunnel for example ?

you need to specify some sort of ACL with tunnel source ad least and use bandwidth command ( CBWFQ) without the child shaping

keep the shaping only to the parent policy

in this case the bandwidth command value will be used in the case of interface congested if not the child policy/traffic can use up to the parent shaping value which is about 1M

hope this help


QoS with shared outbound links

Marwanshawi, thanks for answer.

Currently the only policy doing shaping is the parent.

The child policy of the shaping parent policy matches traffic on each tunnel using accss-lists in the classes Office1 and Office2, the access-list statments used are:

access-list 121 remark Match Office1 Traffic

access-list 121 permit ip any

access-list 122 remark Match Office2 Traffic

access-list 122 permit ip any

The classes matched above is used in the tunnel-cir policy, and each are given bandwidth 512. Since these child policies has another child policy attached (total three levels) will the last and third child policy in the original post function as expected ?

CreatePlease to create content
Content for Community-Ad
FusionCharts will render here