09-09-2005 06:10 AM - edited 03-03-2019 10:28 AM
I am a little confused in trying to best configure bandwidth management for our Hub and Spoke DMVPN router network over the WAN.
How would one configure a router to best handle traffic flow out a WAN link, where the router 'sees' the network as fast ethernet, but in the 'internet' a much smaller maximum throughput rate is set (like standard T1 or Cable modem speeds)? Or is there really nothing to do? I understand that regular TCP/IP flow controls should scale back data transfer when it detects packet loss; but what about any UDP flows, or the like?
The actual setup:
We have DMVPN hub with ethernet interfaces, connected to internet via a 6Mbps rate limited ethernet line to ISP. The LAN AND WAN ethernet interfaces on our router itself run at 100Mbps. All the remote spokes have 10Mbps ethernet interfaces connected to T1 terminators or cable/DSL lines.
99.9% of the traffic leaving all the routers is the IPSEC traffic from the DMVPN.
We want some sort of QoS policy to give priority to things like interactive intranet web-browsing, odbc database transactions, and voip (3com nbx not cisco) traffic through the DMVPN tunnels, leaving general backup-type file transfers, email, ftp, and other large-data, non-interactive sessions as a lower priority. It seems like this should be setup to rate limit/prioritize the traffic to the ISP's Max line speed before encrypting and tunneling takes place; but how?
Right now there is NO form of QoS or queueing or anything. I believe as a result, we do in fact see consistent drops of non-tcp/ip traffic, (like pings) on and off. Also things like the afformentioned web browsing are extremely slow and laggy--but latency across the networks are stable between 50 and 100 ms. Which should be perfectally acceptable for web-browsing. This leads me to believe it's a problem due to basic traffic drops trying to push all this LAN traffic over a WAN.
I've tried to research this, and think i understand on a basic level HOW QoS works, and it sounds like a good idea, but I'm a little unsure which type to use, and I have a BIG problem trying to understand specifically how to implement it.
Thank you for any help,
-Shawn
09-09-2005 09:30 PM
Hi
though i havent tried configuring qos with DMVPN setup i found some thing from cisco site which says that some of the commands are not configurable under DMVP tunnel interface..
"The following commands are not supported under mGRE with DMVPN: ip tcp adjust-mss, qos pre-classify tunnel vrf,tunnel path-mtu-discovery,and tunnel vrf"
qos pre-classify is reqd to be there under tunnel interface to carry the exact/original TOS bits instead of new TOS values while encapsulating with the new header.
regds
09-13-2005 01:02 PM
I don't think that is an accurate answer. As you can see with my config, I have qos pre-classify commands and other commands that you say are not supported.
interface Tunnel200
bandwidth 1544
ip address 1.1.1.2 255.255.255.0
ip mtu 1440
ip nhrp authentication ***********
ip nhrp map 1.1.1.1 10.1.1.1
ip nhrp network-id 123
ip nhrp holdtime 300
ip nhrp nhs 1.1.1.1
ip tcp adjust-mss 1400
ip ospf network broadcast
ip ospf cost 25
ip ospf priority 0
qos pre-classify
tunnel source Serial0/0.800
tunnel destination 10.1.1.1
tunnel key ***************
tunnel protection ipsec profile vpnprofile
Regards,
John..
09-14-2005 01:10 AM
Hi
i did pick up those statements from here only.
hope u can too refer up the same. ..
regds
09-14-2005 05:00 AM
The document you link that quote to is talking about IOS "12.2(18)SXE DMVPN Support on the Cisco 6500 and Cisco 7600". Apparently it does hold true for other hardware devices, and more recent, feature-rich IOS versions...
Unfortionatley I still have little good idea how to configure a very basic-level of QoS into our setup...
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide