Solved: Re: QoS Questions: on Subinterface with Tagging and GRE IPSEC Tu

kmmehlkmmehl · ‎09-17-2010

Hello!

I have a QoS related question.

We have Site A and Site B

Every Site has a WAN Internet Connection on Subint Gi0/1 with Gi0/1.1 and Gi0/1.2

Thats the WAN Part. Internals surft thru NAT there. (only on one Connection currently)

This Connections host a GRE IPSEC TUNNEL Tunnel1 from Site A to Site B and Vice Versa.

The Tunnel runs on exactly one Internet Connection (currently Gi0/1.1)

Also on Site A and Site B there is a LAN. Both LAN are Connected thru the IPSEC Tunnel. We have Static routes and different Subnets.

What i want to do (but i am to stupid to do so):

1) Limit "surfing" Traffic (which is everything except the Traffic needed for the Tunnel to 7MBIT (from 10))

2) Reserve 3MBIT of the Tunnel Connection for SIP,RTP and SSH (nbar is running)

3) Make Tunnel Traffic more important than Surfing Traffic (e.g. Copy Files should not be reduced by iso downloads) but respect 3MBIT reserved for SIP RTP SSH

Gi0/1 - Main Interface

Gi0/1.1 - SubInterface for WAN Internet

Tunnel1 - source is WAN on Gi0/1.1 GRE with IPSEC

This is all running on 12.4 advipserv on a C2821

I tried fiddling around with parent and child policies and policie command etc but it doesnt seem to work

Thanks for your help!

;)

Lei Tian · ‎09-18-2010

Hi,

You can start from the following config, and modify from there.If you experience high cpu after configure the QoS, you can disable nbar, and match base on ACL.

class-map match-any mark_critical
match protocol SIP
match protocol RTP
match protocol SSH
policy-map mark
class mark_critical
set ip dscp 46
class class-default
police 7000000 conform-action set-dscp-tranmit af21

int x/x (LAN interface)
service-policy in mark

policy-map shape_10m
class class-default
shape 10000000 100000
service-policy qos

class-map critical
match ip dscp 46
policy-map qos
class critical
priority 3m
class class-default
fair-queue
random-detect dscp_based

int g0/1.1
service-policy out shape_10m

HTH,

Lei Tian

View solution in original post

Lei Tian · ‎09-18-2010

Hi,

You can start from the following config, and modify from there.If you experience high cpu after configure the QoS, you can disable nbar, and match base on ACL.

class-map match-any mark_critical
match protocol SIP
match protocol RTP
match protocol SSH
policy-map mark
class mark_critical
set ip dscp 46
class class-default
police 7000000 conform-action set-dscp-tranmit af21

int x/x (LAN interface)
service-policy in mark

policy-map shape_10m
class class-default
shape 10000000 100000
service-policy qos

class-map critical
match ip dscp 46
policy-map qos
class critical
priority 3m
class class-default
fair-queue
random-detect dscp_based

int g0/1.1
service-policy out shape_10m

HTH,

Lei Tian

kmmehlkmmehl · ‎09-18-2010

Thanks i made some syntactical changes:

class-map match-any markcritical

match protocol SIP

match protocol RTP

match protocol SSH

policy-map mark

class markcritical

set ip dscp 46

class class-default

police 7000000 conform-action set-dscp-transmit af21

int gi0/0.1

service-policy in mark

policy-map shape10m

class class-default

shape average 10000000 100000

service-policy qos

class-map critical

match ip dscp 46

policy-map qos

class critical

priority 3000

class class-default

fair-queue

random-detect dscp-based

int g0/1.1

service-policy out shape10m

So this mean i have QOS on my tunnel olso (qos pre-classify)

Lei Tian · ‎09-18-2010

Hi,

This looks good; let's deploy it and see if that meets all requirements.

qos pre-classify is used when we want to classify based on L3 information from inner IP header (before encapsulation/encryption). Here, we are classifying on the LAN interface, and set DSCP. The DSCP valure will be copied to GRE header and ESP header by default, so, we don't have to configure qos pre-classify under tunnel and crypto-map here.

HTH,

Lei Tian

QoS Questions: on Subinterface with Tagging and GRE IPSEC Tunnel