[c-nsp] Cisco 837 Series: QoS/Queuing/Shaping Question
Jason Ledbetter
cisco-nsp at broked.net
Tue Nov 23 15:16:58 EST 2004
(This reply is /very/ late.)
Tim,
The reason I have "twice the work" as you said, configured is that there
is also an IPSec tunnel in play here that wasn't in the configuration
snippet I provided.
>From the WAN's perspective, destination traffic would /never/ match acl 150
as it was encrypted and rerouted to the ipsec termination point by then.
Hence, inbound LAN traffic, pre-encryption, is matched based on the acl,
ef set, then happily(hopefuly) passed on to ipsec and then the WAN.
-jbl
> As an aside, you're also doing twice the work you need to (unless you have
> other traffic arriving on the router already marked EF that you want to
> treat the same as traffic matching ACL 150).
>
> class-map match-all match_voip_dest
> match access-group 150 ! ACL matching Destination PBX
> !
> policy-map qos_for_voip
> class match_voip_dscp
> priority 128
> set ip dscp ef
> class class-default
> fair-queue
> policy-map shape_for_qos
> class class-default
> shape average 248000
> service-policy qos_for_voip
> !
>
> and then apply shape_for_qos outbound on the WAN interface, nothing inbound
> on the LAN gives you the same results for less CPU.
>
> Regards,
More information about the cisco-nsp
mailing list