[c-nsp] Qos pre-classify

Rodney Dunn rodunn at cisco.com
Thu Jun 7 10:05:52 EDT 2007 

What exactly are you trying to accomplish with this configuration?

What type of box is this on? I ask because there are some hooks
to QOS for the HW crypto engines for LLQ.

I have no idea what impact it would have for your scenario
with shaping on the tunnel.

What we really recommend is to have a hierarchical policy on the
phsyical that breaks out the per tunnel shaper.

Rodney


On Thu, Jun 07, 2007 at 02:50:14PM +0100, Ian MacKinnon wrote:
> Hi All,
> 
> Given the config below for a vpn tunnel, when I add the command "qos
> pre-classify" to the crypto map and the tunnel interface, I get really
> bad slowdown of traffic.
> 
> 2. Questions, is anybody using qos pre-classify to prioritise voice?
> And I just wonder if trying to shape the tunnel and shape the phyiscal
> interface is wrong.
> 
> thanks
> 
> policy-map LLQ
>  class voice
>   priority 2000
>  class class-default
>   fair-queue
> policy-map shape
>  class class-default
>   shape average 2000000
>   service-policy LLQ
> 
> crypto map GRE 10 ipsec-isakmp
>  set peer yyy.yyy.yyy.38
>  set transform-set myset1
>  match address 101
> 
> interface Tunnel0
>  ip address 10.1.0.2 255.255.255.252
>  tunnel source xxx.xxx.xxx.130
>  tunnel destination yyy.yyy.yyy.38
>  service-policy output shape
> !
> interface FastEthernet0
>  description wan interface
>  ip address xxx.xxx.xxx.130 255.255.255.252
>  ip nat outside
>  crypto map GRE
>  service-policy output shape
> 
> 
> -- 
> 
> This email and any files transmitted with it are confidential and intended 
> solely for the use of the individual or entity to whom they are addressed.  
> If you have received this email in error please notify the sender. Any 
> offers or quotation of service are subject to formal specification.  
> Errors and omissions excepted.  Please note that any views or opinions 
> presented in this email are solely those of the author and do not 
> necessarily represent those of Lumison, nplusone or lightershade ltd.  
> Finally, the recipient should check this email and any attachments for the 
> presence of viruses.  Lumison, nplusone and lightershade ltd accepts no 
> liability for any damage caused by any virus transmitted by this email.
> 
> -- 
> -- 
> Virus scanned by Lumison.
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/

More information about the cisco-nsp mailing list