[c-nsp] Qos pre-classify

Ian MacKinnon ian.mackinnon at lumison.net
Thu Jun 7 10:25:57 EDT 2007 

Rodney Dunn wrote:
> What exactly are you trying to accomplish with this configuration?
> 
IPSec tunnel between 2 sites over shared infrastructure.

> What type of box is this on? I ask because there are some hooks
> to QOS for the HW crypto engines for LLQ.
1812 running 12.4(11)T2

> 
> I have no idea what impact it would have for your scenario
> with shaping on the tunnel.
> 
> What we really recommend is to have a hierarchical policy on the
> phsyical that breaks out the per tunnel shaper.

Not clear what you mean here, I want to shape the physical to 2M with
all of that available as 2M priority voice.

It was non priority traffic that was being badly affected, but there was
not 2M of voice at the same time.

> 
> Rodney
> 
> 
> On Thu, Jun 07, 2007 at 02:50:14PM +0100, Ian MacKinnon wrote:
>> Hi All,
>>
>> Given the config below for a vpn tunnel, when I add the command "qos
>> pre-classify" to the crypto map and the tunnel interface, I get really
>> bad slowdown of traffic.
>>
>> 2. Questions, is anybody using qos pre-classify to prioritise voice?
>> And I just wonder if trying to shape the tunnel and shape the phyiscal
>> interface is wrong.
>>
>> thanks
>>
>> policy-map LLQ
>>  class voice
>>   priority 2000
>>  class class-default
>>   fair-queue
>> policy-map shape
>>  class class-default
>>   shape average 2000000
>>   service-policy LLQ
>>
>> crypto map GRE 10 ipsec-isakmp
>>  set peer yyy.yyy.yyy.38
>>  set transform-set myset1
>>  match address 101
>>
>> interface Tunnel0
>>  ip address 10.1.0.2 255.255.255.252
>>  tunnel source xxx.xxx.xxx.130
>>  tunnel destination yyy.yyy.yyy.38
>>  service-policy output shape
>> !
>> interface FastEthernet0
>>  description wan interface
>>  ip address xxx.xxx.xxx.130 255.255.255.252
>>  ip nat outside
>>  crypto map GRE
>>  service-policy output shape
>>

-- 

This email and any files transmitted with it are confidential and intended 
solely for the use of the individual or entity to whom they are addressed.  
If you have received this email in error please notify the sender. Any 
offers or quotation of service are subject to formal specification.  
Errors and omissions excepted.  Please note that any views or opinions 
presented in this email are solely those of the author and do not 
necessarily represent those of Lumison, nplusone or lightershade ltd.  
Finally, the recipient should check this email and any attachments for the 
presence of viruses.  Lumison, nplusone and lightershade ltd accepts no 
liability for any damage caused by any virus transmitted by this email.

-- 
-- 
Virus scanned by Lumison.

More information about the cisco-nsp mailing list