[164707] in North American Network Operators' Group
RE: management traffic QoS on Tunnel interfaces
daemon@ATHENA.MIT.EDU (Darren O'Connor)
Mon Jul 29 12:31:49 2013
From: Darren O'Connor <darrenoc@outlook.com>
To: Andrey Khomyakov <khomyakov.andrey@gmail.com>, Nanog <nanog@nanog.org>
Date: Mon, 29 Jul 2013 17:31:21 +0100
In-Reply-To: <CAB31LONedsOhpZRE2idgFjxLY0J_VeRCa1=eYUDV0Zm0-B52mw@mail.gmail.com>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
In this class you are matching:
class-map match-any SSH
match ip dscp cs2
Why not just match an ACL for SSH traffic from the local router back to you=
r management range?
> From: khomyakov.andrey@gmail.com
> Date: Mon=2C 29 Jul 2013 12:07:19 -0400
> Subject: management traffic QoS on Tunnel interfaces
> To: nanog@nanog.org
>=20
> Hi all=2C
> I have been trying to come up with a qos policy (or rather where to apply
> it) for reserving some bandwidth for management traffic to the local rout=
er
> The setup is that a remote route is a spoke to a DMVPN network=2C thus ha=
s a
> couple of ipsec gre tunnel interfaces and a Lo0 for management (ssh).
> I have no issue working out service policy for transiting traffic=2C howe=
ver=2C
> I can't wrap my head around how to reserve some bandwidth for the locally
> originated SSH traffic (managing the router).
>=20
> I'd like to mark ssh response packets from the local router (1.1.1.1) wit=
h
> CS2=2Cso i can match them in the tunnel policy shown below.
>=20
> Has anyone come across this task before?
>=20
> interface Loopback0
> ip address 1.1.1.1 255.255.255.255
>=20
> interface Tunnel0
> ip address 2.2.2.2 255.255.255.0
> qos pre-classify
> <snip>
> tunnel source FastEthernet0/0
> tunnel mode gre multipoint
> tunnel protection ipsec profile protect-gre shared
> !
> interface FastEthernet0/0
> desc DSL/Cable/FiOS
> ip address 3.3.3.3 255.255.255.0
> bandwidth 768
> bandwidth receive 1500
> service-policy output SHAPE-OUT-768
> !
> class-map match-any SSH
> match ip dscp cs2
> !
> policy-map SHAPE-OUT-768
> class class-default
> shape average 768000
> service-policy SSH
> !
> service-policy SSH
> class SSH
> bandwidth percent 5
> class class-default
> fair-queue
> queue-limit 15 packets
>=20
>=20
>=20
> --Andrey
=
