management traffic QoS on Tunnel interfaces

• Previous message (by thread): management traffic QoS on Tunnel interfaces
• Next message (by thread): management traffic QoS on Tunnel interfaces
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Looks like exactly what I'm looking for, but for some reason doesn't work.
Below produces 0 packet match.

ip ssh prec 2

class-map match-any SSH
 match ip dscp cs2
 match ip precedence 2


As a test I also tried this:



ip access-list extended Management_Access
 remark Play nice with router management traffic
 permit tcp any range 22 telnet any
 permit tcp any any range 22 telnet

class-map match-any management
 match access-group name Management_Access

policy-map Mark-Local-SSH
 class management
  set ip dscp cs2

ip local policy route-map Mark-Local-SSH

---
Later on this matches 0 packets in both cases
class-map match-any SSH
 match ip dscp cs2
 match ip precedence 2





--Andrey


On Mon, Jul 29, 2013 at 3:47 PM, Chuck Church <chuckchurch at gmail.com> wrote:

> Newer IOS support setting precedence or DSCP for outbound SSH:
>
> ip ssh prec 2
>
>
> Thanks,
>
> Chuck
>
> -----Original Message-----
> From: Andrey Khomyakov [mailto:khomyakov.andrey at gmail.com]
> Sent: Monday, July 29, 2013 12:07 PM
> To: Nanog
> Subject: management traffic QoS on Tunnel interfaces
>
> Hi all,
> I have been trying to come up with a qos policy (or rather where to apply
> it) for reserving some bandwidth for management traffic to the local router
> The setup is that a remote route is a spoke to a DMVPN network, thus has a
> couple of ipsec gre tunnel interfaces and a Lo0 for management (ssh).
> I have no issue working out service policy for transiting traffic, however,
> I can't wrap my head around how to reserve some bandwidth for the locally
> originated SSH traffic (managing the router).
>
> I'd like to mark ssh response packets from the local router (1.1.1.1) with
> CS2,so i can match them in the tunnel policy shown below.
>
> Has anyone come across this task before?
>
> interface Loopback0
> ip address 1.1.1.1 255.255.255.255
>
> interface Tunnel0
> ip address 2.2.2.2 255.255.255.0
> qos pre-classify
> <snip>
> tunnel source FastEthernet0/0
> tunnel mode gre multipoint
> tunnel protection ipsec profile protect-gre shared !
> interface FastEthernet0/0
> desc DSL/Cable/FiOS
> ip address 3.3.3.3 255.255.255.0
> bandwidth 768
> bandwidth receive 1500
> service-policy output SHAPE-OUT-768
> !
> class-map match-any SSH
> match ip dscp cs2
> !
> policy-map SHAPE-OUT-768
>  class class-default
>  shape average 768000
>  service-policy SSH
> !
> service-policy SSH
>  class SSH
>    bandwidth percent 5
>  class class-default
>    fair-queue
>    queue-limit 15 packets
>
>
>
> --Andrey
>
>

• Previous message (by thread): management traffic QoS on Tunnel interfaces
• Next message (by thread): management traffic QoS on Tunnel interfaces
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]