management traffic QoS on Tunnel interfaces

Andrey Khomyakov khomyakov.andrey at gmail.com
Mon Jul 29 16:07:19 UTC 2013


Hi all,
I have been trying to come up with a qos policy (or rather where to apply
it) for reserving some bandwidth for management traffic to the local router
The setup is that a remote route is a spoke to a DMVPN network, thus has a
couple of ipsec gre tunnel interfaces and a Lo0 for management (ssh).
I have no issue working out service policy for transiting traffic, however,
I can't wrap my head around how to reserve some bandwidth for the locally
originated SSH traffic (managing the router).

I'd like to mark ssh response packets from the local router (1.1.1.1) with
CS2,so i can match them in the tunnel policy shown below.

Has anyone come across this task before?

interface Loopback0
ip address 1.1.1.1 255.255.255.255

interface Tunnel0
ip address 2.2.2.2 255.255.255.0
qos pre-classify
<snip>
tunnel source FastEthernet0/0
tunnel mode gre multipoint
tunnel protection ipsec profile protect-gre shared
!
interface FastEthernet0/0
desc DSL/Cable/FiOS
ip address 3.3.3.3 255.255.255.0
bandwidth 768
bandwidth receive 1500
service-policy output SHAPE-OUT-768
!
class-map match-any SSH
match ip dscp cs2
!
policy-map SHAPE-OUT-768
 class class-default
 shape average 768000
 service-policy SSH
!
service-policy SSH
 class SSH
   bandwidth percent 5
 class class-default
   fair-queue
   queue-limit 15 packets



--Andrey



More information about the NANOG mailing list