management traffic QoS on Tunnel interfaces
Chuck Church
chuckchurch at gmail.com
Mon Jul 29 19:47:15 UTC 2013
Newer IOS support setting precedence or DSCP for outbound SSH:
ip ssh prec 2
Thanks,
Chuck
-----Original Message-----
From: Andrey Khomyakov [mailto:khomyakov.andrey at gmail.com]
Sent: Monday, July 29, 2013 12:07 PM
To: Nanog
Subject: management traffic QoS on Tunnel interfaces
Hi all,
I have been trying to come up with a qos policy (or rather where to apply
it) for reserving some bandwidth for management traffic to the local router
The setup is that a remote route is a spoke to a DMVPN network, thus has a
couple of ipsec gre tunnel interfaces and a Lo0 for management (ssh).
I have no issue working out service policy for transiting traffic, however,
I can't wrap my head around how to reserve some bandwidth for the locally
originated SSH traffic (managing the router).
I'd like to mark ssh response packets from the local router (1.1.1.1) with
CS2,so i can match them in the tunnel policy shown below.
Has anyone come across this task before?
interface Loopback0
ip address 1.1.1.1 255.255.255.255
interface Tunnel0
ip address 2.2.2.2 255.255.255.0
qos pre-classify
<snip>
tunnel source FastEthernet0/0
tunnel mode gre multipoint
tunnel protection ipsec profile protect-gre shared !
interface FastEthernet0/0
desc DSL/Cable/FiOS
ip address 3.3.3.3 255.255.255.0
bandwidth 768
bandwidth receive 1500
service-policy output SHAPE-OUT-768
!
class-map match-any SSH
match ip dscp cs2
!
policy-map SHAPE-OUT-768
class class-default
shape average 768000
service-policy SSH
!
service-policy SSH
class SSH
bandwidth percent 5
class class-default
fair-queue
queue-limit 15 packets
--Andrey
More information about the NANOG
mailing list