management traffic QoS on Tunnel interfaces
chuckchurch at gmail.com
Mon Jul 29 19:47:15 UTC 2013
Newer IOS support setting precedence or DSCP for outbound SSH:
ip ssh prec 2
From: Andrey Khomyakov [mailto:khomyakov.andrey at gmail.com]
Sent: Monday, July 29, 2013 12:07 PM
Subject: management traffic QoS on Tunnel interfaces
I have been trying to come up with a qos policy (or rather where to apply
it) for reserving some bandwidth for management traffic to the local router
The setup is that a remote route is a spoke to a DMVPN network, thus has a
couple of ipsec gre tunnel interfaces and a Lo0 for management (ssh).
I have no issue working out service policy for transiting traffic, however,
I can't wrap my head around how to reserve some bandwidth for the locally
originated SSH traffic (managing the router).
I'd like to mark ssh response packets from the local router (126.96.36.199) with
CS2,so i can match them in the tunnel policy shown below.
Has anyone come across this task before?
ip address 188.8.131.52 255.255.255.255
ip address 184.108.40.206 255.255.255.0
tunnel source FastEthernet0/0
tunnel mode gre multipoint
tunnel protection ipsec profile protect-gre shared !
ip address 220.127.116.11 255.255.255.0
bandwidth receive 1500
service-policy output SHAPE-OUT-768
class-map match-any SSH
match ip dscp cs2
shape average 768000
bandwidth percent 5
queue-limit 15 packets
More information about the NANOG