nanog mailing list archives
Re: management traffic QoS on Tunnel interfaces
From: Andrey Khomyakov <khomyakov.andrey () gmail com>
Date: Mon, 29 Jul 2013 17:09:55 -0400
Looks like exactly what I'm looking for, but for some reason doesn't work. Below produces 0 packet match. ip ssh prec 2 class-map match-any SSH match ip dscp cs2 match ip precedence 2 As a test I also tried this: ip access-list extended Management_Access remark Play nice with router management traffic permit tcp any range 22 telnet any permit tcp any any range 22 telnet class-map match-any management match access-group name Management_Access policy-map Mark-Local-SSH class management set ip dscp cs2 ip local policy route-map Mark-Local-SSH --- Later on this matches 0 packets in both cases class-map match-any SSH match ip dscp cs2 match ip precedence 2 --Andrey On Mon, Jul 29, 2013 at 3:47 PM, Chuck Church <chuckchurch () gmail com> wrote:
Newer IOS support setting precedence or DSCP for outbound SSH: ip ssh prec 2 Thanks, Chuck -----Original Message----- From: Andrey Khomyakov [mailto:khomyakov.andrey () gmail com] Sent: Monday, July 29, 2013 12:07 PM To: Nanog Subject: management traffic QoS on Tunnel interfaces Hi all, I have been trying to come up with a qos policy (or rather where to apply it) for reserving some bandwidth for management traffic to the local router The setup is that a remote route is a spoke to a DMVPN network, thus has a couple of ipsec gre tunnel interfaces and a Lo0 for management (ssh). I have no issue working out service policy for transiting traffic, however, I can't wrap my head around how to reserve some bandwidth for the locally originated SSH traffic (managing the router). I'd like to mark ssh response packets from the local router (1.1.1.1) with CS2,so i can match them in the tunnel policy shown below. Has anyone come across this task before? interface Loopback0 ip address 1.1.1.1 255.255.255.255 interface Tunnel0 ip address 2.2.2.2 255.255.255.0 qos pre-classify <snip> tunnel source FastEthernet0/0 tunnel mode gre multipoint tunnel protection ipsec profile protect-gre shared ! interface FastEthernet0/0 desc DSL/Cable/FiOS ip address 3.3.3.3 255.255.255.0 bandwidth 768 bandwidth receive 1500 service-policy output SHAPE-OUT-768 ! class-map match-any SSH match ip dscp cs2 ! policy-map SHAPE-OUT-768 class class-default shape average 768000 service-policy SSH ! service-policy SSH class SSH bandwidth percent 5 class class-default fair-queue queue-limit 15 packets --Andrey
Current thread:
- management traffic QoS on Tunnel interfaces Andrey Khomyakov (Jul 29)
- RE: management traffic QoS on Tunnel interfaces Darren O'Connor (Jul 29)
- Re: management traffic QoS on Tunnel interfaces Andrey Khomyakov (Jul 29)
- RE: management traffic QoS on Tunnel interfaces Chuck Church (Jul 29)
- Re: management traffic QoS on Tunnel interfaces Andrey Khomyakov (Jul 29)
- Re: management traffic QoS on Tunnel interfaces Jon Mitchell (Jul 29)
- Re: management traffic QoS on Tunnel interfaces Andrey Khomyakov (Jul 29)
- RE: management traffic QoS on Tunnel interfaces Darren O'Connor (Jul 29)