Comments on: Quality of Service for VPN Part 3 – DMVPN http://blog.ipexpert.com/2010/02/08/quality-of-service-for-vpn-part-3-dmvpn/ CCIE Candidates blog for all technical overviews relating to CCIE R&S, CCIE Voice, CCIE Security & CCIE SP Thu, 09 Feb 2012 17:07:01 +0000 hourly 1 http://wordpress.org/?v=3.1.2 By: Stuart Hare http://blog.ipexpert.com/2010/02/08/quality-of-service-for-vpn-part-3-dmvpn/comment-page-1/#comment-6563 Stuart Hare Thu, 25 Feb 2010 19:18:29 +0000 http://blog.ipexpert.com/?p=2443#comment-6563 Hi Erik, I cant comment on WAAS as I am unfamiliar with the technology, although I expect that using such compression technologies would have a negative effect on the IPSec traffic, thus causing the vpn to fail. Im not quite understanding your design, are you saying that your DMVPN is running across the internet? As explained the policies are not applied at the branch but at the hub site. A possible solution would be to use a policy at the branch end to mark the mentioned traffic, using ip precedence or dscp value in order to give them a hierarchical preference. At the hub you could then match on these dscp or precedence values, to apply a priority queue for citrix for instance, dedicate bandwidth percentage for Sharepoint etc. All depends on the overall network design and what exactly your trying to acheive. Stu Hi Erik,

I cant comment on WAAS as I am unfamiliar with the technology, although I expect that using such compression technologies would have a negative effect on the IPSec traffic, thus causing the vpn to fail.

Im not quite understanding your design, are you saying that your DMVPN is running across the internet?

As explained the policies are not applied at the branch but at the hub site.

A possible solution would be to use a policy at the branch end to mark the mentioned traffic, using ip precedence or dscp value in order to give them a hierarchical preference.
At the hub you could then match on these dscp or precedence values, to apply a priority queue for citrix for instance, dedicate bandwidth percentage for Sharepoint etc.

All depends on the overall network design and what exactly your trying to acheive.

Stu

]]> By: Stuart Hare http://blog.ipexpert.com/2010/02/08/quality-of-service-for-vpn-part-3-dmvpn/comment-page-1/#comment-6562 Stuart Hare Thu, 25 Feb 2010 18:29:48 +0000 http://blog.ipexpert.com/?p=2443#comment-6562 Sorry Smeegs, I have never had a call for manipulating the output in such a way, so never looked into it. Stu Sorry Smeegs,

I have never had a call for manipulating the output in such a way, so never looked into it.

Stu

]]> By: Stuart Hare http://blog.ipexpert.com/2010/02/08/quality-of-service-for-vpn-part-3-dmvpn/comment-page-1/#comment-6561 Stuart Hare Thu, 25 Feb 2010 18:14:21 +0000 http://blog.ipexpert.com/?p=2443#comment-6561 Hi Paulo, The policy is only defined on the Hub device, and is mapped to the group on the hubs tunnel interface. There is no pushing of policies to the spokes. Stu Hi Paulo,

The policy is only defined on the Hub device, and is mapped to the group on the hubs tunnel interface.
There is no pushing of policies to the spokes.

Stu

]]> By: Paulo Roque http://blog.ipexpert.com/2010/02/08/quality-of-service-for-vpn-part-3-dmvpn/comment-page-1/#comment-6517 Paulo Roque Tue, 09 Feb 2010 16:54:28 +0000 http://blog.ipexpert.com/?p=2443#comment-6517 Very helpful post. Thank you. But, I am in doubt ... no policy was created on the spoke side, right? So it means that the policy will be someway pushed to the spoke or the policy will only be applied to the hub-to-spoke traffic? Paulo Roque Very helpful post. Thank you.

But, I am in doubt … no policy was created on the spoke side, right? So it means that the policy will be someway pushed to the spoke or the policy will only be applied to the hub-to-spoke traffic?

Paulo Roque

]]> By: Erik http://blog.ipexpert.com/2010/02/08/quality-of-service-for-vpn-part-3-dmvpn/comment-page-1/#comment-6516 Erik Tue, 09 Feb 2010 15:00:42 +0000 http://blog.ipexpert.com/?p=2443#comment-6516 Hi Stuart, could you elaborate a little more on QoS at the branch considering when branches have a local internet breakout. And to make it a litte more complicated, what if the branch uses WAAS (WAE modules) that explode traffic once "decapsulated". Example: branch with 4mbps internet and dual-hub DMVPN topology (2 tunnels), priority for citrix above https(sharepoint) above email, webbrowsing. Thanks, Erik Hi Stuart, could you elaborate a little more on QoS at the branch considering when branches have a local internet breakout.
And to make it a litte more complicated, what if the branch uses WAAS (WAE modules) that explode traffic once “decapsulated”.
Example: branch with 4mbps internet and dual-hub DMVPN topology (2 tunnels), priority for citrix above https(sharepoint) above email, webbrowsing. Thanks, Erik

]]> By: smeegs http://blog.ipexpert.com/2010/02/08/quality-of-service-for-vpn-part-3-dmvpn/comment-page-1/#comment-6515 smeegs Mon, 08 Feb 2010 21:52:36 +0000 http://blog.ipexpert.com/?p=2443#comment-6515 Hey Stuart, We've been making use of DMVPN groups for a couple months now and I haven't yet found a way to graph the QoS statistics. We had a CBWFQ template in Cacti which works fine, until we moved to groups. I've searched high and low for a new MIB and trawled through the output of a walk and can't find anything. You wouldn't happen to be aware of a way to get the kind of output provided by 'sh policy-map multi' over SNMP? Thanks Hey Stuart,

We’ve been making use of DMVPN groups for a couple months now and I haven’t yet found a way to graph the QoS statistics. We had a CBWFQ template in Cacti which works fine, until we moved to groups. I’ve searched high and low for a new MIB and trawled through the output of a walk and can’t find anything. You wouldn’t happen to be aware of a way to get the kind of output provided by ‘sh policy-map multi’ over SNMP?

Thanks

]]>