Per Tunnel QoS: NHRP-3-QOS_POLICY_APPLY_FAILED

Hello,
another day another problem :-)
Since I got DMVPN Netzwork up and running for a few month now, the customer wishes to implement voice-over-ip, therefore I tryied to configure Per-Tunnel-QoS  in the DMVPN Network.
The Policy Map on the Hub-Site is as followed:
class-map match-all BULK-DATA match ip dscp af11  af12
class-map match-all INTERACTIVE-VIDEO
match ip dscp af41  af42
class-map match-all VOICE
match ip dscp ef
class-map match-all SCAVENGER
match ip dscp cs1
class-map match-any INTERNETWORK-CONTROL
match ip dscp cs6
match access-group name IKEclass-map match-any CALL-SIGNALING
match ip dscp cs3
match ip dscp af31
class-map match-all TRANSACTIONAL-DATA match ip dscp af21  af22
policy-map voice
class VOICE
    priority percent 18
class INTERACTIVE-VIDEO
    priority percent 15
class CALL-SIGNALING
    bandwidth percent 5
class INTERNETWORK-CONTROL
    bandwidth percent 5
class TRANSACTIONAL-DATA    bandwidth percent 27
    queue-limit 18 packets class BULK-DATA
    bandwidth percent 4
    queue-limit 3 packets class SCAVENGER
    bandwidth percent 1
    queue-limit 1 packets
class class-default
    bandwidth percent 25
    queue-limit 16 packets
The Hub and the Spokes are configured with the proper NHRP Group, but when checking the QoS State, the Spokes appair to be in the right NHRP Group but the QoS service policy is not applied.
Hub#sh dmvpn detailLegend: Attrb --> S - Static, D - Dynamic, I - Incomplete
        N - NATed, L - Local, X - No Socket
        # Ent --> Number of NHRP entries with same NBMA peer
        NHS Status: E --> Expecting Replies, R --> Responding
        UpDn Time --> Up or Down Time for a Tunnel
==========================================================================
Interface Tunnel1 is up/up, Addr. is 192.168.205.1, VRF ""
   Tunnel Src./Dest. addr: 2.2.2.1/MGRE, Tunnel VRF ""   Protocol/Transport: "multi-GRE/IP", Protect "Schmidt-Group"
   Interface State Control: Disabled
Type:Hub, Total NBMA Peers (v4/v6): 1
# Ent  Peer NBMA Addr Peer Tunnel Add State  UpDn Tm Attrb    Target  Network----- --------------- --------------- ----- -------- -----  -----------------
    1        1.1.1.1   192.168.205.2    UP 00:40:52    D   192.168.205.2/32NHRP group: voice
Output QoS service-policy applied: none
Crypto Session Details:--------------------------------------------------------------------------------
Interface: Tunnel1Session: [0x8693F664]
  IKE SA: local 2.2.2.1/500 remote 1.1.1.1/500 Active
          Capabilities:D connid:2001 lifetime:23:19:07
  Crypto Session Status: UP-ACTIVE  fvrf: (none), Phase1_id: 1.1.1.1
  IPSEC FLOW: permit 47 host 2.2.2.1 host 1.1.1.1
        Active SAs: 2, origin: crypto map
        Inbound:  #pkts dec'ed 574 drop 0 life (KB/Sec) 4487723/1147        Outbound: #pkts enc'ed 560 drop 0 life (KB/Sec) 4487725/1147   Outbound SPI : 0xABF33617, transform : esp-256-aes esp-sha-hmac
    Socket State: Open
Pending DMVPN Sessions:
A debugging on QoS events results with the message:
Oct 18 08:20:51.883: %NHRP-3-QOS_POLICY_APPLY_FAILED: Failed to apply QoS  policy voice mapped to NHRP
group voice on interface Tunnel1, to tunnel 1.1.1.1  due to policy installation failure
I'm greatfull for any suggestions or hints!
Kind regards
Thomas

I have the same problem. I found this info, it might be related to your problem. For me, I only have one spoke on my QoS/DMVPN Hub tunnel. However, I am running MPLS-VPN, multiple Hub tunnels connecting to multiple spokes so the policy could be see all spokes connected to my router, not just the hub tunnel.
https://cisco-images.test.edgekey.net/en/US/docs/ios/ios_xe/3/release/notes/asr1k_rn_3s_rel_notes_book_pdf.pdf
CSCts62082
Symptoms: Router generates the following message:%NHRP-3-QOS_POLICY_APPLY_FAILED: Failed to apply QoS policy 10M-shape mapped
to NHRP group xx on interface Tunnelxx, to tunnel x.x.x.x due to policy
installation failureConditions: This symptom is observed when “per-tunnel” QoS is applied and there are more than
nine DMVPN spokes. (Up to eight spokes, with QoS applied is fine.)
Workaround: There is no workaround.

Similar Messages

  • DMVPN Design: Multi-Hub, Router Per-Tunnel QoS

    Some DMVPN questions:
    1) A site I've worked with has about 7 hubs and 5 spokes. This looks at best a bit odd to me. The Cisco design docs all have at most 2 hub sites. Is more than 2 DMVPN hub sites a good idea / bad idea? Pros / cons / drawbacks? I've googled this topic heavily, found little.
    2) If two sites are DMVPN hub sites that have NHRP map statements for  each other, can they both be doing the Per-Tunnel QoS feature to get some QoS shaping towards each other?
    3) What is recommended for DMVPN QoS in general? And for a spoke site where the hub site is doing the Per-Tunnel QoS? Just put some QoS on the physical link?

    Ray,
    There could be multiple reasons for it not to function, the config on hub seems just fine, we'd need to inspect the spokes and check (most likely) in debugs if correct group is being sent from spoke.
    Also coexistance of other service-policy etc etc.
    The feature is quite simple (some level of simplification), spoke says he is in group X when registering, hub assigns this NHRP mapping a service-policy.
    M.

  • Per-Tunnel QoS on a DMVPN Tunnel Not Working.

    Hello, I am trying to get per-Tunnel QoS working on one of my Hub tunnels, and believe to have the configurations correctly, but when I do "show ip nhrp group-map" I get NONE. I am running a MPLS-VPN network and this router has multiple DMVPN Tunnels with different VRFs. I am not running QoS on the other tunnels.
    router#show ip nhrp group-map
    Interface: Tunnel1
    NHRP group: testgroup
      QoS policy: test-QoS
      Tunnels using the QoS policy: None
    here is my config
    interface Tunnel1
    ip vrf forwarding test
    ip address 172.16.1.1 255.255.255.240
    no ip redirects
    ip mtu 1376
    ip nhrp authentication test
    ip nhrp map multicast dynamic
    ip nhrp map group testgroup service-policy output TEST-QoS
    ip nhrp network-id #####
    ip tcp adjust-mss 1200
    load-interval 30
    tunnel source Loopback1
    tunnel mode gre multipoint
    tunnel key #####
    tunnel vrf test_internet
    tunnel protection ipsec profile IPSECPROFILE shared
    Router Version
    (C7200-ADVENTERPRISEK9-M), Version 15.0(1)M3
    I understand that I could do qos pre-classify in the tunnel and then do a service policy on the physical interface, but the question I have is why does it say " Tunnels using the QoS policy: None " when I configured a qos policy on the tunnel interface? Is this a bug?
    Thank you for your help!

    Ray,
    There could be multiple reasons for it not to function, the config on hub seems just fine, we'd need to inspect the spokes and check (most likely) in debugs if correct group is being sent from spoke.
    Also coexistance of other service-policy etc etc.
    The feature is quite simple (some level of simplification), spoke says he is in group X when registering, hub assigns this NHRP mapping a service-policy.
    M.

  • DMVPN per tunnel QOS. show policy-map multipoint not working

    Hi All,
    I have a DMVPN hub which is a 1841 with image c1841-advsecurityk9-mz.151-4.M1.bin .
    I have been using DMVPN and its awesome but now trying to get the QOS sorted out and having issues.
    I have configured the interface like so.
    interface Tunnel1
    ip address 10.255.255.1 255.255.255.0
    no ip redirects
    ip mtu 1400
    ip nhrp authentication xxx
    ip nhrp map multicast dynamic
    ip nhrp map group ADSL1 service-policy output ADSL1
    ip nhrp network-id 1
    ip nhrp redirect
    ip tcp adjust-mss 1360
    no ip split-horizon
    ip ospf 1 area 0
    tunnel source Loopback0
    tunnel mode gre multipoint
    tunnel key 1
    tunnel path-mtu-discovery
    tunnel protection ipsec profile VPN
    end
    policy-map ADSL1
    class class-default
      shape average 1000000
      service-policy Classes
    policy-map Classes
    class Silver
      bandwidth percent 25
      fair-queue
    class Gold
      bandwidth percent 50
      fair-queue
    class Scavanger
      bandwidth percent 5
    class class-default
      fair-queue
    The output of show dmvpn detail shows it has applied the QOS rule.
    NG-SR-WE-RT-2#show dmvpn detail
    Legend: Attrb --> S - Static, D - Dynamic, I - Incomplete
        N - NATed, L - Local, X - No Socket
        # Ent --> Number of NHRP entries with same NBMA peer
        NHS Status: E --> Expecting Replies, R --> Responding, W --> Waiting
        UpDn Time --> Up or Down Time for a Tunnel
    ==========================================================================
    Interface Tunnel1 is up/up, Addr. is 10.255.255.1, VRF ""
       Tunnel Src./Dest. addr: 10.32.0.100/MGRE, Tunnel VRF ""
       Protocol/Transport: "multi-GRE/IP", Protect "VPN"
       Interface State Control: Disabled
    Type:Hub, Total NBMA Peers (v4/v6): 1
    # Ent  Peer NBMA Addr Peer Tunnel Add State  UpDn Tm Attrb    Target Network
        1  x.x.x.x    10.255.255.2    UP    1d18h    D    10.255.255.2/32
    NHRP group: ADSL1
    Output QoS service-policy applied: ADSL1
    but my router cannot run show policy-map multipoint... it doesnt come up with a tab but i can write it in by hand.  Even when i write it in by hand it outputs blank.
    I cut the ADSL1 shape down to 512k and it didnt take affect so i dont think the qos is working at all.
    Is my feature set too low?
    Cheers,
    Simon

    Ray,
    There could be multiple reasons for it not to function, the config on hub seems just fine, we'd need to inspect the spokes and check (most likely) in debugs if correct group is being sent from spoke.
    Also coexistance of other service-policy etc etc.
    The feature is quite simple (some level of simplification), spoke says he is in group X when registering, hub assigns this NHRP mapping a service-policy.
    M.

  • IPSEC Tunnel Protection and per-tunnel QOS shaping doesnt do any shaping.

    I am having a small brain implosion as to why this will not work.
    I have tried the QOS policy on the tunnel interfaces and on the ATM interface. No shaping occurs. The interfaces transmit at their leisure.
    Please can someone having a better day than me tell me what I am doing wrong?
    Below is the relevant (and standard) config. without the service-policy command applied anywhere. Any help appreciated.
    class-map match-any APPSERVERS
     match access-group name TERMINALSERVERS
    class-map match-any VOICE
     match protocol sip
     match protocol rtp
     match  dscp ef
    policy-map QOSPOLICY
     class VOICE
        priority 100
     class APPSERVERS
        bandwidth percent 33
     class class-default
        fair-queue 16
    policy-map TUNNEL
     class class-default
        shape average 350000
      service-policy QOSPOLICY
    interface Tunnel0
     bandwidth 350
     ip address 172.20.58.2 255.255.255.0
     ip mtu 1420
     load-interval 30
     qos pre-classify
     tunnel source Dialer0
     tunnel destination X.X.X.X
     tunnel mode ipsec ipv4
     tunnel path-mtu-discovery
     tunnel protection ipsec profile IPSECPROFILE
    interface Tunnel1
     bandwidth 350
     ip address 172.21.58.2 255.255.255.0
     ip mtu 1420
     load-interval 30
     delay 58000
     qos pre-classify
     tunnel source Dialer0
     tunnel destination Y.Y.Y.Y
     tunnel mode ipsec ipv4
     tunnel path-mtu-discovery
     tunnel protection ipsec profile IPSECPROFILE
    interface ATM0/0/0
     no ip address
     load-interval 30
     no atm ilmi-keepalive
    interface ATM0/0/0.1 point-to-point
     pvc 0/38
      encapsulation aal5mux ppp dialer
      dialer pool-member 1
    interface Dialer0
     bandwidth 400
     ip address negotiated
    Thanks,
    Paul

    Hi mate,
    This is an 1841 with 12.4 (20) but Ive tried it on 15.1 on a 1941 also. I get some measure of traffic reduction but I cannot fathom what it is actually doing.
    In the lab with the 1841 and a flat shaper I get this:
    policy-map SHAPE
     class class-default
        shape average 600000
    interface Tunnel0
     bandwidth 700
     service-policy output SHAPE
    R1#sh policy-map int
     Tunnel0
      Service-policy output: SHAPE
        Class-map: class-default (match-any)
          18664 packets, 26423115 bytes
          30 second offered rate 452000 bps, drop rate 0 bps
          Match: any
          Queueing
          queue limit 64 packets
          (queue depth/total drops/no-buffer drops) 45/0/0
          (pkts output/bytes output) 18659/27808530
          shape (average) cir 600000, bc 2400, be 2400
          target shape rate 600000
    R1#sh policy-map int
     Tunnel0
      Service-policy output: SHAPE
        Class-map: class-default (match-any)
          19044 packets, 26964413 bytes
          30 second offered rate 451000 bps, drop rate 0 bps
          Match: any
          Queueing
          queue limit 64 packets
          (queue depth/total drops/no-buffer drops) 45/0/0
          (pkts output/bytes output) 19039/28378426
          shape (average) cir 600000, bc 2400, be 2400
          target shape rate 600000
    It just holds the data rate around 450 kbps. ??
    Here are the types of results I get when the HQoS is applied to the Tunnel interface in the lab:
    policy-map QOS
     class IP2
        drop
     class IP3
        priority 300
     class class-default
    policy-map TUNNEL
     class class-default
        shape average 600000
      service-policy QOS
    interface Tunnel0
     bandwidth 700
     service-policy output TUNNEL
    R1#sh policy-map int
     Tunnel0
      Service-policy output: TUNNEL
        Class-map: class-default (match-any)
          14843 packets, 20884436 bytes
          30 second offered rate 362000 bps, drop rate 75000 bps
          Match: any
          Queueing
          queue limit 64 packets
          (queue depth/total drops/no-buffer drops) 0/3942/0
          (pkts output/bytes output) 14009/15858326
          shape (average) cir 600000, bc 2400, be 2400
          target shape rate 600000
          Service-policy : QOS
            queue stats for all priority classes:
              Queueing
              queue limit 64 packets
              (queue depth/total drops/no-buffer drops) 0/3942/0
              (pkts output/bytes output) 6464/9540288
            Class-map: IP2 (match-all)
              385 packets, 533940 bytes
              30 second offered rate 28000 bps, drop rate 28000 bps
              Match: access-group 102
              drop
            Class-map: IP3 (match-all)
              10411 packets, 14628188 bytes
              30 second offered rate 191000 bps, drop rate 75000 bps
              Match: access-group 103
              Priority: 300 kbps, burst bytes 7500, b/w exceed drops: 3942
            Class-map: class-default (match-any)
              4047 packets, 5722308 bytes
              30 second offered rate 143000 bps, drop rate 0 bps
              Match: any
              queue limit 64 packets
              (queue depth/total drops/no-buffer drops) 0/0/0
              (pkts output/bytes output) 7545/6318038
    This is after 10 minutes of running transfers to all endpoints to utilise the classes in the policy.
    So why dont we see shaping that moves towards the configured values?
    Thanks.

  • Bidirectional Per Tunnel QoS ?

    Hello,
    I'm running an DMVPN network and just implementet QoS for voice data traffic and priorisation from the hub to the spokes just works fine. But now I'm looking for a solution to get QoS working in the other direction, means from spokes to the hub. Further I need to do dynamic QoS from Spoke to Spoke as the voice traffic is processed by every spoke on its own. I tryed to generally prioritize voice traffic on the spokes with "service-policy output policy-map" but this command is not available to me.
    Did anyone ever configure something like this and would be so kind to give me a hint?
    Greetings
    Thomas

    Ray,
    There could be multiple reasons for it not to function, the config on hub seems just fine, we'd need to inspect the spokes and check (most likely) in debugs if correct group is being sent from spoke.
    Also coexistance of other service-policy etc etc.
    The feature is quite simple (some level of simplification), spoke says he is in group X when registering, hub assigns this NHRP mapping a service-policy.
    M.

  • DMVPN Per Spoke QOS ServicePolicy Limit

    I want to impliment per spoke QOS using isakmp profiles and service policy.
    My problem is that I have more than 64 tunnels and I understand that service policy configurations are limited to one level of nesting and only 64 classifications.
    Does anyone have experience of per spoke QOS greater than 64 flows?

    Only if you show me yours for > 64 flows
    LOL

  • Per user QoS Policy in ASA

    is there a way to configure per user QoS Policy in ASA?
    I need this because to configure ssl vpn users to have different bandwidth

    Hi,
    Please can you explain me how "per SSL VPN group basis" is going to work.
    For my requirement that per group policy is also OK. Then it is needed to configure bandwidth limiters per group policy.
    thanks & regards
    Chandana

  • [svn:bz-trunk] 8678: Bug: BLZ-255 - trader desktop sample with per-client-qos-polling-amf channel is confusing

    Revision: 8678
    Author:   [email protected]
    Date:     2009-07-20 01:20:31 -0700 (Mon, 20 Jul 2009)
    Log Message:
    Bug: BLZ-255 - trader desktop sample with per-client-qos-polling-amf channel is confusing
    QA: No
    Doc: No
    Ticket Links:
        http://bugs.adobe.com/jira/browse/BLZ-255
    Modified Paths:
        blazeds/trunk/apps/samples/WEB-INF/flex-src/traderdesktop/src/traderdesktop.mxml

  • 4500 Aggregate policers and Per-Port Per-VLAN QoS

    Hello,
    I want to limit the aggregate traffic of multiple VLANs on a trunk using an aggregate policer. I also need Per-Port Per-VLAN QoS for other VLANs on the same trunk.
    To cut a long story short, will the example config below work?
    qos aggregate-policer pol_aggr_10Mbit 10m 12.5k conform-action transmit exceed-action drop
    policy-map Aggr_10Mbit
    class class-default
    police aggregate pol_aggr_10Mbit
    policy-map Limit_10M
    class class-default
    police 10m 12.5k conform-action transmit exceed-action drop
    interface GigabitEthernetx/y
    switchport trunk encapsulation dot1q
    switchport mode trunk
    ! Aggregate 10Mbit VLANs
    vlan-range 208, 316, 909
    service-policy output Aggr_10Mbit
    ! 10 Mbit VLANs
    vlan range 20, 50-100
    service-policy output Limit_10M
    Regards, Jan

    Your config looks good . Actually Per-port per-VLAN QoS (PVQoS) offers differentiated quality-of-services to individual VLANs on a trunk port. It enables service providers to rate limit individual VLAN-based services on each trunk port to a business or a residence. In an enterprise Voice-over-IP environment, it can be used to rate limit voice VLAN even if an attacker impersonates an IP phone. A per-port per-VLAN service policy can be separately applied to either ingress or egress traffic.

  • Per session QoS for LNS

    We have some LNSs running 12.4 SP Services, running with the following config (qos specific lines and currently not working):
    class-map match-all voice-signaling
    match access-group 101
    class-map match-all voice-traffic
    match access-group 102
    policy-map sub-policy
    class voice-traffic
    priority 240
    class voice-signaling
    bandwidth 16
    policy-map XXX_qos-voice
    class class-default
    shape average 256000
    fair-queue
    service-policy sub-policy
    interface Virtual-Template1
    ip unnumbered Loopback0
    ip mroute-cache
    no peer default ip address
    ppp authentication chap
    no clns route-cache
    access-list 101 remark -- SCCP/H323/MGCP/SIP --
    access-list 101 permit tcp any any range 2000 2002
    access-list 101 permit tcp any any eq 1720
    access-list 101 permit tcp any any range 11000 11999
    access-list 101 permit udp any any eq 2427
    access-list 101 permit udp any any eq 4569
    access-list 101 permit udp any any eq 5036
    access-list 101 permit udp any any eq 5060
    access-list 102 remark -- RTP Traffic --
    access-list 102 permit udp any any range 16384 32767
    in the feature set for the IOS currently running it suggests this configuration should work, however it will not apply the policy via the Cisco-AVPair command (the command is visible via the debug AAA per user so radius is working, even when we test it by applying the service-policy to the actual virtual-template it errors saying it will only work on an MPL bundle. From what I have read it is suggested that even though this feature is supposed to work, it does not in practice and an upgrade to a feature set which includes QoS:per session shaping and queueing on LNS is needed.
    If anyone has any experience of the or has any suggestion of if we can achieve our QoS for voice per session with the current IOS that would be great.

    This feature is not related to the NPE type. This feature is performance impacting so you should do some tests to see if your NPE-400 can support the number of L2TP tunnels you want with this feature enabled. If it's not the case, you will have to upgrade your NPE.
    HTH
    Laurent.

  • GRE Tunnel QoS

    Hi
    I am looking for adding QoS for GRE Tunnel and found this info
    Where Do I Apply the Service Policy?
    You can apply a service policy to either the tunnel interface or to the underlying physical interface. The decision of where to apply the policy depends on the QoS objectives. It also depends on which header you need to use for classification.
    Apply the policy to a physical interface and enable qos-preclassify on a tunnel interface when you want to classify packets based on the pre-tunnel header.
    In our environment, I am using service policy under serial interface, the source interface of Tunnel is F0/0, so from above info, which interface is "physical interface" for my case, serial or F0/0 ?
    Thanks. Leo

    Hello
    You should determine which one is the physical interface by checking which interface (again, physical) will be used to router GRE packets towards the destination.
    For instance, you state that your tunnel configuration is as follows:
    interface Tunnel0
    ip address 10.0.0.1 255.255.255.252
    tunnel source FastEthernet0/0
    tunnel destination 192.168.1.1
    If the destination ip 192.168.1.1 is routed via your serial interface, then the physical interface that you will use to apply your Output service policy is SerialX/X.
    Your setup seems correct. You only need to review if your policies are correctly configured for the pre-gre header or the GRE encapsulated packets (as stated in the documentation
    Adolfo

  • MPLS Per VRF QOS

    Our WAN cloud will be a mesh between 3 campuses. Our provider will provide Layer 2 transport services, 1Gbps, FIFO. At each campus I will be running 2821 for WAN edge.
    All services will be converged onto this WAN, Voice, Video, Data.
    At each campus runs 3750 or 6513 as Campus Core peering 2821's. Each campus will be running VRF-Lite. My goal is to become the MPLS service provider for the college. The 2821's are the PE devices and the Campus Core's are the CE devices. Example, Voice will have it's own VRF at each respective site, each vrf will learn routes from other voice vrf's from the 2821's. Currently the 2821's peer each other iBGP. I want to be able to allocate portions of bandwidth (1Gb) for each VRF on the WAN and queue the traffic within each VRF.

    Hi,
    You need to configure normal QoS, remark the triple play traffic (data voice video) in ingress interface on the switch and implement queuing and bandwidth reservation out the egress interface of the router.
    Regards,
    W.Amer

  • DMVPN QoS Configuration over sat link

    Hi everyone, having one of those days where I cant seem to see the trees through the forest! Hopefully someone can point the way :)
    We have a DMVPN setup with Hub & spoke, 3 remote sites over satellite but the remote sites internet traffic does not come over the vpn, it goes out via the ISP.
    One particular site we've been having flooding and packet loss issues with has now been increased from 256k to a 512Kb Cir and the ISP has allowed a 1536 burst - this is where im confused most!
    Almost all examples of QoS i see is to limit/restrict the flow to less than the provider CIR is allowing to avoid them dropping packets, so in this scenario, how do I make the most of the burst rate?
    The DMVPN is currently set up with QoS policies via IP nhrp map groups, shaping the tunnel to 256k then child maps prioritizing mgmt, Skype etc. Although this seems like a great idea, im being led to believe I should just have qos pre-classify on the tunnel and set the policy-map on the Internet interface, but what I cant work out is how to prioritize or allocate most of the bandwidth to the tunnel for 'work related' purposes and limiting web browsing as currently it seems http/https traffic it taking all the bandwidth!
    If I don't use the bandwidth command on the physical interface it appears it believes it has 100m, so I think I need to set it 512k but not sure how to utilize the burst.
    Then im guessing I should use something like priority percent and shape average percent to prioritize tunnel traffic over http but does qos then need to be configured on the Hub somewhere as well?
    If anyone has a similar setup and can provide example config that would be great.
    Any assistance is greatly appreciated, please let me know if you want any configs/outputs.
    Cheers,
    Kev

    Thanks for the reply Marcin, however that doesn't really answer my question(s).
    I am fully aware of per tunnel qos as well as HQos, im just no expert in either!
    I understand that per tunnel qos applies the settings to the tunnel, but anything Not going via the tunnel will not have any qos applied and that currently seems to be the issue, naughty streaming media and http/https traffic flooding the link!
    Using Hqos will apply to the whole link, but it seems I need qos-pre classify on the tunnel to apply before it gets encrypted, or should I just prioritise all GRE so that all tunnel traffic gets priority?
    Perhaps I just have my settings too low, http(s) traffic takes all it can leaving work related tunnel traffic, email etc starved of BW.
    If anyone has any example configs of similar setups that would be much appreciated, its easier for me to reverse engineer! :)
    cheers,
    Kev

  • DMVPN dual hub - qos preclasify limitation

    Hi,
    Reading the DMVPN design guide I found: "qos pre-classify is not supported in an architecture that implements two different headends for mGRE tunnels and VPN tunnels."
    http://www.cisco.com/application/pdf/en/us/guest/netsol/ns171/c649/ccmigration_09186a008075ea98.pdf
    Currently i am using a single headed DMVPN design with qos preclasify configured on the hub and voice works just perfect. My concern is with regards to implementing  a secondary hub for redundancy. How will the qos be handled if the qos preclasify is not supported?
    Thanks,

    I'm not aware of any limiation if you're using two separate tunnel interfaces (as opposed to two NHRP mappings on a single tunnel interface).
    Nor does:
    http://www.cisco.com/en/US/docs/ios-xml/ios/sec_conn_dmvpn/configuration/15-2mt/sec-conn-dmvpn-per-tunnel-qos.html#GUID-182BD32F-56D4-479C-BFEF-B9738291E046
    mention any.
    If in doubt, please open a TAC case.

Maybe you are looking for

  • [Forum FAQ] How to deploy applications remotely

    In some situations, we may need some ways to install applications remotely, here we summarize four general ways to deploy applications. 1. Using PowerShell to install We can use the Win32_Product class to install Windows Installer packages, remotely

  • Error when trying to sync iPod touch 32 GB 4G to iTunes with Windows 7

    I'm getting two errors when I try to sync my son's 32 GB iPod touch (4th generation) to iTunes. The device doesn't show up and the touch starts chirping consistently. Here are the two errors: iTunes could not connect to this iPhone because an unknown

  • Adding a new column in a CREATE -- AS SELECT statement

    I am creating a table using a select from an existing table. I wish to also add one new column (with null values for all records). Is this possible? What would the syntax be for this column? Thanks, Kevin

  • Azure cloud services vs Dedicated servers

    I have been searching for an article about advantages/disadvantages about using cloud services (Azure in this case) or a dedicated server but have not found anything concrete. What I see is that there are dedicated servers with much more capacity (8M

  • Why can I not download itunes

    I had to uninstall itunes and now I cannot re-install it.  Why