My customer wants to apply strict QoS priority policy for traffic destined to VPN server 10.10.10.10 (I used this IP in my configuration below, but it will be public IP in actual configuration), all other traffic should be treated as best effort with lower priority than VPN traffic.
The network is a flat one vlan network with GW as a firewall connected to Internet. The idea is to mark VPN traffic as access ports, then apply QoS at uplink ports and Internet link.
The design I am following is based on the points below:
1- Two queues only
2- For future flexibilities, I am using advanced classifier and not global classifiers
3- Uplink ports are not tagged
The configuration I suggested in below, and I have the following comments:
1- Is this the best way applying this policy?
2- Is there any performance impact by applying service-policy on all ports?
3- Does quoues apply even if the port is not tagged? I am using default mapping and DSCP ef should map to 802.1P 7, but all uplink ports are untagged and customer want to keep it this way as firewall ports are untagged also
class ipv4 "VPN"
10 match ip 0.0.0.0 255.255.255.255 10.10.10.10 0.0.0.0
exit
policy qos "VPN-Policy"
10 class ipv4 "VPN" action dscp ef
default-class action dscp default
!
qos type-of-service diff-services
qos queue-config 2-queues
!
interface 1/1-1/23 service-policy VPN-Policy in
interface 1/24 bandwidth-min output 0 100
!
show qos queue-config
Egress Queue Configuration
Number of Queues : 2
Traffic Template : default-tcgt
802.1p
Queue Priorities
----- ----------
1 0-3
2 4-7
show bandwidth output 1/1
Outbound Guaranteed Minimum Bandwidth Percentage
Port Q1 Q2 Q3 Q4 Q5 Q6 Q7 Q8
----- ------ ------ ------ ------ ------ ------ ------ ------
1/1 0 strict * * * * * *
show qos dscp-map
DSCP Policies
DSCP CodePoint DSCP Value 802.1p tag DSCP Policy name
-------------- ---------- ----------- --------------------------------
000000 0 0 cs0
000001 1 0
000010 2 0
000011 3 0
000100 4 0
000101 5 0
000110 6 0
000111 7 0
001000 8 1 cs1
001001 9 1
001010 10 1 af11
001011 11 1
001100 12 1 af12
001101 13 1
001110 14 1 af13
001111 15 1
010000 16 2 cs2
010001 17 2
010010 18 2 af21
010011 19 2
010100 20 2 af22
010101 21 2
010110 22 2 af23
010111 23 2
011000 24 3 cs3
011001 25 3
011010 26 3 af31
011011 27 3
011100 28 3 af32
011101 29 3
011110 30 3 af33
011111 31 3
100000 32 4 cs4
100001 33 4
100010 34 4 af41
100011 35 4
100100 36 4 af42
100101 37 4
100110 38 4 af43
100111 39 4
101000 40 5 cs5
101001 41 5
101010 42 5
101011 43 5
101100 44 5
101101 45 5
101110 46 7 ef
101111 47 5
110000 48 6 cs6
110001 49 6
110010 50 6
110011 51 6
110100 52 6
110101 53 6
110110 54 6
110111 55 6
111000 56 7 cs7
111001 57 7
111010 58 7
111011 59 7
111100 60 7
111101 61 7
111110 62 7
111111 63 7
Thank you,