Adaptive QoS over DMVPN

Adaptive QoS over Dynamic Multipoint VPN (DMVPN) ensures effective bandwidth management using dynamic shapers based on available bandwidth. This feature enables various QoS features to adapt to non service-level agreement (SLA) based environments where bandwidth is variable and fluctuate with time.

Finding Feature Information

Your software release may not support all the features documented in this module. For the latest caveats and feature information, see Bug Search Tool and the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the feature information table at the end of this module.

Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/​go/​cfn. An account on Cisco.com is not required.

Prerequisites for Adaptive QoS over DMVPN

Adaptive QoS over DMVPN can be enabled either on hub or spoke or both. To enable feature at a spoke side, the spoke must support basic egress per-SA QoS policy.

Internet Protocol Security (IPSec) is required and must be configured before Adaptive QoS is enabled on the DMVPN tunnel.

Restrictions for Adaptive QoS over DMVPN

The Adaptive QoS over DMVPN feature configuration is:
  • Supported only on DMVPN tunnels
  • Allowed only on egress direction
  • Allowed only in parent most policy that has class-default only
  • Not supported on Point-to-Point tunnels
  • Adaptive QOS is not supported on Cisco IWAN 2.1

Information About Adaptive QoS over DMVPN

Overview of Adaptive QoS over DMVPN

Enterprise networks are increasingly using the Internet as form of WAN transport, therefore QoS models needs to be revisited. QoS works effectively when deployed in an service-level agreement (SLA) environment today, like Multiprotocol Label Switching (MPLS) . The available bandwidth on the internet at a given point of time can vary, and can be often much lesser than the actual bandwidth offered by the service provider. In cases of non SLA environments, QoS has limitations - mainly because it cannot predict changing bandwidth on the link.

Cisco Intelligent WAN (IWAN) recommends using Dynamic Multipoint VPN (DMVPN) over Internet to connect branches to the data center or headquarters, and QoS to be deployed in such environments of fluctuating bandwidth. Currently, the shapers that are applied as part of the egress QoS policy are static in value - they are configured based on the service provider bandwidth offering, they do not change with time and hence do not reflect the actual available Internet bandwidth. In many instances where Internet available bandwidth becomes much lesser than the offered bandwidth, the shapers become irrelevant as they do not adapt to the varying bandwidth. Due to the static value of the shapers, application traffic gets dropped indiscriminately at the Internet core, nullifying the very need to have configured a QoS policy to protect critical traffic.

DMVPN provides the ability to do QoS per-tunnel, which means a QoS policy can be applied at the hub towards a specific spoke, to ensure a high bandwidth hub does not overrun a low capacity spoke. However, these QoS policies still work with static shapers per spoke. If the bandwidth towards a particular spoke fluctuates, the shapers towards the spokes do not adapt. Also, it is not possible today to configure a QoS policy for the traffic from the spoke towards the hub, which is very common in many retail-like environments.

The Adaptive QoS over DMVPN feature provides the following benefits:
  • Adjusts the shaper parameters based on the actual available Internet bandwidth in both directions that is periodically computed.

  • Allows to configure a QoS policy on the spoke towards the hub.

  • Ensures better control of application performance at the enterprise edge even in changing bandwidth scenarios over the Internet.

  • Allows aggregate tunnel shape adaptation to provide effective bandwidth between spoke and hub.

Adaptive QoS for Per-Tunnel QoS over DMVPN

Per-tunnel QoS over DMVPN can be configured on the hub towards the spoke today using Next Hop Resolution Protocol (NHRP) groups. The QoS policies contain static shapers. With Adaptive QoS, the framework of per tunnel QoS configuration remains the same, but the shaper can be an adaptive one as shown in the following figure. These shapers would adapt automatically based on the changing Internet bandwidth that is periodically computed using an algorithm.

Figure 1. Adaptive QoS for Per-Tunnel QoS over DMVPN



Workflow of Adaptive QoS

The Adaptive QoS over DMVPN feature adapts shaping rate at the Sender based on the available bandwidth between specific Sender and Receiver (two end-points of a DMVPN tunnel).

Figure 2. Workflow of Adaptive QoS



At the Sender:

  • Configure MQC Policy with Adaptive shaping

  • Attach service-policy to nhrp-group in Egress

At the Receiver:

Create state for periodic collection of stats on a relevant target

How to Configure Adaptive QoS over DMVPN


Note


Configure the Per-Tunnel QoS for DMVPN before configuring the Adaptive QoS over DMVPN feature, as Adaptive QoS over DMVPN feature is an enhancement to the Per-Tunnel QoS for DMVPN feature.

Note


For details on configuring the Per-Tunnel QoS for DMVPN feature, refer to Per-Tunnel QoS for DMVPN .

Configuring Adaptive QoS for DMVPN

SUMMARY STEPS

    1.    enable

    2.    configure terminal

    3.    policy-map parent-policy-name

    4.    class class-default

    5.    shape adaptive { upper-bound bps |percent percentage }[lower-bound bps| percent percentage]

    6.    end

    7.    configure terminal

    8.    interface tunnel tunnel-id

    9.    nhrp map group group-name service-policy output parent-policy-name

    10.    end


DETAILED STEPS
     Command or ActionPurpose
    Step 1 enable


    Example:
    Router> enable
     

    Enables privileged EXEC mode.

    • Enter your password if prompted.

     
    Step 2 configure terminal


    Example:
    Router# configure terminal
     

    Enters global configuration mode.

     
    Step 3 policy-map parent-policy-name


    Example:
    Router(config)# policy-map example
     

    Creates or modifies a child policy map and enters policy-map configuration mode.

    • Enter the name of the child policy map.

     
    Step 4 class class-default


    Example:
    Router(config-pmap)# class class-default
     

    This step associates the traffic class with the traffic policy. Configures the default class map and enters policy-map class configuration mode.

     
    Step 5 shape adaptive { upper-bound bps |percent percentage }[lower-bound bps| percent percentage]


    Example:
    Router(config-pmap-c)# shape adaptive upper-bound 20000
     

    Creates a specific adaptive shaper that has upper bound on the rate and optionally lower bound on the rate.

    Note    When such a template is attached to a target, adaptive shaping is enabled for that instance. Shaping rate adapts to a new rate, that is a function of parameters, including peer's received rate.
     
    Step 6 end


    Example:
    Router(config-pmap-c)# end
     

    Returns to privileged EXEC mode.

     
    Step 7 configure terminal


    Example:
    Router# configure terminal
     

    Enters global configuration mode.

     
    Step 8 interface tunnel tunnel-id


    Example:
    Router(config)# interface tunnel 0
     

    Configures an interface type and enters interface configuration mode.

    • Enter the interface type and interface number.

     
    Step 9 nhrp map group group-name service-policy output parent-policy-name


    Example:
    Router(config-if)# nhrp map group 1 service-policy output example
     

    Adds the NHRP group to the QoS policy map on the hub.

     
    Step 10 end


    Example:
    Router(config-if)# end
     

    Returns to privileged EXEC mode.

     

    Verifying the Adaptive QoS over DMVPN

    SUMMARY STEPS

      1.    enable

      2.    show dmvpn

      3.    show policy-map [policy-map-name]

      4.    show policy-map multipoint

      5.    exit


    DETAILED STEPS
       Command or ActionPurpose
      Step 1 enable


      Example:
      Router> enable
       

      Enables higher privilege levels, such as privileged EXEC mode.

      • Enter your password if prompted.

       
      Step 2show dmvpn


      Example:
      Router# show dmvpn
       

      Displays detailed DMVPN information for each session, including the Next Hop Server (NHS) and NHS status, crypto session information, and socket details. Also displays the NHRP group received from the spoke and the QoS policy applied to the spoke tunnel.

       
      Step 3show policy-map [policy-map-name]

      Example:
      Router# show policy-map example
       

      Displays the configuration of all classes for a specified policy map or of all classes for all existing policy maps.

       
      Step 4show policy-map multipoint


      Example:
      Router# show policy-map tunnel 0
       

      (Optional) Displays the statistics and the configurations of the input and output policies that are attached to an interface.

       
      Step 5 exit


      Example:
      Router(config-if)# exit
       

      (Optional) Returns to user EXEC mode.

       

      Troubleshooting the Adaptive QoS over DMVPN

      SUMMARY STEPS

        1.    enable

        2.    debug qos peer mon detail

        3.    debug qos peer rate detail


      DETAILED STEPS
         Command or ActionPurpose
        Step 1 enable


        Example:
        Router> enable
         

        Enables higher privilege levels, such as privileged EXEC mode.

        • Enter your password if prompted.

         
        Step 2debug qos peer mon detail


        Example:
        Router# debug qos peer mon detail
         

        Displays debug messages for Adaptive QoS over DMVPN.

         
        Step 3debug qos peer rate detail


        Example:
        Router# debug qos peer rate detail
         

        Displays debug messages for Adaptive QoS over DMVPN.

         

        Configuration Examples for Configuring Adaptive QoS over DMVPN

        Example Configuring Adaptive QoS over DMVPN

        The following example shows how to configure Adaptive QoS over DMVPN:

        Router(config)# policy-map example
        Router(config-pmap)# class class-default
        Router(config-pmap-c)# shape adaptive upper-bound 20000
        Router(config-pmap-c)# end
        Router# configure terminal
        Router(config)# interface tunnel 0
        Router(config-if)# nhrp map group 1 service-policy output example
        Router(config-if)# end
        

        Example Verifying Adaptive QoS over DMVPN

        The show policy-map and show policy-map interface commands can be used to confirm that the Adaptive QoS over DMVPN feature is enabled at an interface.

        The following is a sample output of the show dmvpn command:
        Router# show dmvpn
        
        
        
        Interface: Tunnel1, IPv4 NHRP Details
        Type: Hub, NHRP Peers:1,
        
        # Ent  Peer NBMA Addr   Peer Tunnel Add   State UpDn Tm    Attrb 
         ----- ------------- ----------------     ----- ------- 	 ----- 
          1    10.1.1.1          10.10.1.2        UP    00:18:37   D
        
        
        Interface: Tunnel2, IPv4 NHRP Details
        Type: Hub, NHRP Peers:1,
        
        # Ent Peer NBMA Addr   Peer Tunnel Add   State  UpDn Tm  Attrb 
        ----- ---------------  --------------    ------  -------  -------
        
          1  10.2.1.1          10.10.2.2        UP     00:22:09  D
        
        
        Interface: Tunnel3, IPv4 NHRP Details
        Type: Hub, NHRP Peers:1,
         
        # Ent Peer NBMA Addr   Peer Tunnel Add   State  UpDn Tm  Attrb 
        ----- --------------   ---------------   ------ -------   ---- 
           1  10.3.1.1         10.10.3.2         UP     00:22:04   D
        
        
        Interface: Tunnel4, IPv4 NHRP Details
        Type: Hub, NHRP Peers:1,
         
        # Ent Peer NBMA Addr   Peer Tunnel Add   State UpDn Tm  Attrb 
        ----- --------------   ----------------  -----  ------  ----
          1    10.3.1.1        10.10.3.2         UP   00:22:01   D
        

        The following is a sample output of the show policy-map command:

        Router# show policy-map
         
            
        Policy Map test
            Class class-default
              Adaptive Rate Traffic Shaping
              cir upper-bound 2120000 (bps) cir lower-bound 1120000 (bps)  
        
        

        The following is a sample output of the show policy-map multipoint command:

        Router# show policy-map multipoint
          
         Service-policy output: test
        
        		Class-map: class-default (match-any)
        		 0 packets, 0 bytes
         		5 minute offered rate 0000 bps, drop rate 0000 bps
         		Match: any
         		Queueing
         		queue limit 64 packets
         		(queue depth/total drops/no-buffer drops)0/0/0
           (pkts output/bytes output) 0/0
         		shape (adaptive) cir 2120000,bc 8480, be 8480
         		lower bound cir 2120000
         		target shape rate 2120000
        

        Note


        One of the important parameters displayed as an output of the show policy-map multipoint command is target shape rate. The Adaptive QoS over DMVPN feature dynamically changes the value of the target shape rate to adapt to the available bandwidth.


        Example for Troubleshooting Adaptive QoS over DMVPN

        The debug qos peer mon detail and debug qos peer rate detail commands can be used to display any errors for the Adaptive QoS over DMVPN feature.

        The following is a sample output of the debug qos peer mon detail command:

        Router# debug qos peer mon detail
        
        QoS peer remote monitoring debugging is on
         
        Router#
        
        *May 22 21:25:28.006 UTC: [SEND]Processing entry with address : 50.1.1.2,vrfid : 0 sending rate(delta bytes) : 1514
        *May 22 21:25:28.006 UTC: [SEND]Processing entry with address : 50.1.1.3,vrfid : 0 sending rate(delta bytes) : 1598
        *May 22 21:25:28.201 UTC: [RCV]Received message for interface Tunnel1 address 50.1.1.2 vrf 0
        *May 22 21:25:28.201 UTC: 
        fdiff : 20517, sdiff : 19661, cur_dif : 3318, cum_diff : 20907
        
        *May 22 21:25:28.201 UTC: qos_rate_status_update -- 392
        *May 22 21:25:28.201 UTC: Last count : 128650
        
         
        

        The following is a sample output of the debug qos peer rate detail command:

        Router# debug qos peer rate detail 
         
            
         *May 22 21:34:32.456 UTC: [RCV]Received message for interface Tunnel1 address 50.1.1.3 vrf 0
         *May 22 21:34:32.456 UTC: Enter qos_process_remote_rate_message:
         *May 22 21:34:32.456 UTC: Message for tun with o_ip : 50.1.1.3 tun t_ip : 13.1.1.1
         *May 22 21:34:32.456 UTC: [RCV]<DELTA>Message remote rate value is 116730f_cum_diff: 140155, s_cum_diff: 135612
         HoldTh: 5000, CurTh: 11250
         Gonna Go Up f_cum_diff: 140155, s_cum_diff: 135612 
         Yes increasing
         Suggested rate: 120000
        
         *May 22 21:34:32.456 UTC: rx_bytes = 116730, tx_bytes = 125282, Suggested rate = 120000
         *May 22 21:34:32.456 UTC: Exiting : 1
        
         
        
        

        Additional References

        The following sections provide references related to the Control Plane Logging feature.

        Related Documents

        Related Topic

        Document Title

        NHRP MIB

        Dynamic Multipoint VPN Configuration Guide

        QoS commands: complete command syntax, command modes, command history, defaults, usage guidelines, and examples

        Cisco IOS Quality of Service Solutions Command Reference

        QoS feature overview

        Quality of Service Overview module

        Per-Tunnel QoS for DMVPN

        Dynamic Multipoint VPN Configuration Guide

        Standards

        Standard

        Title

        No new or modified standards are supported by this feature, and support for existing standards has not been modified by this feature.

        MIBs

        MIB

        MIBs Link

        CISCO-CLASS-BASED-QOS-MIB

        CISCO-NHRP-MIB

        To locate and download MIBs for selected platforms, Cisco IOS releases, and feature sets, use Cisco MIB Locator found at the following URL:

        http:/​/​www.cisco.com/​go/​mibs

        RFCs

        RFC

        Title

        None

        Technical Assistance

        Description

        Link

        The Cisco Technical Support website contains thousands of pages of searchable technical content, including links to products, technologies, solutions, technical tips, and tools. Registered Cisco.com users can log in from this page to access even more content.

        http:/​/​www.cisco.com/​techsupport

        Feature Information for Adaptive QoS over DMVPN

        The following table provides release information about the feature or features described in this module. This table lists only the software release that introduced support for a given feature in a given software release train. Unless noted otherwise, subsequent releases of that software release train also support that feature.

        Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/​go/​cfn. An account on Cisco.com is not required.
        Table 1 Feature Information for Adaptive QoS over DMVPN

        Feature Name

        Releases

        Feature Information

        Adaptive QoS over DMVPN

        Cisco IOS XE 3.14S

        Adaptive QoS over Dynamic Multipoint VPN (DMVPN) ensures effective bandwidth management using dynamic shapers based on available bandwidth. This feature enables various QoS features to adapt to non service-level agreement (SLA) based environments where bandwidth is variable and fluctuate with time.

        The following commands were introduced or modified: shape adaptive, show policy-map, and show policy-map interface.