Adaptive QoS over DMVPN

Adaptive QoS over Dynamic Multipoint VPN (DMVPN) ensures effective bandwidth management using dynamic shapers based on available bandwidth. This feature enables various QoS features to adapt to non service-level agreement (SLA) based environments where bandwidth is variable and fluctuate with time.

Prerequisites for Adaptive QoS over DMVPN

Adaptive QoS over DMVPN can be enabled either on hub or spoke or both. To enable feature at a spoke side, the spoke must support basic egress per-SA QoS policy.

Internet Protocol Security (IPSec) is required and must be configured before Adaptive QoS is enabled on the DMVPN tunnel.

Restrictions for Adaptive QoS over DMVPN

The Adaptive QoS over DMVPN feature configuration is:
  • Supported only on DMVPN tunnels
  • Allowed only on egress direction
  • Allowed only in parent most policy that has class-default only
  • Not supported on Point-to-Point tunnels
  • Adaptive QOS is not supported on Cisco IWAN 2.1

Information About Adaptive QoS over DMVPN

Overview of Adaptive QoS over DMVPN

Enterprise networks are increasingly using the Internet as form of WAN transport, therefore QoS models needs to be revisited. QoS works effectively when deployed in an service-level agreement (SLA) environment today, like Multiprotocol Label Switching (MPLS) . The available bandwidth on the internet at a given point of time can vary, and can be often much lesser than the actual bandwidth offered by the service provider. In cases of non SLA environments, QoS has limitations - mainly because it cannot predict changing bandwidth on the link.

Cisco Intelligent WAN (IWAN) recommends using Dynamic Multipoint VPN (DMVPN) over Internet to connect branches to the data center or headquarters, and QoS to be deployed in such environments of fluctuating bandwidth. Currently, the shapers that are applied as part of the egress QoS policy are static in value - they are configured based on the service provider bandwidth offering, they do not change with time and hence do not reflect the actual available Internet bandwidth. In many instances where Internet available bandwidth becomes much lesser than the offered bandwidth, the shapers become irrelevant as they do not adapt to the varying bandwidth. Due to the static value of the shapers, application traffic gets dropped indiscriminately at the Internet core, nullifying the very need to have configured a QoS policy to protect critical traffic.

DMVPN provides the ability to do QoS per-tunnel, which means a QoS policy can be applied at the hub towards a specific spoke, to ensure a high bandwidth hub does not overrun a low capacity spoke. However, these QoS policies still work with static shapers per spoke. If the bandwidth towards a particular spoke fluctuates, the shapers towards the spokes do not adapt. Also, it is not possible today to configure a QoS policy for the traffic from the spoke towards the hub, which is very common in many retail-like environments.

The Adaptive QoS over DMVPN feature provides the following benefits:
  • Adjusts the shaper parameters based on the actual available Internet bandwidth in both directions that is periodically computed.

  • Allows to configure a QoS policy on the spoke towards the hub.

  • Ensures better control of application performance at the enterprise edge even in changing bandwidth scenarios over the Internet.

  • Allows aggregate tunnel shape adaptation to provide effective bandwidth between spoke and hub.

Adaptive QoS for Per-Tunnel QoS over DMVPN

Per-tunnel QoS over DMVPN can be configured on the hub towards the spoke today using Next Hop Resolution Protocol (NHRP) groups. The QoS policies contain static shapers. With Adaptive QoS, the framework of per tunnel QoS configuration remains the same, but the shaper can be an adaptive one as shown in the following figure. These shapers would adapt automatically based on the changing Internet bandwidth that is periodically computed using an algorithm.

Figure 1. Adaptive QoS for Per-Tunnel QoS over DMVPN


Workflow of Adaptive QoS

The Adaptive QoS over DMVPN feature adapts shaping rate at the Sender based on the available bandwidth between specific Sender and Receiver (two end-points of a DMVPN tunnel).

Figure 2. Workflow of Adaptive QoS


At the Sender:

  • Configure MQC Policy with Adaptive shaping

  • Attach service-policy to nhrp-group in Egress

At the Receiver:

Create state for periodic collection of stats on a relevant target

How to Configure Adaptive QoS over DMVPN


Note


Configure the Per-Tunnel QoS for DMVPN before configuring the Adaptive QoS over DMVPN feature, as Adaptive QoS over DMVPN feature is an enhancement to the Per-Tunnel QoS for DMVPN feature.

Note


For details on configuring the Per-Tunnel QoS for DMVPN feature, refer to Per-Tunnel QoS for DMVPN .

Configuring Adaptive QoS for DMVPN

SUMMARY STEPS

  1. enable
  2. configure terminal
  3. policy-map parent-policy-name
  4. class class-default
  5. shape adaptive { upper-bound bps |percent percentage }[lower-bound bps | percent percentage ]
  6. end
  7. configure terminal
  8. interface tunnel tunnel-id
  9. nhrp map group group-name service-policy output parent-policy-name
  10. end

DETAILED STEPS

  Command or Action Purpose

Step 1

enable

Example:


Router> enable

Enables privileged EXEC mode.

  • Enter your password if prompted.

Step 2

configure terminal

Example:


Router# configure terminal

Enters global configuration mode.

Step 3

policy-map parent-policy-name

Example:


Router(config)# policy-map example

Creates or modifies a child policy map and enters policy-map configuration mode.

  • Enter the name of the child policy map.

Step 4

class class-default

Example:


Router(config-pmap)# class class-default

This step associates the traffic class with the traffic policy. Configures the default class map and enters policy-map class configuration mode.

Step 5

shape adaptive { upper-bound bps |percent percentage }[lower-bound bps | percent percentage ]

Example:


Router(config-pmap-c)# shape adaptive upper-bound 20000

Creates a specific adaptive shaper that has upper bound on the rate and optionally lower bound on the rate.

Note

 
When such a template is attached to a target, adaptive shaping is enabled for that instance. Shaping rate adapts to a new rate, that is a function of parameters, including peer's received rate.

Step 6

end

Example:


Router(config-pmap-c)# end

Returns to privileged EXEC mode.

Step 7

configure terminal

Example:


Router# configure terminal

Enters global configuration mode.

Step 8

interface tunnel tunnel-id

Example:


Router(config)# interface tunnel 0

Configures an interface type and enters interface configuration mode.

  • Enter the interface type and interface number.

Step 9

nhrp map group group-name service-policy output parent-policy-name

Example:


Router(config-if)# nhrp map group 1 service-policy output example

Adds the NHRP group to the QoS policy map on the hub.

Step 10

end

Example:


Router(config-if)# end

Returns to privileged EXEC mode.

Verifying the Adaptive QoS over DMVPN

SUMMARY STEPS

  1. enable
  2. show dmvpn
  3. show policy-map [policy-map-name ]
  4. show policy-map multipoint
  5. exit

DETAILED STEPS

  Command or Action Purpose

Step 1

enable

Example:


Router> enable

Enables higher privilege levels, such as privileged EXEC mode.

  • Enter your password if prompted.

Step 2

show dmvpn

Example:

Router# show dmvpn

Displays detailed DMVPN information for each session, including the Next Hop Server (NHS) and NHS status, crypto session information, and socket details. Also displays the NHRP group received from the spoke and the QoS policy applied to the spoke tunnel.

Step 3

show policy-map [policy-map-name ]

Example:

Router# show policy-map example

Displays the configuration of all classes for a specified policy map or of all classes for all existing policy maps.

Step 4

show policy-map multipoint

Example:

Router# show policy-map tunnel 0

(Optional) Displays the statistics and the configurations of the input and output policies that are attached to an interface.

Step 5

exit

Example:


Router(config-if)# exit

(Optional) Returns to user EXEC mode.

Troubleshooting the Adaptive QoS over DMVPN

SUMMARY STEPS

  1. enable
  2. debug qos peer mon detail
  3. debug qos peer rate detail

DETAILED STEPS

  Command or Action Purpose

Step 1

enable

Example:


Router> enable

Enables higher privilege levels, such as privileged EXEC mode.

  • Enter your password if prompted.

Step 2

debug qos peer mon detail

Example:

Router# debug qos peer mon detail

Displays debug messages for Adaptive QoS over DMVPN.

Step 3

debug qos peer rate detail

Example:

Router# debug qos peer rate detail

Displays debug messages for Adaptive QoS over DMVPN.

Configuration Examples for Configuring Adaptive QoS over DMVPN

Example Configuring Adaptive QoS over DMVPN

The following example shows how to configure Adaptive QoS over DMVPN:


Router(config)# policy-map example
Router(config-pmap)# class class-default
Router(config-pmap-c)# shape adaptive upper-bound 20000
Router(config-pmap-c)# end
Router# configure terminal
Router(config)# interface tunnel 0
Router(config-if)# nhrp map group 1 service-policy output example
Router(config-if)# end

Example Verifying Adaptive QoS over DMVPN

The show policy-map and show policy-map interface commands can be used to confirm that the Adaptive QoS over DMVPN feature is enabled at an interface.

The following is a sample output of the show dmvpn command:
Router# show dmvpn



Interface: Tunnel1, IPv4 NHRP Details
Type: Hub, NHRP Peers:1,

# Ent  Peer NBMA Addr   Peer Tunnel Add   State UpDn Tm    Attrb 
 ----- ------------- ----------------     ----- ------- 	 ----- 
  1    10.1.1.1          10.10.1.2        UP    00:18:37   D


Interface: Tunnel2, IPv4 NHRP Details
Type: Hub, NHRP Peers:1,

# Ent Peer NBMA Addr   Peer Tunnel Add   State  UpDn Tm  Attrb 
----- ---------------  --------------    ------  -------  -------

  1  10.2.1.1          10.10.2.2        UP     00:22:09  D


Interface: Tunnel3, IPv4 NHRP Details
Type: Hub, NHRP Peers:1,
 
# Ent Peer NBMA Addr   Peer Tunnel Add   State  UpDn Tm  Attrb 
----- --------------   ---------------   ------ -------   ---- 
   1  10.3.1.1         10.10.3.2         UP     00:22:04   D


Interface: Tunnel4, IPv4 NHRP Details
Type: Hub, NHRP Peers:1,
 
# Ent Peer NBMA Addr   Peer Tunnel Add   State UpDn Tm  Attrb 
----- --------------   ----------------  -----  ------  ----
  1    10.3.1.1        10.10.3.2         UP   00:22:01   D

The following is a sample output of the show policy-map command:


Router# show policy-map
 
    
Policy Map test
    Class class-default
      Adaptive Rate Traffic Shaping
      cir upper-bound 2120000 (bps) cir lower-bound 1120000 (bps)  

The following is a sample output of the show policy-map multipoint command:


Router# show policy-map multipoint
  
 Service-policy output: test

		Class-map: class-default (match-any)
		 0 packets, 0 bytes
 		5 minute offered rate 0000 bps, drop rate 0000 bps
 		Match: any
 		Queueing
 		queue limit 64 packets
 		(queue depth/total drops/no-buffer drops)0/0/0
   (pkts output/bytes output) 0/0
 		shape (adaptive) cir 2120000,bc 8480, be 8480
 		lower bound cir 2120000
 		target shape rate 2120000

Note


One of the important parameters displayed as an output of the show policy-map multipoint command is target shape rate. The Adaptive QoS over DMVPN feature dynamically changes the value of the target shape rate to adapt to the available bandwidth.


Example for Troubleshooting Adaptive QoS over DMVPN

The debug qos peer mon detail and debug qos peer rate detail commands can be used to display any errors for the Adaptive QoS over DMVPN feature.

The following is a sample output of the debug qos peer mon detail command:

Router# debug qos peer mon detail

QoS peer remote monitoring debugging is on
 
Router#

*May 22 21:25:28.006 UTC: [SEND]Processing entry with address : 50.1.1.2,vrfid : 0 sending rate(delta bytes) : 1514
*May 22 21:25:28.006 UTC: [SEND]Processing entry with address : 50.1.1.3,vrfid : 0 sending rate(delta bytes) : 1598
*May 22 21:25:28.201 UTC: [RCV]Received message for interface Tunnel1 address 50.1.1.2 vrf 0
*May 22 21:25:28.201 UTC: 
fdiff : 20517, sdiff : 19661, cur_dif : 3318, cum_diff : 20907

*May 22 21:25:28.201 UTC: qos_rate_status_update -- 392
*May 22 21:25:28.201 UTC: Last count : 128650

 

The following is a sample output of the debug qos peer rate detail command:


Router# debug qos peer rate detail 
 
    
 *May 22 21:34:32.456 UTC: [RCV]Received message for interface Tunnel1 address 50.1.1.3 vrf 0
 *May 22 21:34:32.456 UTC: Enter qos_process_remote_rate_message:
 *May 22 21:34:32.456 UTC: Message for tun with o_ip : 50.1.1.3 tun t_ip : 13.1.1.1
 *May 22 21:34:32.456 UTC: [RCV]<DELTA>Message remote rate value is 116730f_cum_diff: 140155, s_cum_diff: 135612
 HoldTh: 5000, CurTh: 11250
 Gonna Go Up f_cum_diff: 140155, s_cum_diff: 135612 
 Yes increasing
 Suggested rate: 120000

 *May 22 21:34:32.456 UTC: rx_bytes = 116730, tx_bytes = 125282, Suggested rate = 120000
 *May 22 21:34:32.456 UTC: Exiting : 1

 

Additional References

The following sections provide references related to the Control Plane Logging feature.

Related Documents

Related Topic

Document Title

NHRP MIB

Dynamic Multipoint VPN Configuration Guide

QoS commands: complete command syntax, command modes, command history, defaults, usage guidelines, and examples

Cisco IOS Quality of Service Solutions Command Reference

QoS feature overview

Quality of Service Overview module

Per-Tunnel QoS for DMVPN

Dynamic Multipoint VPN Configuration Guide

Standards

Standard

Title

No new or modified standards are supported by this feature, and support for existing standards has not been modified by this feature.

MIBs

MIB

MIBs Link

CISCO-CLASS-BASED-QOS-MIB

CISCO-NHRP-MIB

To locate and download MIBs for selected platforms, Cisco IOS releases, and feature sets, use Cisco MIB Locator found at the following URL:

http://www.cisco.com/go/mibs

RFCs

RFC

Title

None

Technical Assistance

Description

Link

The Cisco Technical Support website contains thousands of pages of searchable technical content, including links to products, technologies, solutions, technical tips, and tools. Registered Cisco.com users can log in from this page to access even more content.

http://www.cisco.com/techsupport

Feature Information for Adaptive QoS over DMVPN

The following table provides release information about the feature or features described in this module. This table lists only the software release that introduced support for a given feature in a given software release train. Unless noted otherwise, subsequent releases of that software release train also support that feature.

Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.
Table 1. Feature Information for Adaptive QoS over DMVPN