Per-Tunnel QoS

Table 1. Feature History

Feature Name

Release Information

Description
Per-Tunnel QoS

Cisco IOS XE Catalyst SD-WAN Release 17.2.1r

This feature lets you apply a Quality of Service (QoS) policy on individual tunnels, ensuring that branch offices with smaller throughput are not overwhelmed by larger aggregation sites.

This feature is only supported for hub-to-spoke network topologies.

Increase Per Tunnel QoS Session Scale

Cisco IOS XE Catalyst SD-WAN Release 17.13.1a

Cisco Catalyst SD-WAN Manager can manage 10,000 sessions of per-tunnel QoS.

Information about Per-Tunnel QoS

Overview of Per-Tunnel QoS

Use the Per-tunnel QoS feature to apply a quality of service (QoS) policy on a Cisco IOS XE Catalyst SD-WAN device hub on a per-tunnel or per-spoke instance in the egress direction.

Per-tunnel QoS can only be applied on hub-to-spoke network topologies. Per-tunnel QoS on a hub lets you shape tunnel traffic to individual spokes. It also differentiates individual data flows going through the tunnel or the spoke for policing.

Benefits of Per-Tunnel QoS

Before the introduction of Per-tunnel QoS feature on Cisco Catalyst SD-WAN, QoS on a hub could be configured to measure only the aggregate outbound traffic for all spokes. Per-tunnel QoS for Cisco Catalyst SD-WAN provides the following benefits.

  • A QoS policy is configurable on the basis of session groups, thus providing the capability of regulating traffic from hub to spokes at a per-spoke level.

  • The hub cannot send excessive traffic to a small spoke and overrun it.

  • The maximum outbound bandwidth and QoS queue are set up automatically when each spoke registers with an Overlay Management Protocol (OMP) message.

  • The amount of outbound hub bandwidth that a “greedy” spoke can consume can be limited; therefore, the traffic can’t monopolize a hub’s resources and starve other spokes.

  • Multiple policies (MPoL) are supported. This enables underlay and TLOC extension traffic to coexist with the overlay tunnel traffic.

Supported Platforms

Per-Tunnel QoS for Hub

The following series of platforms can be configured as hubs for the per-tunnel QoS in Cisco Catalyst SD-WAN.

  • Cisco 1000 Series Aggregation Services Routers

  • Cisco 1000 Series Integrated Services Routers

  • Cisco ISR 1100 and ISR 1100X Series Integrated Services Routers

  • Cisco 4000 Series Integrated Services Routers

  • Cisco Cloud Services Router 1000V Series

  • Cisco Catalyst 8000 Edge Platforms Family

Per-Tunnel QoS for Spokes

The following series of Cisco IOS XE Catalyst SD-WAN devices can be configured as spokes for per-tunnel QoS in Cisco Catalyst SD-WAN.

  • Cisco 1000 Series Aggregation Services Routers

  • Cisco 1000 Series Integrated Services Routers

  • Cisco ISR 1100 and ISR 1100X Series Integrated Services Routers

  • Cisco 4000 Series Integrated Services Routers

  • Cisco Cloud Services Router 1000V Series

  • Cisco Catalyst 8000 Edge Platforms Family

  • Cisco 1000 Series Integrated Services Routers (ISRs)

    • ISR1100-4G

    • ISR1100-6G

    • ISR1100-4GLTENA and ISR1100-4GLTEGB

Restrictions for Per-Tunnel QoS

  • Only hub-to-spoke network topology is supported for configuring per-tunnel QoS. Spoke-to-spoke network topology isn't supported.

  • Only Cisco IOS XE Catalyst SD-WAN devices are supported as hubs for per-tunnel QoS. However, both Cisco IOS XE Catalyst SD-WAN devices and Cisco vEdge devices are supported as spokes in the hub-to-spoke topology supported for per-tunnel QoS.

  • In Cisco IOS XE Catalyst SD-WAN Release 17.2.1r, per-tunnel QoS can only be configured using the Cisco VPN Interface Ethernet template in Cisco vManage 20.1.1.

  • Per-tunnel QoS with loopback WAN for non-binding mode isn’t supported on the hub.

  • For per-tunnel QoS to work with 3-level hierarchical policies, you must use the reserved class-map name, "SDWAN_underlay" for middle level policy.

  • Maximum number of sessions:

    • (Minimum supported release: Cisco IOS XE Catalyst SD-WAN Release 17.11.1a)

      You can configure a maximum number of sessions to which the QoS policy is applied. When the number of Cisco Catalyst SD-WAN user sessions with QoS policy reaches its limit, the QoS policy is not applied for any other sessions. The number of sessions that you can configure is from 100 to 6,000. The default QoS maximum session for all platforms is 4,000.

    • (Minimum supported release: Cisco IOS XE Catalyst SD-WAN Release 17.13.1a)

      The number of sessions that you can configure is from 100 to 10,000.

How Per-Tunnel QoS Works in Hub-to-Spoke Topologies

In Cisco IOS XE Release 17.2 , the Per-Tunnel QoS feature is supported on hub-to-spoke network topologies only. Per-tunnel QoS is not supported for spoke-to-spoke topology.

  • Per-tunnel QoS is applied to routers with the hub role on a per-session basis.

  • Routers that are assigned the spoke role publish the downstream-bandwidth information per TLOC route through OMP.

  • Overlay and underlay tunnels share the same QoS policy and the bandwidth remaining is configurable for both underlay and overlay tunnels.

  • The bandwidth remaining ratio is automatically calculated on each session based on the remote downstream bandwidth.

Configure Per Tunnel QoS Using Cisco SD-WAN Manager

To configure per-tunnel QoS, perform the following tasks in the order specified.

Step 1: Configure QoS Map

A QoS map can be added to a localized data policy. For more details on the various QoS parameters, see QoS parameters section in the Policies Guide. To configure QoS map:

  1. From the Cisco SD-WAN Manager menu, choose Configuration > Policies.

  2. Click Localized Policy and then click Add Policy.

  3. From the list type shown in the left pane, choose Class Map. The list displays existing class maps. Choose a class map from the list and click Next.

    OR

    Create a new class map:

    1. Click Add New Class Map.

    2. Enter a name for the class map.

    3. From the Queue drop-down list, choose a number (from 0-7).

    4. Click Save and then click Next.

  4. Click the Add QoS Map and choose Create New.

  5. Enter a name and description for the map.

  6. Click Add Queue, enter the requested details, and click Save Queue.

  7. Click Save Policy.

Step 2: Choose the QoS Map to be Added to the Feature Template

Per-tunnel QoS can only be configured through the Cisco VPN Interface Ethernet template. To enable per-tunnel QoS on other WAN interface types, use the global CLI add-on template.

  1. From the Cisco SD-WAN Manager menu, choose Configuration > Templates.

  2. Click Feature Templates and then click Add Template.


    Note

    In Cisco vManage Release 20.7.x and earlier releases, Feature Templates is called Feature.

  3. Choose a device from the list on the left. Feature templates applicable to the device are shown in the right pane.

  4. Choose the Cisco VPN Interface Ethernet template.

  5. Enter a name and description for the feature template.

  6. Choose the ACL/QoS option.

  7. Enter the requested details.

    • Shaping Rate: Choose Global from the drop-down list and enter a shaping rate in kbps.

    • QoS Map: Choose Global from the drop-down list and enter the name of the QoS map that you want to include in the feature template.

  8. Click Save.

Step 3: Attach the Localized QoS Policy and the Feature Template to the Device Template

  1. Attach the localized policy created in Step 1 to the device template.

  2. Attach the feature template created in Step 2 to the device template. See Create Device Templates from Feature Templates for more details.


Note

Ensure that you attach the localized policy and the feature template to the same device template.

Step 4 Configure Hub Role for Per-Tunnel QoS

  1. From the Cisco SD-WAN Manager menu, choose Configuration > Templates.

  2. Click Feature Templates. All the features templates are listed.


    Note

    In Cisco vManage Release 20.7.x and earlier releases, Feature Templates is called Feature.

  3. For the Cisco VPN Interface template that you want to add per-tunnel QoS policy to, click ... and choose Edit.

    Alternatively, you can create a new Cisco VPN Interface Ethernet template following the instructions in the previous sections and then proceed with the steps below.

  4. When the template opens, click the Tunnel option at the top of the page.

  5. From the Tunnel Interface drop-down list, choose Global and choose On.

    A new set of fields display below the Tunnel Interface option. These new fields are specific to per-tunnel QoS and display only when you choose the On option.

  6. From the Per-tunnel Qos drop-down list, choose Global and then choose On.

    The Per-tunnel QoS Aggregator field appears after you set Per-tunnel Qos to On. If this field is set to Off, which is the default behavior, it means that the device selected in the template is assigned the spoke role. If the field is set to On, it means that the device is assigned the hub role.

  7. Choose Global from the Per-tunnel QoS Aggregator drop-down menu, and choose On. The device has now been assigned the role of a hub.

    When you choose the On option, the Tunnel Bandwidth Percent field displays.

  8. You can either leave the Tunnel Bandwidth Percent value at default (50) or choose Global from the drop-down menu to enter a value based on your network requirement.

    The remaining fields under the Tunnel section are not specific to per-tunnel QoS. You can either leave the values at default or enter values specific to your network.

  9. Click Update. The feature template updates with per-tunnel QoS configuration.

Step 5: Configure Spoke Role for Per-Tunnel QoS

  1. From the Cisco SD-WAN Manager menu, choose Configuration > Templates.

  2. Click Feature Templates. All the features templates are listed.


    Note

    In Cisco vManage Release 20.7.x and earlier releases, Feature Templates is called Feature.

  3. For the Cisco VPN Interface Template that you want to add the per-tunnel QoS policy to, click ... and choose Edit.

    OR

    Create a new Cisco VPN Interface Ethernet template following the instructions in the previous sections and then proceed with the steps below.

  4. When the template opens, click Tunnel.

  5. From the Tunnel Interface drop-down list, choose Global and choose the On option.

    A new set of fields display below the Tunnel Interface option. These new fields are specific to per-tunnel QoS and display only when you choose the On option.

  6. From the Per-tunnel Qos drop-down menu, choose Global and choose the On option.

    The Per-tunnel QoS Aggregator field displays after you set Per-tunnel Qos to On. This field is set to off by default. If this field is set to Off, it means that the device selected in the template is assigned the spoke role.

  7. The downstream bandwidth needs to be configured for the device to effectively take the spoke role. To configure the downstream bandwidth, click Basic Configuration at the top of the page.

  8. Scroll down to the Bandwidth Downstream Field and choose Global from the drop-down menu.

  9. Enter a value for the downstream bandwidth and click Update at the bottom of the page.

Configure Per Tunnel QoS Using a CLI Template

This topic shows the task flow for configuring per-tunnel QoS using CLI templates with the help of examples.

Example: Create QoS MaP

class-map match-any SDWAN_underlay
 match any
!
class-map match-all Queue0
 match qos-group 0
!
class-map match-all Queue1
 match qos-group 1
!
class-map match-all Queue3
 match qos-group 3
 !
policy-map qos_policy_4class_cedge
class Queue0
  priority level 1
  police rate percent 25
class Queue1
  bandwidth remaining ratio 20
class Queue3
  bandwidth remaining ratio 15
class class-default
 bandwidth remaining ratio 40
!

Example: Apply a QoS Map to an Ethernet Interface

policy-map per_tunnel_qos_policy_GigabitEthernet0/0/1
 class SDWAN_underlay
  bandwidth remaining percent 50
  service-policy qos_policy_4class_cedge
!
policy-map shape_GigabitEthernet0/0/1
 class class-default
  shape average 10000000
  service-policy qos_policy_4class_cedge_GigabitEthernet0/0/1
!
interface GigabitEthernet0/0/1
  service-policy output shape_ GigabitEthernet0/0/1
!

Example: Configure a Device as a Hub

sdwan
 interface GigabitEthernet0/0/1
  tunnel-interface
   encapsulation ipsec
   color public-internet restrict
   tunnel-qos hub
  exit

Example: Configure a Device as a Spoke

sdwan
 interface GigabitEthernet0/0/2
  tunnel-interface
   encapsulation ipsec
   color public-internet restrict
   tunnel-qos spoke
  exit
  bandwidth-downstream 50000
 exit

Example: Configure Number of Sessions

platform qos sdwan max-session 5000
sdwan
interface GigabitEthernet0/0/2
tunnel-interface
 encapsulation ipsec
 color public-internet restrict
 tunnel-qos spoke
exit
bandwidth-downstream 50000
top
interface Tunnel0
ip unnumbered GigabitEthernet0/0/2
tunnel source GigabitEthernet0/0/2
tunnel mode sdwan

Verify Per-Tunnel QoS Configuration

Run the show sdwan running-config command to verify the per-tunnel QoS configuration on a Cisco IOS XE Catalyst SD-WAN device configured as a hub. 


Device# show sdwan running-config
class-map match-any Queue0
 match qos-group 0
!
class-map match-any Queue1
 match qos-group 1
!
class-map match-any Queue3
 match qos-group 3
!
class-map match-any SDWAN_underlay
 match any
!
policy-map per_tunnel_qos_policy_GigabitEthernet0/0/1
 class SDWAN_underlay
  bandwidth remaining percent 50
  service-policy qos_policy_4class_cedge
 !
!
policy-map qos_policy_4class_cedge
 class Queue0
  priority level 1
  police rate percent 25
  !
 !
 class Queue1
  bandwidth remaining ratio 20
!
 class class-default
  bandwidth remaining ratio 40
!
 class Queue3
  bandwidth remaining ratio 15
 !
!
policy-map shape_GigabitEthernet0/0/1
 class class-default
  service-policy per_tunnel_qos_policy_GigabitEthernet0/0/1
  shape average 100000000
 !
!
interface GigabitEthernet0/0/1
 description INET Transports
 service-policy output shape_GigabitEthernet0/0/1
!
sdwan
 interface GigabitEthernet0/0/1
  tunnel-interface
   encapsulation ipsec weight 1
   no border
   color public-internet restrict
   tunnel-qos hub
  exit
 exit
!

Run the show sdwan running-config sdwan command to verify the per-tunnel QoS configuration on a Cisco IOS XE Catalyst SD-WAN device configured as a spoke. 

Device# show sdwan running-config sdwan
sdwan
 interface GigabitEthernet0/0/1
  tunnel-interface
   encapsulation ipsec weight 1
   color public-internet restrict
   tunnel-qos spoke
  exit
  bandwidth-downstream 50000
exit

Run the show running-config command to verify the per-tunnel QoS configuration on a Cisco vEdge device configured as a spoke. 


Device# show running-config
vpn 0
interface ge0/0
  tunnel-interface
   tunnel-qos spoke
!
bandwidth-downstream 50000
!

Monitor Per-Tunnel QoS

Use the following monitoring commands to monitor the performance of per-tunnel QoS.

  • show platform software sdwan qos template : Displays the child templates used for per-tunnel QoS.

  • show platform software sdwan qos policy : Displays per-tunnel QoS policy instance parameters like policy template, bandwidth, and bandwidth remaining-ratio.

  • show platform software sdwan qos target : Displays per-tunnel QoS policy target database per sd-wan session and tunnel interface.

  • show policy-map interface GigabitEthernet 0/0/1 : Displays the statistics status and the configured policy maps on the specified interface.

  • show policy-map multipoint Tunnel 10 10.10.10.20 : Displays the per-tunnel QoS statistics on the tunnel ID specified.

  • show platform software sdwan qos summary : Confirms the count of sessions, policies, WAN interfaces, and adaptive QoS sessions.