Before the start of the course prepared a translation of interesting material for you
There is one great thing about DMVPN that I came across some time ago: DMVPN Per-Tunnel QoS. Obviously, I'm not the only one (as a lab rat) who thinks this is cool. Every time I show this to people, I see their eyes light up as a result of little lights starting to glow in their heads, indicating that ideas come up where they can use it.
Time to unleash your geek!
Let's pretend that Branch_1 и Branch_2 are in the same DMVPN tunnel with the DMVPN hub "Foxtrot14". We would like to apply QoS policy from hub to spock for Branch_2but not for Branch_1. Since they are in the same mGRE tunnel, how do we do this?
Essentially what we need to do is:
- On DMVPN hub:
- We configure in the global configuration section the various QoS policies that you want the hub to "offer" as QoS policies for spocks
- We apply all the policies that you are going to "offer" to spocks in the DMVPN tunnel interface using the command ip nhrp map group
- On the DMVPN, we configure the DMVPN interface with the name of the mapped group that you would like to apply to it.
On DMVPN hub
Let's figure it out:
“1) Set up in the global configuration section the various QoS policies that you want the hub to “offer” as QoS policies for spocks”
So, in general, what you can see above is that we are configuring our DMVPN hub with 5 different QoS offerings to Spokes.
- 1.5Mbps
- 2Mbps
- 5Mbps
- 10Mbps
- No limit
“2) Apply all the policies that you are going to “offer” to spocks in the DMVPN tunnel interface using the ip nhrp map group command”
On DMVPN Spoke
"On the DMVPN spock, configure the DMVPN interface with the name of the mapped group that you would like to apply to it."
So I just go to Echo3 (Branch_2) and put the command “ip nhrp group spoke-2Mbps” to Spock's tunnel interface.
What will happen now? Echo3 simply puts the name "spoke-2Mbps" in the NHRP registration request. Voila! It's really that simple. Neatly, huh? If you need a little refresher on NHRP registration, read . There you will find the basics of an NHRP registration request.
Let's see how it looks on the network and on the DMVPN hub.
You can get the current file pcap, which we will consider together
< - It's in my public Dropbox and I plan to keep it there for a few years.
Ready?
We are going to look at Frame 18 and Frame 21 in relation to the following networks and IP addresses. Put this closer to the sniffer trace so you can match IPs better.
So the first one is frame 18. NHRP registration request from Echo3 (Branch_2) looks perfectly fine until we get to the NHRP Vendor Private Extension.
Want to pamper the geek inside you?
What happens after Frame 18 hits the DMVPN hub Foxtrot14? because Echo3 (Branch_2) wants “spoke-2Mbps” to be applied to it, does not mean that this is a configured option on the hub. So you will see frame 21 again as a response to the registration request confirming "spoke-2Mbps" in the vendor section.
Now what?
Let's go to Foxtrot14 and see what he thinks about this situation.
Wonderful! In the same mGRE tunnel we have QoS applied to the hub to spock traffic to branch_2but not to branch_1.
*NOTE: This post was originally published on this site in 2015. It was last updated and formatted on February 15, 2020.
Source: habr.com