No announcement yet.

Internet vs VPN QoS

  • Filter
  • Time
  • Show
Clear All
new posts

  • Internet vs VPN QoS

    I'm currently experiencing a lot of traffic congenstion on my link to the internet that causes congestion, resulting in pack loss for latency for the VPN traffic. It's a fiber link, 10MB syncrhonous with a media converter that goes from fiber to enternet. Currently there is an unmanaged switch and I would like to replace it with a managed switch. The VPN is site to site, and I would prefer to be able to apply priority based on IP address as many sites link into our VPN, some requiring more bandwidth than others. All static IPs.

    WAN IP address of firewall -
    WAN IP address of VPN device -

    What I would like to do is force all traffic coming in and going out for the VPN to have priority over the firewall which is used for regular internet connectivity. I'd like to buffer as much as I can on ingress and egress to avoid packet loss. I've been reading about the bandwidth and prioroty commands, as well as MQC, but am not sure which direction I should take. I do not currently have a switch purchased for this purpose as I realize there are different QoS applications for different devices.

    Could someone advise the best path for me to take as I'm fairly new to QoS? It was suggested that I get a 2900 series router and use IP Acls and CBWFQ, but I need a cheaper solution. Thanks.

  • #2
    Re: Internet vs VPN QoS

    I suggest to do some research on QOS mechanisms. Qos is a huge topic and the configs can get really involved. LLQ with CBWFQ (priority) is a guranteed and policed limit. If you have a LLQ of 512kb for voice, then you will get that 512 whether there is congestion or not, but you cant go over it either. When assigning a class a bandwidth reservation you are guranteeing a min bandwidth during congestion but it can use more if no congestion exists. Queueing is done in the outbound direction only.
    CCNA, CCNA-Security, CCNP
    CCIE Security (In Progress)