Fun in the Lab: DMVPN: Per-Tunnel QoS and High Availability

Went on an customer “ride-along” with Advanced Services this week.  Customer’s requirement was that the DMVPN headend have 2 physical interfaces for High Availability.  These 2 interfaces need to be the same subnet because they are going into 2 firewalls: one active/one standby.  So now what?

2fws

Tom Kunath (Advanced Services) thought “Well…. what about using backup interface command?”  Hmmmm that does seem to be the perfect tool in the Cisco CLI toolbox for this very situation.

Let’s go play in the lab.  We will play with

  • Having a Primary and Backup Interface under a DMVPN tunnel
  • Cause Failure – record loss
  • Verify DMVPN Per-Tunnel QoS works

So for those of you who are not yet familiar with DMVPN Per-Tunnel QoS you might want to do a little bit of reading first.  🙂

Playing in the Lab: DMVPN and Per-Tunnel QoS

Fun in the Lab: Troubleshooting DMVPN Per-Tunnel QoS

backup

interfaces

So now let’s try it and see how per-tunnel QoS will work with it.

Class-Maps and Policy-Maps

policy

policy1

NOTE: Snuck these configs from the QoS Chapter of the upcoming CiscoPress IWAN book a super dear friend of mine (David Prall) is co-authoring.

Apply to Tunnels

hote17_tunnel100_qos

hotel16_tunnel100

pt_qos

Okay…. so far so good.  Now let’s run some traffic.  I’ll send EF and AF41.

Send Traffic

hotel17_basic

Kay… so far so good.  I also have both being sent at the same bps from the traffic generator so I wanted to check this also.

Time to Fail Primary Link! 

fail_primary

Before I congest and see if the applied PerTunnel QoS can also drop.  Let’s make sure that if I go to the big core router (Hotel15) and I shut the primary interface over there, that the DMVPN Per-Tunnel QoS still works.

basic_drop_loss

Max loss on a stream was 1,848 frames.  Each stream was sending 200 frames per second.

Hence the time to get to recovery was ~9.2 seconds.  Customer was okay with that given that it is a solution to their issue and they are hoping their Active Firewall doesn’t go down often.

Now to see if the per-Tunnel QoS is still working.  Yup.  Looking good according to the show command.  But let’s congest EF to really see if it is working.

With Backup Interface as Active, Congest EF

Okay… going to set the EF traffic to send at a rate of 2 Mbps.  Which should easily do the trick.

exceed_with_backup_interface_up

Looking good.

With Backup Interface as Active, & Congesting EF — No Shut Primary on Core Router

exceed_with_primary_interface_back_up

Okay… THAT was FUN!

happyDance_141509161



Categories: DMVPN, Fun in the Lab

Tags: ,

3 replies

  1. > Snuck these configs from the QoS Chapter of the upcoming CiscoPress IWAN book a super dear friend of mine (David Prall) is co-authoring.

    This one?

    https://www.amazon.com/gp/product/1587144638/ref=oh_aui_detailpage_o00_s00?ie=UTF8&psc=1

    You purchased this item on July 12, 2016… hee hee

    And I’m going to be studying this article closely tonight 🙂

Leave a Reply