Showing results for 
Show  only  | Search instead for 
Did you mean: 
Not applicable

traffic-shape rate and VPN and other QOS

So I am starting to delve into the QoS  settings and cam eacross a question.

My current set up:

2 sites each with their own internet access.

the 2 sites connected via VPN to route LAN and VOIP traffic.

SIP trunks come in to site 1.

ACL  UDP_PORTS to match UDP port ranges for VOIP

ACL COMP_NET to match computer subnet

QOS Map MARK to use the UDP_PORTS ACL to mark as EF

QOS Map QUE to match EF marked packets

QOS Map LIMIT to limit remaining traffic to the remaining 100%

VLAN 1 inbound - MARK

VLAN 1 outbound - LIMIT

Eth 0/1 Outbound - QUE

Eth 0/1 has a traffic-shape rate of 10000000

So the assumption is that anything that has the SIP and RTP ports I define gets tagged with EF as they come into the router, that way I don't need to worry if the system or phone tags them or not, or what they tag them with or where in local network the come from.

It then leaves the VLAN and goes out the Eth 0/1 interface, EF goes first then all the rest of the traffic gets what's left of the 10 meg..(After the 25% that the netvanta takes away initially which leaves 7500000). The queing should happen at this point before encapsulation to the VPN.

A VPN tunnel would also me subject to this rule since it is going out the eth 0/1 port as well?

if that is the case then some routers like the 3120 can pose an additional challenge sine their VPN tunnels are good for about 2 meg.

Is there a way of directing the VOIP traffic across the VPN with the size of the tunnel in mind without limiting the upspeed to the SIP trunk provider  and other internet traffic which would be non VPN traffic?

Can you see any flaws in the QoS I implemented?

I understand that everyhing is still subject to the public internet, I just want it leaving the sites under ideal conditions. (Easier to sleep at night knowing that it is the ISP's fault rather than mine )

Thanks in advanced

Labels (2)
0 Kudos
5 Replies
Not applicable

Re: traffic-shape rate and VPN and other QOS

billflippen - Thanks for posting your question on the forum!

I see that you have opened a ticket with Adtran Technical Support. Could you follow up on this thread with the resolution?



Not applicable

Re: traffic-shape rate and VPN and other QOS

My Support ticket encompassed some of this but what was not on here has been addressed. What is on this thread I am still awaiting an answer to.

to reiterate in a condensed version.

A site has an upload bandwidth of say 10 meg

A VPN tunnel is good for 1 Meg

I have built my QOS with traffic shaping for the 10 meg. but since the VPN has a different throughput how could I  traffic shape for that as well? destination Subnet?

Not applicable

Re: traffic-shape rate and VPN and other QOS


Thank you for asking this question in the support community.  If I understand the question, I believe it can be accomplished with Configuring Enhanced Ethernet Quality of Service (EEQoS) in AOS.  Here is an example EEQos configuration where all traffic is shaped to 10 Mbps, and within that QoS map, VPN traffic is further shaped to 1 Mbps.

qos map VPN 10

  match ip list ESP

  shape average 1000000


qos map SHAPING 10

  match ip list MATCHALL

  shape average 10000000

  qos-policy VPN


ip access-list extended ESP

  permit esp any  any


ip access-list extended MATCHALL

  permit ip any  any

I hope that makes sense, but please let me know if you have any additional questions.  I will be happy to help in any way I can.


Not applicable

Re: traffic-shape rate and VPN and other QOS

I think I go the gist of what you outlined. I will need to study it a bit more though to implement with my current config.

I do have one question about VPN throughputs.

I have 3 sites.

Each site has a VPN to the two other sites.

1) Site A has a 1335 with a VPN throughput of 15mbs

    is that 15mbs per tunnel or a cumulative  15 mbs (7.5 mbs each for the 2 tunnels?)

2) Sites B and C each have a 3448 with a VPN throughput of 30 mbs.

     for the tunnels that connect back to site A, should those be shaped down to the 15mbs/7.5mbs?(based upon answer of 1).

3) how much additional impact on the Routing - VPN Enabled (IMIX Traffic) = 30Mbps (EFP) does the QOS & Shaping enabled (IMIX Traffic) have?

4) What about two different tunnels with 2 different throughputs?such Site B that has a 30 Mbps to Site C but only a 15 Mbps to site A? (or however much it is parsed out the answers to 1 and 2 ).



Not applicable

Re: traffic-shape rate and VPN and other QOS


The AOS Feature Matrix - Product Feature Matrix lists the general throughput capabilities of AOS units.  The throughput values listed there are are total, dynamic values, but often don't account for multiple/various features running concurrently, which could also reduce processing power and throughput.  For example, the NV1335 has a total throughput of 15 Mbps when only VPN is enabled.  If only one VPN is active at a certain point, then it can use the full 15 Mbps, but if two VPN tunnels are being used at the same time, then they would share that bandwidth based on which tunnel was requiring bandwidth at a given time.

For a typical design like this, the main location has the highest bandwidth (i.e. 30 Mbps in your example), and the remotes have the smaller throughputs (15 Mbps each).  Therefore, if both of the remotes were transmitting at full speed to the main location, it would total 30 Mbps inbound at the main location.  Are the speeds you mentioned above what you saw on the Product Feature Matrix, or are those the actual Internet speeds at each of those locations?