Hi All,
I would like to ask if you can help me to prioritize VPN traffic based on destination IP. Network setup is very simple - client has main office and DB server in Cloud. There is a VPN tunnel setup between them. People in main office running DB app which connects over VPN to DB server in Cloud.
What I want to do is to reserve minimum 20% of traffic for DB connection which is a business critical app. It goes through VPN, but I do not need to do CoS inside VPN tunnel. And use remaining traffic for everything else - less priority traffic.
What I have done so far:
1) Setup Firewall Filter with destination IP to cloud. If Destination match cloud IP, then allocate it to "assured-forwarding" class. All other traffic to "best-effort" class. Assigned filter to internal LAN interface ingress.
2) Forwarding classes I left default - be=queue 0, ef=queue 1, af=queue 2, nc=queue 3.
3) Created classifier QOS:
000000 - be - loss priority High
011010 - af - loss priority Low
101110 - ef - loss priority Low
110000 - nc - loss priority Low
111000 - nc - loss priority Low
3) No rewrite rules
4) Schedulers:
NC - priority High - buffer size 5%, transmit rate 5%
CLOUD - priority High - buffer size 10%, transmit rate 40%
DATA - priority Low - buffer size reminder, transmit rate reminder
5) Scheduler Map - DATA=best effort; CLOUD=assured-forwarding; NC=network-control
6) Drop profile - Assigned to DATA scheduler - Interpolated [(25,30),(50,60),(75,100)]
7) Map-scheduler assigned to WAN interface.
If I go to Monitor -> Interfaces -> WAN interface -> CoS, I can see that best-effort class get lots of pakets, there also some packets in assured-forwarding queue. So id does look like firewall policy works fine.
As a test I am running speedtest from main office. As it takes the whole speed, during the test, database app starting to lag.
I am not very experienced in Juniper and most of configuration done in GUI, but can post all CoS CLI configuration if it will be useful.
Very much appreciate if you can give me any idea of what I am missing or configured wrong.
Thank you in advance.
Alex
↧