My Support ticket encompassed some of this but what was not on here has been addressed. What is on this thread I am still awaiting an answer to.
to reiterate in a condensed version.
A site has an upload bandwidth of say 10 meg
A VPN tunnel is good for 1 Meg
I have built my QOS with traffic shaping for the 10 meg. but since the VPN has a different throughput how could I traffic shape for that as well? destination Subnet?
Thank you for asking this question in the support community. If I understand the question, I believe it can be accomplished with Configuring Enhanced Ethernet Quality of Service (EEQoS) in AOS. Here is an example EEQos configuration where all traffic is shaped to 10 Mbps, and within that QoS map, VPN traffic is further shaped to 1 Mbps.
qos map VPN 10
match ip list ESP
shape average 1000000
qos map SHAPING 10
match ip list MATCHALL
shape average 10000000
ip access-list extended ESP
permit esp any any
ip access-list extended MATCHALL
permit ip any any
I hope that makes sense, but please let me know if you have any additional questions. I will be happy to help in any way I can.
I think I go the gist of what you outlined. I will need to study it a bit more though to implement with my current config.
I do have one question about VPN throughputs.
I have 3 sites.
Each site has a VPN to the two other sites.
1) Site A has a 1335 with a VPN throughput of 15mbs
is that 15mbs per tunnel or a cumulative 15 mbs (7.5 mbs each for the 2 tunnels?)
2) Sites B and C each have a 3448 with a VPN throughput of 30 mbs.
for the tunnels that connect back to site A, should those be shaped down to the 15mbs/7.5mbs?(based upon answer of 1).
3) how much additional impact on the Routing - VPN Enabled (IMIX Traffic) = 30Mbps (EFP) does the QOS & Shaping enabled (IMIX Traffic) have?
4) What about two different tunnels with 2 different throughputs?such Site B that has a 30 Mbps to Site C but only a 15 Mbps to site A? (or however much it is parsed out the answers to 1 and 2 ).
The AOS Feature Matrix - Product Feature Matrix lists the general throughput capabilities of AOS units. The throughput values listed there are are total, dynamic values, but often don't account for multiple/various features running concurrently, which could also reduce processing power and throughput. For example, the NV1335 has a total throughput of 15 Mbps when only VPN is enabled. If only one VPN is active at a certain point, then it can use the full 15 Mbps, but if two VPN tunnels are being used at the same time, then they would share that bandwidth based on which tunnel was requiring bandwidth at a given time.
For a typical design like this, the main location has the highest bandwidth (i.e. 30 Mbps in your example), and the remotes have the smaller throughputs (15 Mbps each). Therefore, if both of the remotes were transmitting at full speed to the main location, it would total 30 Mbps inbound at the main location. Are the speeds you mentioned above what you saw on the Product Feature Matrix, or are those the actual Internet speeds at each of those locations?