We have a remote site that has a 100Mbps internet bearer with a 10Mbps CIR. This site has a GRE over IPSec connection back to our HQ which has a 100Mbps internet connection. We are running EIGRP over the GRE tunnel for internal prefixes only, Internet traffic routes over remote sites local internet connection. Traffic shaping has been configured on the remote sites tunnel interface and on the hub sites physical interface at 10mbps.
1.The problem that we are facing: When a remote site user downloads data from the internet they congest the physical interface on the remote site router which causes issues with voice over the GRE tunnel and in some instances causes the EIGRP adjacency to be torn down because of dropped hellos. We have looked at configuring inbound policing on the remote site physical interface but this doesn’t really help because the bandwidth is already utilized when traffic hits the interface.
2. What is the best method to control this? As we can’t control the internet bandwidth at the remote site we were thinking of pushing all traffic over the GRE tunnel and breaking internet traffic out via the hub, then configure shaping in the opposite direction to control bandwidth utilization.
1. Yes, inbound downstream policing does have the problem you note. However if inbound traffic is rate adaptive (e.g. TCP) severe policing can help. Or you can shape outbound TCP ACKs. Neither, though, works as well as egress shaping.
2. Yes, that generally works well. Don't forget to continue to shape from the hub to the spoke. Also, such bandwidth caps are generally L2 values and I believe Cisco shapers don't account for all L2, so you need to shape slower than your nominal bandwidth.
Another alternative , is to obtain an inexpensive DSL or cable modem link for local Internet access and reserve your other link for just VPN traffic.
Citation - This blog post does not reflect original content from the author. Rather it summarizes content that are relevant to the topic from different sources in the web. The sources might include any online discussion boards, forums, websites and others.