QOS and Citrix

Unanswered Question

I need to prioritize Citrix traffic, we have 20+ users and all use Citrix for our applications. There are a few fat apps at this site, but if they slow down from prioritizing citrix, it's not big deal. This is a cisco 1760, and a Point to Point T1 to our data center.

Ok here goes, been reading a little about this... Citrix is BURSTY! I downloaded and installed DU meter and it shows how Bursty and thirsty Citrix actually is... i recommend DU meter for everyone who thinks citrix is just a 20Kb/sec thin client connection.... it averages out that way, but the virtual channels definitely need to be capped on a WAN.

Below is the running config on my router, and the sho int.... the QOS policy doesn't seem to work, i can start a download on Dell's website and slow everyone down. I"m going to upgrade the IOS to 12.4(4) tomorrow and see if it helps, mainly because the citrix PDLM is version 9 in that IOS and will allow me to prioritize ICA virtual channel traffic... I hvae to get this working first.

background, router config is very simple, we basically direct all traffic to the data center....where we have a 2mb/sec internet connection and our servers.

Can anyone give me some pointers on the QOS policy and why it's not working? I'll clear counters and post again soon on the serial interface..

next post willhave sho run and sho int

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)

version 12.3 ! 12.3.17!

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption


hostname WBR





no aaa new-model

ip subnet-zero




ip cef




class-map match-any cmap1

match protocol citrix



policy-map policy1

class cmap1

priority percent 60 ! i've tried bandwidth, bandwidth percent...etc.etc.!




interface FastEthernet0/0

ip address

speed auto ! i've tried nbar discovery here too.. nogo!


interface Serial0/0

ip address

ip nbar protocol-discovery

encapsulation ppp

service-module t1 timeslots 1-24

service-policy output policy1


ip classless

ip route

no ip http server



line con 0

line aux 0

line vty 0 4




FastEthernet0/0 is up, line protocol is up

Hardware is PQUICC_FEC, address is 0007.8580.9a5b (bia 0007.8580.9a5b)

Internet address is

MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,

reliability 255/255, txload 1/255, rxload 1/255

Encapsulation ARPA, loopback not set

Keepalive set (10 sec)

Full-duplex, 100Mb/s, 100BaseTX/FX

ARP type: ARPA, ARP Timeout 04:00:00

Last input 00:00:00, output 00:00:00, output hang never

Last clearing of "show interface" counters never

Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0

Queueing strategy: fifo

Output queue: 0/40 (size/max)

5 minute input rate 64000 bits/sec, 70 packets/sec

5 minute output rate 229000 bits/sec, 77 packets/sec

95494624 packets input, 234654134 bytes

Received 212846 broadcasts, 0 runts, 0 giants, 0 throttles

2 input errors, 0 CRC, 0 frame, 2 overrun, 0 ignored

0 watchdog

0 input packets with dribble condition detected

110057240 packets output, 2224620012 bytes, 1 underruns

1 output errors, 0 collisions, 3 interface resets

0 babbles, 0 late collision, 0 deferred

0 lost carrier, 0 no carrier

0 output buffer failures, 0 output buffers swapped out

Serial0/0 is up, line protocol is up

Hardware is PQUICC with Fractional T1 CSU/DSU

Internet address is

MTU 1500 bytes, BW 1536 Kbit, DLY 20000 usec,

reliability 255/255, txload 8/255, rxload 37/255

Encapsulation PPP, LCP Open

Listen: CDPCP

Open: IPCP, loopback not set

Keepalive set (10 sec)

Last input 00:00:00, output 00:00:00, output hang never

Last clearing of "show interface" counters 1w3d

Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 143

Queueing strategy: Class-based queueing

Output queue: 0/1000/64/143 (size/max total/threshold/drops)

Conversations 0/27/256 (active/max active/max total)

Reserved Conversations 0/0 (allocated/max allocated)

Available Bandwidth 231 kilobits/sec

5 minute input rate 224000 bits/sec, 77 packets/sec

5 minute output rate 54000 bits/sec, 69 packets/sec

110176876 packets input, 1131770195 bytes, 0 no buffer

Received 0 broadcasts, 0 runts, 0 giants, 0 throttles

12 input errors, 0 CRC, 11 frame, 0 overrun, 1 ignored, 0 abort

95508916 packets output, 3544653127 bytes, 1 underruns

1 output errors, 0 collisions, 20 interface resets

0 output buffer failures, 0 output buffers swapped out

1 carrier transitions

DCD=up DSR=up DTR=up RTS=up CTS=up

paul.serpant Wed, 05/30/2007 - 06:04
User Badges:

Have you looked at "show policy-map interface Serial0/0" this will show you how much traffic is being matched by class cmap1.

I haven't , i'm jack of all trades master of none sys admin, just know how to do the basics.. here's the numbers below...

loooks like it's matching... just don't understand how I can get a download started from dell.com, and it will stay at 180+ Kb/sec and choke all my other users.

Service-policy output: policy1

Class-map: cmap1 (match-any)

19656770 packets, 995646082 bytes

5 minute offered rate 212000 bps, drop rate 0 bps

Match: protocol citrix

19656770 packets, 995645929 bytes

5 minute rate 212000 bps


Strict Priority

Output Queue: Conversation 264

Bandwidth 60 (%)

Bandwidth 921 (kbps) Burst 23025 (Bytes)

(pkts matched/bytes matched) 65829/3590140

(total drops/bytes drops) 0/0

Class-map: class-default (match-any)

7246437 packets, 1126582897 bytes

5 minute offered rate 85000 bps, drop rate 0 bps

Match: any

paul.serpant Wed, 05/30/2007 - 06:30
User Badges:

From your outputs QoS seems to be configured and working. The show interface doesn't have many dropped output packets. This policy is applied to the output and most of the traffic is input. Can you look at the corresponding output policy on the remote router interface.

paul.serpant Wed, 05/30/2007 - 07:34
User Badges:

Both will do the job, priority is normally used for voice but as this is a private line you can use priority without issue.

One other thing that you could try is matching based on ACL. I've had trouble in the past matching citrix using nbar. From your site, you could match all ip traffic to the citrix server, and from the data center, you could match all traffic from the ip of the citrix server.

See if that makes a difference.

foxbatreco Thu, 05/31/2007 - 19:49
User Badges:
  • Bronze, 100 points or more

Hii..as for this prb..i suggest tht we can try by using priority list using acl match for the traffic pertaining to the citrix subnet.

aslo u can give the rest to the default traffic..

Alternatively,if u r also having large internet traffic apart frm the citrx ones.

use rate limiting to assign a minimum normal traffic to the internet traffic, so tht these guys dont squeeze much of ur b/w

pls try and do rate the post.


This Discussion