citrix LLQ qos on cisco878

Unanswered Question

Hi qos guru's.

I'm having some unexpected behaviour, for what I know about qos. I would like to give citrix traffic a better responce.

In normal working conditions, the round-trip-time on a 2mb sdsl link is under 30ms.

But when someone downloads big files, the rtt rise up to 250ms. Citrix users don't like this.

So I've implemented QOS, but I don't see any improvement.

class-map match-all citrixCGP

match access-group 100


policy-map dialer0

class citrixCGP

priority percent 75

class class-default


interface Dialer0

service-policy output dialer0

access-list 100 permit tcp any eq 2598 any

access-list 100 permit icmp any any

Citrix uses tcp port 2598.

This is implemented at the source, where also the citrix server stands.

I've also put icmp in the access-list, so I can measure the rtt when it get optimized.

Unfortunatly as I wrote, still with copying big files out of citrix, for example a big ftp file, the rtt rises up to 250.

Service-policy output: dialer0

Class-map: citrixCGP (match-all)

100 packets, 6936 bytes

5 minute offered rate 0 bps, drop rate 0 bps

Match: access-group 100


Strict Priority

Output Queue: Conversation 264

Bandwidth 1500 (kbps) Burst 37500 (Bytes)

(pkts matched/bytes matched) 0/0

(total drops/bytes drops) 0/0

Class-map: class-default (match-any)

3192 packets, 3530714 bytes

5 minute offered rate 94000 bps, drop rate 0 bps

Match: any


Flow Based Fair Queueing

Maximum Number of Hashed Queues 256

(total queued/total drops/no-buffer drops) 0/0/0

This output shows that the traffix is separated in optimized and default traffic.

But it's not working for me.

What is going wrong? I hope someone can help me.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)

To get some results I've configured the policy as follow:

policy-map dialer0

class citrixCGP

priority percent 75

police rate percent 75

class class-default


police rate percent 25

exceed-action drop

This way I have a fixed police activated with works ok. But it's not dynamic as I would guess with priority.

At least my RTT stays low under 30ms for citrix when default traffix bursts.

I would still find an dynamic answer if anybody could solve this one.

Thank you

dbellaze Wed, 11/14/2007 - 18:31

Hi Gaston if you look at your class map it wants to match your citrix and icmp in order for the traffic to be considered a match.

class-map match-all <---

You can also see this is the case because your policy map statistics are at zero.

Change it to match-any and you will see the desired results as well as statistics in the show policy map interface.

class-map match-any citrixCGP

match access-group 100

I also recommend changing from priority to bandwidth. Priority creates the PQ which may cause issues to other traffic especially if citrix usage is high.

policy-map dialer0

class citrixCGP

bandwidth percent 75

class class-default



Aaah, thank you Daniel!

This was indeed the missing piece!

It was late when I've configured this.

The only thing I wonder is why it does work for

the police config, and why the counters do rise on the correct class. Anyway, I'm going to check this tonight and put my feedback in here.

Thank you for your sharp look over this config!


I'm sorry to say, but the sollution you provided is not working.

I've changed to match-any in the class-map.

Also I've tried both bandwitdth and priority for the policy-map, and both don't deliver what I've expected.

The RTT's are still rising from a stable 30ms towards 300ms. I've included icmp also in the citrixcgp access-group to test the RTT.

The only way I can get results in stable RTT's is to configure the qos fixed with a police rate in the policy-map.

I hope that someone can explain this strange behavior as I expected that a priority policy should also give the traffic a higher prio in the que.



dbellaze Thu, 11/15/2007 - 16:13

When you configure policing what does your configuration look like?

Can you post the current configuration along with the show policy-map interface?

Either the match criteria is not right or you could be hitting a bug.

You coud configure an ACL to match the citrix traffic with a log statement and place it outbound on your interface along with a permit any after so you don't deny anything and verify your actually sending the traffic on that particular port you are matching.



This Discussion