11-14-2007 02:56 PM - edited 03-03-2019 07:33 PM
Hi qos guru's.
I'm having some unexpected behaviour, for what I know about qos. I would like to give citrix traffic a better responce.
In normal working conditions, the round-trip-time on a 2mb sdsl link is under 30ms.
But when someone downloads big files, the rtt rise up to 250ms. Citrix users don't like this.
So I've implemented QOS, but I don't see any improvement.
class-map match-all citrixCGP
match access-group 100
!
policy-map dialer0
class citrixCGP
priority percent 75
class class-default
fair-queue
interface Dialer0
service-policy output dialer0
access-list 100 permit tcp any eq 2598 any
access-list 100 permit icmp any any
Citrix uses tcp port 2598.
This is implemented at the source, where also the citrix server stands.
I've also put icmp in the access-list, so I can measure the rtt when it get optimized.
Unfortunatly as I wrote, still with copying big files out of citrix, for example a big ftp file, the rtt rises up to 250.
Service-policy output: dialer0
Class-map: citrixCGP (match-all)
100 packets, 6936 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: access-group 100
Queueing
Strict Priority
Output Queue: Conversation 264
Bandwidth 1500 (kbps) Burst 37500 (Bytes)
(pkts matched/bytes matched) 0/0
(total drops/bytes drops) 0/0
Class-map: class-default (match-any)
3192 packets, 3530714 bytes
5 minute offered rate 94000 bps, drop rate 0 bps
Match: any
Queueing
Flow Based Fair Queueing
Maximum Number of Hashed Queues 256
(total queued/total drops/no-buffer drops) 0/0/0
This output shows that the traffix is separated in optimized and default traffic.
But it's not working for me.
What is going wrong? I hope someone can help me.
11-14-2007 04:21 PM
To get some results I've configured the policy as follow:
policy-map dialer0
class citrixCGP
priority percent 75
police rate percent 75
class class-default
fair-queue
police rate percent 25
exceed-action drop
This way I have a fixed police activated with works ok. But it's not dynamic as I would guess with priority.
At least my RTT stays low under 30ms for citrix when default traffix bursts.
I would still find an dynamic answer if anybody could solve this one.
Thank you
11-14-2007 06:31 PM
Hi Gaston if you look at your class map it wants to match your citrix and icmp in order for the traffic to be considered a match.
class-map match-all <---
You can also see this is the case because your policy map statistics are at zero.
Change it to match-any and you will see the desired results as well as statistics in the show policy map interface.
class-map match-any citrixCGP
match access-group 100
I also recommend changing from priority to bandwidth. Priority creates the PQ which may cause issues to other traffic especially if citrix usage is high.
policy-map dialer0
class citrixCGP
bandwidth percent 75
class class-default
fair-queue
Daniel
11-14-2007 11:37 PM
Aaah, thank you Daniel!
This was indeed the missing piece!
It was late when I've configured this.
The only thing I wonder is why it does work for
the police config, and why the counters do rise on the correct class. Anyway, I'm going to check this tonight and put my feedback in here.
Thank you for your sharp look over this config!
11-15-2007 11:48 AM
Daniel,
I'm sorry to say, but the sollution you provided is not working.
I've changed to match-any in the class-map.
Also I've tried both bandwitdth and priority for the policy-map, and both don't deliver what I've expected.
The RTT's are still rising from a stable 30ms towards 300ms. I've included icmp also in the citrixcgp access-group to test the RTT.
The only way I can get results in stable RTT's is to configure the qos fixed with a police rate in the policy-map.
I hope that someone can explain this strange behavior as I expected that a priority policy should also give the traffic a higher prio in the que.
Regards,
Gaston
11-15-2007 04:13 PM
When you configure policing what does your configuration look like?
Can you post the current configuration along with the show policy-map interface?
Either the match criteria is not right or you could be hitting a bug.
You coud configure an ACL to match the citrix traffic with a log statement and place it outbound on your interface along with a permit any after so you don't deny anything and verify your actually sending the traffic on that particular port you are matching.
Daniel
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: