QoS for my off site web app

Unanswered Question
Mar 13th, 2008

i have a web application that sits at our central office and the client computers are off

site at a branch office connected by a multilink (2T1's) to a 7204 then across 3 T1's

to the destination central office. the web app is basic http port 80. i currently have an

ACL matching the port 80 traffic beginning at the source (branch) like this - permit tcp any host 10.10.5.36 eq www (446221 matches).

and this for a class-map -

class-map match-any CLOSING-SITE

match access-group 102

and this policy-map -

class CLOSING-SITE

bandwidth percent 10

on the 7204 which sits between the source and destination im getting matches Class-map: CLOSING-SITE (match-any)

11267 packets, 966658 bytes

but at the dest site i get nothing

Class-map: CLOSING-SITE (match-any)

0 packets, 0 bytes

with this ACL - permit tcp host 10.10.5.36 10.10.166.0 0.0.0.255 eq www

20 permit tcp 10.10.166.0 0.0.0.255 host 10.10.5.36 eq www

whats wrong here and should i be marking the web app traffic once i do get matching?

please let me know if you need more info and or configs.

thanks in advance - Jerry

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Joseph W. Doherty Tue, 03/18/2008 - 13:16

I'm unsure where you see the problem. The "corporate" router in you attachment shows matches against access list 102, but you're saying you don't see matches within the policy?

PS:

There's no access list 102 for the "NOC" router in your attachment?

jerry.mcrae Tue, 03/18/2008 - 14:41

i dont see any matches coming from the NOC/edwards router.

sh policy-map int on the NOC/edwards router.

Class-map: CLOSING-SITE (match-any)

0 packets, 0 bytes

30 second offered rate 0 bps, drop rate 0 bps

Match: access-group 102

0 packets, 0 bytes

30 second rate 0 bps

Queueing

Output Queue: Conversation 266

Bandwidth 24 (%)

Bandwidth 370 (kbps) Max Threshold 64 (packets)

(pkts matched/bytes matched) 0/0

(depth/total drops/no-buffer drops) 0/0/0

EWT_NOC#sh access-lists 102

Extended IP access list 102

10 permit tcp host 10.10.5.36 10.10.166.0 0.0.0.255 eq www

20 permit tcp 10.10.166.0 0.0.0.255 host 10.10.5.36 eq www

oh i almost forgot - should i be marking the closing site traffic?

Joseph W. Doherty Tue, 03/18/2008 - 16:20

Could it be as simple as since the policy is outbound on your serial ports, you should be looking at the source port, not the destination port.

I.e.

10 permit tcp host 10.10.5.36 10.10.166.0 0.0.0.255 eq www

should be?

10 permit tcp host 10.10.5.36 eq www 10.10.166.0 0.0.0.255

jerry.mcrae Tue, 03/18/2008 - 16:36

i have matches - ill see if the users notice the difference.

EWT_NOC#sh access-lists 102

Extended IP access list 102

10 permit tcp host 10.10.5.36 eq www 10.10.166.0 0.0.0.255 (50 matches)

20 permit tcp 10.10.166.0 0.0.0.255 host 10.10.5.36 eq www

jerry.mcrae Wed, 03/19/2008 - 15:09

im trying to give you props for the replys but no luck - ill keep trying.

jerry

Actions

This Discussion