DSCP Not Matching?

Unanswered Question
Apr 16th, 2009

I have a handful of sites, and most of them seem to process our service policies properly. We use IPSEC tunnels between sites.

From a fast ethernet interface coming from our LAN, we have a service policy that tags our Citrix traffic.

IE:

BranchSite1#sh policy-map int fa0/0

FastEthernet0/0

Service-policy input: APPLICATION-CLASS-IN

Class-map: CITRIX (match-any)

115832764 packets, 12875217022 bytes

5 minute offered rate 54000 bps, drop rate 0 bps

Match: protocol citrix

40920837 packets, 3624987967 bytes

5 minute rate 9000 bps

Match: access-group 105

74911928 packets, 9250229055 bytes

5 minute rate 41000 bps

QoS Set

dscp af23

Packets marked 115832774

Class-map: class-default (match-any)

199473388 packets, 38224786140 bytes

5 minute offered rate 218000 bps, drop rate 0 bps

Match: any

Here is the policy on our outbound WAN link.

IE:

BranchSite1#sh policy-map int multi1 output class GOLD-DATA

Multilink1

Service-policy output: WAN-EDGE-OUTPUT-SPRINT

Class-map: GOLD-DATA (match-any)

115837229 packets, 20737738338 bytes

30 second offered rate 50000 bps, drop rate 0 bps

Match: ip dscp af23 (22)

115837227 packets, 20737738110 bytes

30 second rate 50000 bps

Match: ip precedence 2

0 packets, 0 bytes

30 second rate 0 bps

Queueing

Output Queue: Conversation 267

Bandwidth 40 (%)

Bandwidth 1228 (kbps)Max Threshold 256 (packets)

(pkts matched/bytes matched) 9777025/4751777650

(depth/total drops/no-buffer drops) 0/0/0

This remote site appears to be functioning correctly. The number of packets matched by dscp af23 on both policies are the same.

At our central site, we have a slightly different router configuration. The service policies are pretty similar, but in at our central site, we have the internet connections terminating on Router1, which is where the WAN-EDGE-OUTPUT-SPRINT policy lives. The IPSEC tunnel terminates on Router2, with a tunnel source of a fast ethernet interface on Router1 specified. The APPLICATION-CLASS-IN policy is applied to the LAN interface on Router2.

I cleared the counters on these 2 routers at the same time. There is a huge descrephancy between what Router2 tags, and what Router1 sees.

IE:

Router1#sh policy-map int multi1 output class GOLD-DATA

Multilink1

Service-policy output: WAN-EDGE-OUTPUT-SPRINT

Class-map: GOLD-DATA (match-any)

6082 packets, 1161428 bytes

5 minute offered rate 2000 bps, drop rate 0 bps

Match: ip dscp af23 (22)

6082 packets, 1161428 bytes

5 minute rate 2000 bps

Match: ip precedence 2

0 packets, 0 bytes

5 minute rate 0 bps

Queueing

Output Queue: Conversation 267

Bandwidth 45 (%)

Bandwidth 2764 (kbps)Max Threshold 256 (packets)

(pkts matched/bytes matched) 2445/468354

(depth/total drops/no-buffer drops) 0/0/0

Router2#sh policy-map int fa0/1

FastEthernet0/1

Service-policy input: APPLICATION-CLASS-IN

Class-map: CITRIX (match-any)

736618 packets, 255842309 bytes

5 minute offered rate 561000 bps, drop rate 0 bps

Match: protocol citrix

76466 packets, 38644392 bytes

5 minute rate 111000 bps

Match: access-group 105

660152 packets, 217197917 bytes

5 minute rate 433000 bps

QoS Set

dscp af23

Packets marked 736618

Class-map: class-default (match-any)

992673 packets, 249097895 bytes

5 minute offered rate 927000 bps, drop rate 0 bps

Match: any

Any ideas?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

Actions

This Discussion