cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
673
Views
0
Helpful
7
Replies

Traffic doesn't hit the QoS policy

xzjleo2005
Level 1
Level 1

Hi

We are using ASA - router to build up VPN tunnel base on DSL connection. On router, I added the follwoing QoS policy on the router outside port, but looks like no traffic hit the QoS on router. But on the ASA, I can see the traffic hit the QoS policy. Anyone has any ideas for this issue?

Thanks, Leo

IOS: c2800nm-advipservicesk9-mz.124-15.T7.bin

ip access-list extended lighthouse

permit ip any host 192.168.9.2

access-list 198 permit esp host X.X.X.X any

access-list 198 permit udp host X.X.X.X any eq isakmp

access-list 198 permit tcp any any eq 22

access-list 198 deny ip any any

class-map match-any lighthouse

match access-group name lighthouse

policy-map ALL-TRAFFIC

class lighthouse

priority percent 50

class class-default

fair-queue

random-detect

interface FastEthernet0/0

description connect to DSL modem

bandwidth 1024

ip address Y.Y.Y.Y

ip access-group 198 in

ip route-cache flow

duplex auto

speed auto

crypto map mymap

service-policy output ALL-TRAFFIC

7 Replies 7

andrew.prince
Level 10
Level 10

Double check your routing, how do you actually get to 192.168.9.2 - is it out the Fa0/0 interface?

Only one default route pointing to ISP GW. All traffic will go through VPN tunnel, including the traffic to 192.168.9.2. The F0/0 is outside interface connect to ISP DSL modem

Thanks,Leo

Do you see any hits on the access list?

Another thing - you have given the acl traffic a priority of 50% of the interface bandwidith = 50mbs, how big is the DSL pipe?

I can't see any traffic hit the acl, but I can see the traffic in netflow. That's very strange.

well there is your issue - if it's not hitting the acl, it won't hit the policy.

try this:-

Write a policy that uses the acl to "mark" the traffic on the inbound interface. Once its marked - then you can write the policy to give it priority.

Thanks for your reply.

I tried the way you suggested and here is the show policy-map interface output. We can see a lot of traffic to be marked now, but wondering why not too much traffic to be put in the priority queue?

Thanks. Leo

-----------------------------------------

AP816N0001#sh policy-map interface

FastEthernet0/0

Service-policy output: ALL-TRAFFIC

Class-map: outgo (match-any)

7446 packets, 926436 bytes

5 minute offered rate 0 bps, drop rate 0 bps

Match: precedence 5

0 packets, 0 bytes

5 minute rate 0 bps

Match: ip precedence 5

7446 packets, 926436 bytes

5 minute rate 0 bps

Queueing

Strict Priority

Output Queue: Conversation 264

Bandwidth 512 (kbps) Burst 12800 (Bytes)

(pkts matched/bytes matched) 8/1520

(total drops/bytes drops) 0/0

Class-map: class-default (match-any)

140707 packets, 68075067 bytes

5 minute offered rate 25000 bps, drop rate 0 bps

Match: any

Queueing

Flow Based Fair Queueing

Maximum Number of Hashed Queues 256

(total queued/total drops/no-buffer drops) 0/0/0

exponential weight: 9

class Transmitted Random drop Tail drop Minimum Maximum Mark

pkts/bytes pkts/bytes pkts/bytes thresh thresh prob

0 127616/66283953 0/0 0/0 20 40 1/10

1 0/0 0/0 0/0 22 40 1/10

2 0/0 0/0 0/0 24 40 1/10

3 0/0 0/0 0/0 26 40 1/10

4 0/0 0/0 0/0 28 40 1/10

5 0/0 0/0 0/0 30 40 1/10

6 13091/1791114 0/0 0/0 32 40 1/10

7 0/0 0/0 0/0 34 40 1/10

rsvp 0/0 0/0 0/0 36 40 1/10

FastEthernet0/1

Service-policy input: income

Class-map: income (match-any)

7446 packets, 485157 bytes

5 minute offered rate 0 bps, drop rate 0 bps

Match: access-group name income

7446 packets, 485157 bytes

5 minute rate 0 bps

QoS Set

precedence 5

Packets marked 7446

Class-map: class-default (match-any)

124216 packets, 60574939 bytes

5 minute offered rate 23000 bps, drop rate 0 bps

Match: any

-----------------------------------------

Don't forget this is QoS - Congestion management, if there is no congestion - there is nothing to do.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: