I am going crazy with the Hierarchical priority queuing on asa 5505 .
Basically here is an example of my setup but when I use show service-policy interface outside or the interface name all the class defaults have their counter increased apart from any of the priority queues
Match port tcp eq www
Match port tcp eq https
Shape average 200000 1600
Service-policy standard-policy interface outside
But all traffics do go through the normal queue which is driving me mad
When I type show service-policy priority nothing comes up
And when typing show service-policy interface outside , the counter for none of the priority classes increase
Can you share the output of the following command:
show service-policy flow tcp host inside_ip host 126.96.36.199 eq 80
Thanks very much for this . sorry for the delay but here it is
btw , would I have to enable flow checking on the specific interface and if so how ?
Service-policy:priority-policy Class-map: class-default
Output flow: Shape average 200000 1600
Output flow: police input 2000000 2500 conform-action transmit exceed-action transmit
But what is relevant to the traffic should be interface x1 which shows it but the wrong policy which aplies to all traffic and not the specific policy which applies to the specific port 80 and 443
by the way what is the output that I should expect to see from flow command ?
Also why does it show both as output flow? one should be for download which is the police thus input and one for upload which is the shape command but shows both as output .
Also what plays with my mind is , if the flow command is to tell you which policy the asa is going to apply to it , why does it show the service policy from other interfaces which will not apply to this traffic in any circumstances
The way i have my bandwidth management setup is, I have applied the traffic management on the internal interface and not the internet one thus upload in here means download and vice versa as the internal interface has to pass traffic through the internet interface
thanks for this, I tried to put the standard queue under priority queue as suggested but didn't work and returned
ERROR: The service-policy (
) that is being installed contains actions other than 'priority'. Only 'priority' is allowed in a child policy.
I have seen a guide in the internet which suggests this way I am doing it is correct but obviously it is not .
if I take of the service-policy under the standard-policy , all priority queues disappear form the show service-policy but when there the queues show up but the counter does not raise
also it seems like I don't have to enable priority queue interface name in the global config for heirarical queue as is the case with the standard/priority queue so I have not enable it which I don't know If i am making a mistake or not. I did also enabl it but it did not make any difference
sorry my bad
You will need to police the default class, not shape. This does have slightly different permitations in that it will drop traffic that exceeds the police parameter. Its going to be a little bit of a trade off.
You can only shape all and nest priority within that shape.
You cannot shape and use standard priority queueing on the same interface....you can only nest a priority policy in a shape policy which will not use the standard priority queue.
thanks for this.
I know I did look at the cisco document and read it all and here is aqoute from it
You cannot configure traffic shaping and standard priority queuing for the same interface; only hierarchical priority queuing is allowed."
This means if I used Hierarchical priority queuing I can use shaping which is what I am doing , isn't that correct ?
You are correct. But what you will not see is the standard priority queue stats as this queue is not used in hierachical priority queuing. You will not be able to see your prioirty packets, although the process is to send these within the shape first.
So if you shape and nest priority, the standard queue is not used, hence why you dont see any hits on the commands you are running. BUT - the ASA should be prioritising your traffic as required.
The config including policing above was to get stats into the priority queue for you to see the difference.
Thanks for taking time and replying. I am trying to understand this standard vs heirarichal queuing and have a hard time grasping a concept which may be very easy.
Basically I know that asa has two qos mode, standard and heirarchical .
standard has two queues , standard and priority and no shaping is allowed
heirarchical has two queues which are again normal and priority . so when you reference standard in the text above, is that a reference to the heirarchical standard queue or the basic model standard queue.
"But what you will not see is the standard priority queue stats as this queue is not used in hierachical priority queuing"
I don't have standard queue in my config , it is heirarchical which has 2 queues of standard and priority.
what you are explaining is that the traffic is first shapped and then prioritised hence why If i have shaping i can not see the counter go up . I don't understand the comment which says "
the standard queue is not used, hence why you dont see any hits on the commands you are running"
thanks once again