cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
389
Views
6
Helpful
7
Replies

traffic analysis output

suthomas1
Level 6
Level 6

Hi,

Last month, we had nbar ran on our devices to check the traffic , majority were found to be http with some voice.one output was strange..

Se0/0/0 10.0.10.34 Fa1/0 10.35.6.75 06 0000 0000 1

the 0000's on last columns are the src and dest ports.why are they zero,what does they mean?

Also we would be having any sensitive traffic coming to this router soon, what would be the best possible way out to have accomodate that traffic as well, considering currently autoqos is applied for existing voice and rest www traffic is not being used with any qos.

Thanks.

7 Replies 7

Edison Ortiz
Hall of Fame
Hall of Fame

It could be a bug in your IOS version.

I remember a similar bug on UDP packets, details on this link:

http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCsd80770

As for accommodating sensitive traffic, you can mark this type of traffic at ingress into your network then allocate bandwidth reservation to it.

HTH,

__

Edison.

Thanks,

We already have voip being operated on this routers link which is set with qos for this.now, there is another sensitive traffic to be accomodated(more of graphical in nature), so is it fine to go ahead with QOS alterations to existing config to do this.

Attached is the existing qos config.And one thing to note, the particular application to be used behind this router will be NAT over on another security appliance.i.e the outside request will come via NAT ip thru the security appliance and across to this router on the application.Should the qos have nat ip or original private ip.Any help is appreciated.

Thanks.

configuration attached...

The new application is sensitive to packet drops? If so, giving priority-queuing seems to be a sensible approach.

If the application isn't sensitive to packet drops and you just want to make sure there is some guaranteed bandwidth in case of congestion, then I recommend applying bandwidth guaranteed.

Based on the numbers from the file, you are giving 50% of priority queuing on egress while the rule of thumb is around 33% (not that 50% would be unsupported).

The problem with giving too much % to priority queuing is that you may have a higher chance to starve other applications as PQ de-queues packets from the egress interface before any other packets.

You can try both approaches and observe the difference behavior then adjust accordingly.

As for using the NAT IP or the original private IP, you need to examine what IP address the router itself sees at the moment when QoS takes place. It's kind of hard for me to tell with the little information I have at hand.

__

Edison.

Yes, the new application is sensitive to drops..similar to voice.the subscribed link capacity is 4Meg.Out of which 512 has been given to voice.So giving 256 to this new class, should be fine?

Also,i didnt understand the following lines in the config:

match ip dscp ef

match ip dscp cs5

what do they mean.

The planned config i have put in ...would that be ok..i mean with the acl of ip's?

Thanks.

Understood. I was under the impression that you had a T1. 4Mbps should be fine for the current 512kbps and the proposed 256kbps of priority queuing.

As for the matches, the class is instructing the router to match either packets with EF or CS5 markings and give those packets 512kbps of priority queuing.

If you can mark on ingress the flows from the sensitive application to a QoS marking, you can do the same and avoid marking on ACLs.

As for the ACEs, it seems you are matching on source and also matching on destination.

From what I can tell, it seems some remote devices will need PQ regardless of the source

Per your file: "match any ip "ip address" any"

AND

some source devices will need PQ regardless of the destination.

Per your file: "match ip "ip address" any"

If that's what you want, then the ACEs are fine.

One more note, the syntax of the ACE must be under an access-list while you have it under the class-map. The class-map calls the access-group - just worth mentioning..

__

Edison.

Thanks for the brief.I was trying with ACE as i wasnt too sure of using the marking with dscp.

So can i use another marking apart from the ones already used to assign to this new flow and use it in policy map?

a brief sample would be helpful.

Thanks.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: