Hi Kamal,

Thanks for your reply, all i want is that the citrix traffic get the priority over rest of the traffic whenever there is a congestion in the link, but i dont want to reserve anything for citrix, means if i use BANDWIDTH or PRIORITY tags in LLQ, i think they will reserve that % of the available bandwidth for that protocol all times, so then incase if i have entered PRIORITY 75%, i think it will hold the 75% of the bandwidth for citrix all times even if there is no citrix traffic, and the rest of the protocols will always get 25% which i dont want.

Muhammad

Frame-relay traffic shapping is already configured on serial interface so it's not letting me configure LLQ

Muhammad

I have included the service policy in the class attached to interface,

do i have to configure on all CEs?

Muhammad

hi

here is a big picture:

as role of thumb if your network is constantly congested you need upgrade of your bandwidth

no congestion so you dont need qos

inconsistent congestion you need QOS

there some solution to that PQ.CQ.RR,WRR,DRR,WFQ,CBWFQ,fifo each has a its benifis and a its drawback the best one is : LLQ=CBWFQ+PQ, as mentionned by francis in his post.how it works rightwell :

first you need to specify the real bandwidth of your serial interface unless it will be considered as T1.

second remember the ios default to a kind of behavior will not let you go and reserve more than 75 percent of the bandwidth the rest 25 percent is for system use routing protocols control...so you have only 75 percent to plan in the best possible manner.other thing this 75 available to you can modify it by max-reserved-bandwidth however it s not recommended.

third go and specify under the policy class of your citrix a bandwidth to reserve

for that with the key word priority xxx

this LLQ will not starve your traffic . but it need a good planning before

use some tools to measure the amount of bandwidth needed to each traffic and assign

it adequately to each class.

for frame-relay as you mentionned you are using traffic shaping so the marking will never work with FTRS,however you still have an opportunity to classify you traffic within classes and shape it to the adequate values weither average or peak, and you can at the same time reserve banwidth using CBWFQ with the keyword bandwidth xxx under tha policy class,also this value must never be under the value of shape adaptive yyy ,xxx and yyy almost must be the same because in the presence of becn you back off the cir by a 25 percent until you hit yyy which is specified in the (shape adaptive yyy ) and bandwidth xxx here garantie an amount of xxx of the available bandwidth, i m not sure if you can use LLQ with FTRS but try this as sure enough you can use bandwidth try priority key-word may be it works.

(remember the 75 percent role)

HTH

please remember to rate the post if it does help

thanks for your detailed reply again

my provider has said set ip precedence to 5 which i have, here is the config of my head office router, see if its appropriate and will do the job

class-map match-all ica-rdp

match access-group 100

!

!

policy-map high

class ica-rdp

set ip precedence 5

priority percent 50

interface Serial0/1/0

bandwidth 1024

no ip address

encapsulation frame-relay IETF

no fair-queue

frame-relay traffic-shaping

frame-relay lmi-type ansi

!

interface Serial0/1/0.16 point-to-point

bandwidth 1024

ip address x.x.x.x x.x.x.x

frame-relay interface-dlci 16

class 1mg

map-class frame-relay 1mg

frame-relay cir 1048576

frame-relay bc 8000

frame-relay be 8000

frame-relay mincir 1048576

frame-relay adaptive-shaping becn

service-policy output high

access-list 100 permit tcp any any eq 3389

access-list 100 permit tcp any any eq 1494

citrix servers located in head office,

do i have to configure the same on the branch routers? as it only can be applied as outgoing?

hi

you did classify your ICA traffic, you give it a 50 percent okay ,but the remaing traffic will be classified under class-default

go ahead and give it a percentage of the bandwidth.

other remark ,it seems that you wont sacrifice any amount of your CIR in the case of the presence of a becn so sure the SP will drop those packets in congestion case.

since the cir and the micir are the same 1048576.

that policy must be okay.

can inform us about the cir between your head office and the SP from one side and from other the cir of each branch office and the SP and the number of those branches.

HTH

Hi Kamal,

No. of branches 5

CIR SP and Branches as follows

Headoffice: 2mg (1 meg at the moment but will be 2 mg)

branch 1: (1mg)

branch 2: (1mg)

branch 3: (512k)

branch 4: (512k)

branch 5: (256k)

other thing you mentioned earlier is applying the same config on the branch offices routers as OUTGOING?, fact is that major load will be incoming for branches not outgoing ?

I have applied the following on headoffice and 2 branch offices, but i dont see any packets marked in branch offices with what i have set, i can see packets marked in the one applied in headoffice

class-map match-all ica-rdp

match protocol citrix

match access-group 100

!

!

policy-map high

class ica-rdp

set ip precedence 5

priority percent 50

class class-default

bandwidth percent 25

branch1#sh policy-map interface

Serial0/0/0.16: DLCI 16 -

Service-policy output: high

Class-map: ica-rdp (match-all)

0 packets, 0 bytes

5 minute offered rate 0 bps, drop rate 0 bps

Match: protocol citrix

Match: access-group 100

QoS Set

precedence 5

Packets marked 0

Queueing

Strict Priority

Output Queue: Conversation 72

Bandwidth 50 (%)

Bandwidth 524 (kbps) Burst 13100 (Bytes)

(pkts matched/bytes matched) 0/0

(total drops/bytes drops) 0/0

Class-map: class-default (match-any)

37692 packets, 6430816 bytes

5 minute offered rate 75000 bps, drop rate 0 bps

Match: any

Queueing

Output Queue: Conversation 73

Bandwidth 25 (%)

Bandwidth 262 (kbps)Max Threshold 64 (packets)

(pkts matched/bytes matched) 1244/1175530

(depth/total drops/no-buffer drops) 0/0/0

hi

from a design perscpective :

you said you have 5 branches each with a different cir and the HQ which is the aggregation point with 2 Mbps so the sum of cir of the branches is 2Mbps+1280Kbps >>much enough greater than 2 Mbps of HQ so if the branches start sending at the same time at thier cir they will oversubscribe your HQ which result in packet dropping...is not a good design.

some of your branches if not all have cir less than the HQ, if the HQ start sending traffic at its CIR rate certainly it will oversuscribe the branch office ---> congestion,packet drooping.. however here shapping can come to the rescue you have to shape at a rate equivalent to the remote branch which mean that you have to implement different shaping mecanism at each circuit that tie the HQ to the specific branch using the cir of that remote branch, so you will have five shapping with five differents cir.

your remark!!

(other thing you mentioned earlier is applying the same config on the branch

offices routers as OUTGOING?, fact is that major load will be incoming for branches not outgoing ? )

shaping can not be used in the inbound direction it can be used only as outbound, however policing can be used in both direction!!

so if you respect the design rule indicated before you dont need shaping at the remote branches.but you still need to implement QOS to prioritize you traffic class appropiately.

concentrate on only one remote branch reajust your config for the HQ on the circuit that tie to a remote branch implement qos on the remote branch observe the result when it works well ,duplicate to the other but as mentionned with a diferenet shaping cir.

for the output of the show command you specified yes indeed there is no matching traffic for ICA, so may be you didn t initiate any ica traffic, or tha match condition didnt occur --->may be match-all within the ica class ??? why you use

both (match protocol citrix ) and (match access-list 100) so both condition must occur to mark your traffic !!

just leave [(match protocol citrix )<---NBAR it s much enough to recognize the ica traffic ]

and remove the acces-list one more thing here for the NBAR to work your equipement must be CEF capable go ahead and activate it if it not yet done!!

HTH