12-13-2006 07:31 PM - edited 03-03-2019 03:02 PM
I have private IP WAN (fR), which consists of 5 branch offices in different cities and a head office, I want to have all citrix traffic (port 1494) to get priority over all other traffic in these branch offices connected to the head office via MPLS based core. The serial interfaces of branch offices routers communicate through an MPLS network (managed by provider) before it communicate with our head office.
My question is regarding the configuration required to achieve this task, is it only require configuring CE routers in my branch offices?
with something like this?
class-map match-any citrix
match protocol citrix
policy-map cit-traffic
class citrix
set precedence 5
int serial 0/0
service-policy output cit-traffic
The reading i have done so far, states that there needs to be some work done on PE router (setting experimental value) when marked packets entering MPLS network.
Can someone put some light on this to clarify my concept?
Regards,
Muhammad
12-13-2006 08:59 PM
hi muhammed
rightnow with the config provided you ve just classified and marked your citrix traffic you didnt inform your router yet how to manage this citrix traffic by the adequte congestion management method i mean the queuing , so you neede to choose a queing mecanism that respond to your case and assign the needed bandwith, and if it needed the priority to quit the queue first.
also you can use a congestion avoidance solutions , that will work in the case of a congestion by starting droping packet with less priority here you have for instance WRED.(the default is tail dropping, that leads to a global synchronisation of the TCP)
after that you have to ask your ISP to trust the marking you ve done unless it will be set to other ip precedence values when it hits the PE router, that is a service level agreement SLA.
about the mpls which is supposed to be in your isp here the ip precedence value will be copied automatically to the experimental field, the same at the head office you have to implement qos in the same manner.
so some of the best practice your qos must be end-to-end, and do classification and marking as close as possible to the source of traffic.
(so one more thing here in your config you did classification and marking at the exit point not recommended ,but instead here at the xit point do congestion management(queues) and congestion avoidance(WRED..))
HTH
please do rate if does clarify
12-13-2006 10:02 PM
Hi Kamal,
Thanks for your reply, all i want is that the citrix traffic get the priority over rest of the traffic whenever there is a congestion in the link, but i dont want to reserve anything for citrix, means if i use BANDWIDTH or PRIORITY tags in LLQ, i think they will reserve that % of the available bandwidth for that protocol all times, so then incase if i have entered PRIORITY 75%, i think it will hold the 75% of the bandwidth for citrix all times even if there is no citrix traffic, and the rest of the protocols will always get 25% which i dont want.
Muhammad
12-13-2006 09:15 PM
Hi Muhammad
In addition to setting up ip precedence to the traffic you can also set priority to the traffic which is again LLQ which will take care of the necessary forwarding on priority.
Also if you are going on for a Managed VPN services AFAIK the SP takes the necessary inputs on the traffic patterns you have and the kinda bandwidth you want to allocate for each classes will be done by the SP itself.
hope its same out there too..
regds
12-13-2006 10:42 PM
Frame-relay traffic shapping is already configured on serial interface so it's not letting me configure LLQ
Muhammad
12-13-2006 11:23 PM
I have included the service policy in the class attached to interface,
do i have to configure on all CEs?
Muhammad
12-13-2006 11:45 PM
hi
here is a big picture:
as role of thumb if your network is constantly congested you need upgrade of your bandwidth
no congestion so you dont need qos
inconsistent congestion you need QOS
there some solution to that PQ.CQ.RR,WRR,DRR,WFQ,CBWFQ,fifo each has a its benifis and a its drawback the best one is : LLQ=CBWFQ+PQ, as mentionned by francis in his post.how it works rightwell :
first you need to specify the real bandwidth of your serial interface unless it will be considered as T1.
second remember the ios default to a kind of behavior will not let you go and reserve more than 75 percent of the bandwidth the rest 25 percent is for system use routing protocols control...so you have only 75 percent to plan in the best possible manner.other thing this 75 available to you can modify it by max-reserved-bandwidth however it s not recommended.
third go and specify under the policy class of your citrix a bandwidth to reserve
for that with the key word priority xxx
this LLQ will not starve your traffic . but it need a good planning before
use some tools to measure the amount of bandwidth needed to each traffic and assign
it adequately to each class.
for frame-relay as you mentionned you are using traffic shaping so the marking will never work with FTRS,however you still have an opportunity to classify you traffic within classes and shape it to the adequate values weither average or peak, and you can at the same time reserve banwidth using CBWFQ with the keyword bandwidth xxx under tha policy class,also this value must never be under the value of shape adaptive yyy ,xxx and yyy almost must be the same because in the presence of becn you back off the cir by a 25 percent until you hit yyy which is specified in the (shape adaptive yyy ) and bandwidth xxx here garantie an amount of xxx of the available bandwidth, i m not sure if you can use LLQ with FTRS but try this as sure enough you can use bandwidth try priority key-word may be it works.
(remember the 75 percent role)
HTH
please remember to rate the post if it does help
12-14-2006 12:23 AM
thanks for your detailed reply again
my provider has said set ip precedence to 5 which i have, here is the config of my head office router, see if its appropriate and will do the job
class-map match-all ica-rdp
match access-group 100
!
!
policy-map high
class ica-rdp
set ip precedence 5
priority percent 50
interface Serial0/1/0
bandwidth 1024
no ip address
encapsulation frame-relay IETF
no fair-queue
frame-relay traffic-shaping
frame-relay lmi-type ansi
!
interface Serial0/1/0.16 point-to-point
bandwidth 1024
ip address x.x.x.x x.x.x.x
frame-relay interface-dlci 16
class 1mg
map-class frame-relay 1mg
frame-relay cir 1048576
frame-relay bc 8000
frame-relay be 8000
frame-relay mincir 1048576
frame-relay adaptive-shaping becn
service-policy output high
access-list 100 permit tcp any any eq 3389
access-list 100 permit tcp any any eq 1494
citrix servers located in head office,
do i have to configure the same on the branch routers? as it only can be applied as outgoing?
12-14-2006 01:20 AM
hi
you did classify your ICA traffic, you give it a 50 percent okay ,but the remaing traffic will be classified under class-default
go ahead and give it a percentage of the bandwidth.
other remark ,it seems that you wont sacrifice any amount of your CIR in the case of the presence of a becn so sure the SP will drop those packets in congestion case.
since the cir and the micir are the same 1048576.
that policy must be okay.
can inform us about the cir between your head office and the SP from one side and from other the cir of each branch office and the SP and the number of those branches.
HTH
12-14-2006 03:17 PM
Hi Kamal,
No. of branches 5
CIR SP and Branches as follows
Headoffice: 2mg (1 meg at the moment but will be 2 mg)
branch 1: (1mg)
branch 2: (1mg)
branch 3: (512k)
branch 4: (512k)
branch 5: (256k)
other thing you mentioned earlier is applying the same config on the branch offices routers as OUTGOING?, fact is that major load will be incoming for branches not outgoing ?
12-14-2006 04:01 PM
I have applied the following on headoffice and 2 branch offices, but i dont see any packets marked in branch offices with what i have set, i can see packets marked in the one applied in headoffice
class-map match-all ica-rdp
match protocol citrix
match access-group 100
!
!
policy-map high
class ica-rdp
set ip precedence 5
priority percent 50
class class-default
bandwidth percent 25
branch1#sh policy-map interface
Serial0/0/0.16: DLCI 16 -
Service-policy output: high
Class-map: ica-rdp (match-all)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: protocol citrix
Match: access-group 100
QoS Set
precedence 5
Packets marked 0
Queueing
Strict Priority
Output Queue: Conversation 72
Bandwidth 50 (%)
Bandwidth 524 (kbps) Burst 13100 (Bytes)
(pkts matched/bytes matched) 0/0
(total drops/bytes drops) 0/0
Class-map: class-default (match-any)
37692 packets, 6430816 bytes
5 minute offered rate 75000 bps, drop rate 0 bps
Match: any
Queueing
Output Queue: Conversation 73
Bandwidth 25 (%)
Bandwidth 262 (kbps)Max Threshold 64 (packets)
(pkts matched/bytes matched) 1244/1175530
(depth/total drops/no-buffer drops) 0/0/0
12-15-2006 06:38 AM
hi
from a design perscpective :
you said you have 5 branches each with a different cir and the HQ which is the aggregation point with 2 Mbps so the sum of cir of the branches is 2Mbps+1280Kbps >>much enough greater than 2 Mbps of HQ so if the branches start sending at the same time at thier cir they will oversubscribe your HQ which result in packet dropping...is not a good design.
some of your branches if not all have cir less than the HQ, if the HQ start sending traffic at its CIR rate certainly it will oversuscribe the branch office ---> congestion,packet drooping.. however here shapping can come to the rescue you have to shape at a rate equivalent to the remote branch which mean that you have to implement different shaping mecanism at each circuit that tie the HQ to the specific branch using the cir of that remote branch, so you will have five shapping with five differents cir.
your remark!!
(other thing you mentioned earlier is applying the same config on the branch
offices routers as OUTGOING?, fact is that major load will be incoming for branches not outgoing ? )
shaping can not be used in the inbound direction it can be used only as outbound, however policing can be used in both direction!!
so if you respect the design rule indicated before you dont need shaping at the remote branches.but you still need to implement QOS to prioritize you traffic class appropiately.
concentrate on only one remote branch reajust your config for the HQ on the circuit that tie to a remote branch implement qos on the remote branch observe the result when it works well ,duplicate to the other but as mentionned with a diferenet shaping cir.
for the output of the show command you specified yes indeed there is no matching traffic for ICA, so may be you didn t initiate any ica traffic, or tha match condition didnt occur --->may be match-all within the ica class ??? why you use
both (match protocol citrix ) and (match access-list 100) so both condition must occur to mark your traffic !!
just leave [(match protocol citrix )<---NBAR it s much enough to recognize the ica traffic ]
and remove the acces-list one more thing here for the NBAR to work your equipement must be CEF capable go ahead and activate it if it not yet done!!
HTH
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide