WAAS - policy prioritization
Hi,
In WAAS GUI, we have an option to change the priority of the defualt policies.
Is there any recommendation about changing the priorties as per the traffic flowing in our network or can we leave it to default
Thanks in adv,
Guru
Guru,
The policy priority defines the order that traffic is matched against the policy. There is no performance benefit in reordering the policy entries.
Zach
Similar Messages
-
High circuit utilization and WAAS
We have been experiencing some issues that I think are related to the WAAS and need opinions and advice on how to resolve.
We are running the latest 4.1.1c code on all WAEs and are running in the new AO mode (not file services in legacy mode).
At our data center (where the servers are) we have a 9mbps circuit connecting it to the MPLS cloud. At some of our remote sites (where the users are) we have T1s and fractional T1s. Almost daily we are seeing cases where a single connection is consuming all of the bandwidth at the remote sites. This is typically only for a defined period of anywhere from 10 minutes to an hour and can be traced to particular activity like copying a large files, etc. Before the WAAS was implemented we wouldn't see cases where a single operation could consume literally 100% of the bandwidth and I wonder if the core WAAS (at the data center) could be over utilizing the bandwidth since the core has 9mbps available.
The problem is that when this occurs, it affects everyone else on the circuit since the circuit is slammed. Most of our users use terminal server connections and theses are greatly affected when all of the bandwidth is consumed. We have given the terminal server connections a higher priority inside the WAAS (through policy prioritization) and setting the DSCP marking to af21(18). We have even tried QOS on the routers but the condition occurs on a regular basis.
Please help!
DavidSee the attached. It provides a very good overview. Is the adaptive buffering enabled?
If not, either way a TCP window of 512K allwos the WAE to burst segments upwards to 512Kbytes. You want to be able to utilize the link to maximum capacity to compensate for latency. Howeve rif smaller apps are being choked then need to be adjusted. I am suprised that Q0S on the router had little effect ont he smaller traffic sessions. -
WAAS Not returning proper web redirects
We have one WAAS edge device which is not returning the proper results when entered in a browser. When we reload
the WAAS device, while it is rebooting, it will return the proper results. We have cleared all of the caches that we know
of and all of our edge devices are the same and using the same policy.
It is not handling redirects properly.
We have one server running Apache, which handles redirects. For Instance Typing in :
prod goes to https://prod.domain.com
test goes to https://test.domain.com
train goes to https://train.domain.com
When the WAAS is up, typing prod,test,or train will all take you to https://prod.doman.com
When the WAAS is down or rebooting typing prod,test, or train will take you to the correct URL as specified until
it comes back up. The other sites are configured identically as can be seen by the WAAS central manager. This WAAS
device is running version 4.4.1.12
Has anyone run into this before? WThis case is now solved, for now. We opened a TAC and there was something wrong with the policy that was applied that was affecting mutiple WAAS devices. We were unable to grab a trace while this issue was in failure.
In summary, we have an "ALL WAAS" policy which applies to all devices. The TAC technican created a singular policy
that applied directly to one of the affected WAAS devices and set the policy to TFO only. Just putting this policy in force
seemed to correct the issue. After this was done, we then reapplied the orginal policy and the issue no longer existed.
The issue has not returned so far. When the issue was happening, it was easy to reproduce. Setting the HTTP AO policy to "PassThrough" immediately corrected the issue. Setting it back, the issue would return.
So right now we are working, but do not know the "Why" as to exactly what caused the problem. -
WAAS out of session - Symantec End Point
Hi,
We have a router 3845 with a WAE-522-K9. Eventually we have received notifications about "session limit" and we got this:
Current Active Optimized Flows: 790
Current Active Optimized TCP Plus Flows: 790
Current Active Optimized TCP Only Flows: 0
Current Active Optimized TCP Preposition Flows: 0
Current Active Auto-Discovery Flows: 0
Current Reserved Flows: 10
Current Active Pass-Through Flows: 155
Historical Flows: 387
D:DRE,L:LZ,T:TCP Optimization RR:Total Reduction Ratio
A:AOIM,C:CIFS,E:EPM,G:GENERIC,H:HTTP,M:MAPI,N:NFS,S:SSL,V:VIDEO
ConnID Source IP:Port Dest IP:Port PeerID Accel RR
I was reading some trouble shooting documents but i cannot get a solution. It could be a "Denial of Service" or a misconfiguration of SEP.
Both Servers are Symantec End Point Servers.
Thanks for your support
131107 12.17.2.5:4423 10.5.19.146:8014 00:21:5e:27:9c:58 TDL 14.1%
131173 12.17.2.5:4465 10.5.19.146:8014 00:21:5e:27:9c:58 TDL 02.4%
131175 12.17.2.5:4489 10.5.19.146:8014 00:21:5e:27:9c:58 TDL 48.6%
131200 12.17.2.5:4514 10.5.19.146:8014 00:21:5e:27:9c:58 TDL 31.9%
131211 12.17.2.5:4515 10.5.19.146:8014 00:21:5e:27:9c:58 TDL 10.1%
131259 12.17.2.5:4561 10.5.19.146:8014 00:21:5e:27:9c:58 TDL 30.1%
131295 12.17.2.5:4591 10.5.19.146:8014 00:21:5e:27:9c:58 TDL 31.3%
131332 12.17.2.5:4619 10.5.19.146:8014 00:21:5e:27:9c:58 TDL 14.1%
131345 12.17.2.5:4629 10.5.19.146:8014 00:21:5e:27:9c:58 TDL 14.1%
131402 12.17.2.5:4665 10.5.19.146:8014 00:21:5e:27:9c:58 TDL 00.0%
131424 12.17.2.5:4706 10.5.19.146:8014 00:21:5e:27:9c:58 TDL 06.4%
131439 12.17.2.5:4725 10.5.19.146:8014 00:21:5e:27:9c:58 TDL 16.2%
131444 12.17.2.5:4744 10.5.19.146:8014 00:21:5e:27:9c:58 TDL 23.3%
131473 12.17.2.5:4796 10.5.19.146:8014 00:21:5e:27:9c:58 TDL 31.9%
131482 12.17.2.5:4813 10.5.19.146:8014 00:21:5e:27:9c:58 TDL 21.9%
131498 12.17.2.5:4824 10.5.19.146:8014 00:21:5e:27:9c:58 TDL 31.8%
131500 12.17.2.5:4839 10.5.19.146:8014 00:21:5e:27:9c:58 TDL 07.4%What version of WAAS OS are you on and how long has it been since you reset your Policy Rules to the default? Also, from enable, do a "clear connection" to purge all those out of there and get things accelerating again. The WAAS policy rules stay the same through each upgrade, so if your original policy rules date back to version 4.1.1, there have been a lot of enhancements since then.
I had a similar problem with Sophos corporate virus protection. Each of my clients would open 20+ sessions to the Sophos update server and max out my connections.
I was on WAAS OS Version 4.4.3c when it was happening. My first solution, was to create a Policy for Pass through only on the Sophos TCP port destination. I kept this policy in place until I upgraded to WAAS OS verion 5.0.1 about a month ago. After the update, I removed the rule and reset all rules to the default, which the default rule set from 5.0 is different than the default ruleset on 4.3.x which I had kept through every upgrade. I reset the ruleset for a different issue, but after I did the reset, the Sophos Clients only took 2 TCP sessions each. One from Client to Server, one from Server to Client. -
Loadbalancing using waas with ace
i tried this configuraion for load balance all tcp traffic to waas in datacenter and it worked
ACE(config)# class-map match-any ALL-TCP
ACE(config-cmap)# 10 match virtual-address 0.0.0.0 0.0.0.0 tcp any
ACE(config-cmap)# exit
ACE(config)# policy-map type loadbalance first-match TCP-POLICY-TYPE
ACE(config-pmap-lb)# class class-default
ACE(config-pmap-lb-c)# serverfarm WAAS
ACE(config-pmap-lb-c)# exit
ACE(config)# policy-map multi-match WAAS-INTERCEPT
ACE(config-pmap)# class ALL-TCP
ACE(config-pmap-c)# loadbalance vip inservice
ACE(config-pmap-c)# loadbalance policy TCP-POLICY-TYPE
ACE(config-pmap-c)# exit
the question now i do not want to redirect all tcp traffic of datacenter i want to deny some traffic from being intercepted so i think the solution
in make class-map ALL-TCP to match access-list (not virtual-address) do you think it will work or have any limitation for that
the new configuration "that i want to apply"
ACE(config-pmap-c)ip access-list extn all-tcp
ACE(config-pmap-c)permit tcp any any
ACE(config-pmap-c)exit
ACE(config)# class-map match-any ALL-TCP
ACE(config-cmap)# 10 match access-group all-tcp
ACE(config-cmap)# exit
ACE(config-pmap-c)policy-map type loadbalance first-match TCP-POLICY-TYPE
ACE(config-pmap-c)class class-default
ACE(config-pmap-c)serverfarm WAAS
ACE(config-pmap-c)exit
ACE(config-pmap-c)policy-map multi-match WAAS-INTERCEPT
ACE(config-pmap-c)class ALL-TCP
ACE(config-pmap-c)# loadbalance vip inservice
ACE(config-pmap-c)# loadbalance policy TCP-POLICY-TYPE
ACE(config-pmap-c)# exitYou will need to create a HTTP loadbalance classmap to match the source address of this traffic. The configuration would look something like this:
class-map match-all TCP_ANY
2 match virtual-address 0.0.0.0 tcp any
class-map type http loadbalance match-any ROUTE
2 match source-address 1.1.1.0 255.255.255.0
policy-map type loadbalance first-match TCP-POLICY-TYPE
class ROUTE
forward
class class-default
serverfarm WAAS
policy-map mulit-match WAS-INTERCEPT
class TCP_ANY
loadbalance policy TCP-POLICY-TYPE
loadbalance vip inservice
Due to the nature of the WAAS traffic, you will also need to turn on mac-sticky on the and disable TCP normalization on the interface. -
A problem with RDP when WAEs was connected to the network
The customer has a problem with RDP sessions on one Microsoft cluster server. The problem started when the WAEs (management and acceleration WAEs) are connected to a network (where a cluster is connected). Did anybody have the similar problem? The sessions are connected, but after some different times these sessions are frozen. This problem is only with this Microsoft cluster, the RDP on other servers are good. The WAAS is 4.0.17b14.
Hi,
I have the same problem as I write. RDP seems to get slower when I connect the WAEs and the login timesout before the user can type the username and password.
I have ensured that "EPM Classification" is disbled.
Check and see if Term-services are well configured on the TS server side. Maybe some config is conflicting with WAAS TS optimization.
What happens when you set TS to passthrough?
Also try this for your case;
" HOW-TO: Configuring RDP and Terminal Services for Full WAAS Optimization
Microsoft RDP and Terminal Services are, by default, compressed and encrypted. As such, the default Cisco WAAS policy for these applications is to apply TCP optimizations only. RDP and Terminal Services can be configured to allow Cisco WAAS to provide full optimization (DRE, LZ, TFO) which is a 2X-10X improvement over native WAN and 2X-3X improvement over the compression provided by Microsoft.
Configuring Microsoft RDP and Terminal Services to support Cisco WAAS full optimization requires a change to the client and a change to the server.
On the client, disable compression by editing the .RDP file for the connection using Notepad or a similar text editor. Identify a line in the file that shows "compression:i:1". Modify this line to say "compression:i:0". This disables compression for the RDP/TS connection.
On the server, open the Terminal Services Configuration found under Start > Programs > Administrative Tools. From here, expand Terminal Services Configuration to Connections. Double-click the "RDP-Tcp" entry found in the workspace. Change the encryption level to "Low", which specifies that only login will be encrypted. Then, click "Ok" and close Terminal Services Configuration.
Then, modify the Cisco WAAS policy on the configured device group (or explicitly on each of the WAEs) called "MS-Terminal-Services". Set this policy to "Optimize Full". "
Anyone out there with a clue why RDP gets disconnected? -
Single WAE \ WCCP \ Dual Routers - Slow Accelerated Traffic
Our standard WAE design was to have dual WAE's at sites with dual Routers.
The WAE's are either 674's or 574's and the routers are Cisco ISR's all works well.
Several new sites have coome online but these sites now only have a single WAE devcie and two WAN routers. Some users at
The issue I have now is that some "Accelerated" sessions via the WAE devices are reported by users as being very slow. When those sessions are removed from WAAS policy and set to pass through the user reports normal access again.
On looking at the problem I have possibly identified that the lack of the command;
ip wccp redirect exclude in on the router interface
But this command was never applied to the exisiting design, though potentialy under normal conditiaon where both routers and both WAE's are working it's never been a problem.
From Cisco;
In any scenario where egress redirection is used, the command above MUST be issued on the router interface adjacent to the WAE. This command, "ip wccp redirect exclude in", ensures that packets received on the interface are not redirected again. This prevents an optimized packet from being rerouted directly back to the WAE. Instead, with this command applied, the router would simply see the packet coming in and forward it normally (WCCP would be bypassed for packets received on that interface).
The WAE's are NOT L2 connected to the Routers so the following config is applied,
rtr no 1
ip wccp 61 redirect-list WAAS
ip wccp 62 redirect-list WAAS
ip cef
interface GigabitEthernet0/0
description *** Data LAN
ip address x.y.7.6 255.255.255.192
ip wccp 61 redirect in
ip wccp 62 redirect out
rtr no 2ip wccp 61 redirect-list WAAS
ip wccp 62 redirect-list WAAS
ip cef
interface GigabitEthernet0/0
description *** Data LAN
ip address x.y.7.1 255.255.255.192
ip wccp 61 redirect in
ip wccp 62 redirect out
WAE Configprimary-interface Standby 1
interface Standby 1
ip address x.y.7.65 255.255.255.192
interface GigabitEthernet 1/0
standby 1 primary
exit
interface GigabitEthernet 2/0
standby 1
exit
wccp router-list 1 x.y.7.1 x.y.7.6
wccp tcp-promiscuous router-list-num 1
wccp version 2
Option 2 below is used. But all sites have DUAL Routers. Note Redirect Exclude is NOT configured.
Thanks in advance for any support offered.Thanks for your post, details below.
What do you mean by "sessions removed from WAE policy" ? Are you configuring static bypass on the WAE or are you excluding specific traffic with the WCCP redirect list ?
I am defining certain traffic as Passtrough via a ststic bypass on the WAE’s
- check if the slowness affects all the redirected traffic or just particular sources/destinations/applications
Recent testing has identified it just seems to affect a certain share, which I am investigating as this share has some kind of "Archive" solution in place.
- make sure that the WCCP redirect ACL matches both directions of the connections
It does
- check the redirect / return method that is being negotiated
All OK
- make sure both routers are seeing the WAE via WCCP
Yes they are
- check for "routing loop" in the WAE syslog.txt to understand if the WAE is receiving some traffic twice
Investigating and will post reply.
Are the affected connections showing up in the "show stat connection" output on the WAE ? If so, are they optimized or PT ?
They show as fully optimized when configured for the CIFS AO, but revert to PT when the static WAE policy is altered. -
Help about WAAS SSL optimized policy
hi everyone
I enable SSL optimized function and it work fine
but I have a question
in my environment, most SSL tcp session size is under 10 KB
so when small size tcp session optimized by waas
it's optimized bytes is bigger than original byte
so, does waas have the function that if the tcp session original size under 10KB
it only opimize in TFO or pass-through it
on the contrary, if tcp session original size is bigger than10KB
it will full optimzed
does waas has this function ??
thanksNotice the highlighted line in the output you provided:
Core-WAE#sh stat con detail server-port 443
Connection Id: 852083
Peer Id: 00:14:5e:85:26:c3
Connection Type: EXTERNAL SERVER
Start Time: Tue Jun 8 09:29:29 2010
Source IP Address: 2.2.2.2
Source Port Number: 2930
Destination IP Address: 1.1.1.1
Destination Port Number: 443
Application Name: SSL
Classifier Name: HTTPS
Map Name: basic
Directed Mode: FALSE
Preposition Flow: FALSE
Policy Details:
Configured: TCP_OPTIMIZE + DRE + LZ
Derived: TCP_OPTIMIZE + DRE + LZ
Peer: TCP_OPTIMIZE + DRE + LZ
Negotiated: TCP_OPTIMIZE + DRE + LZ
Applied: TCP_OPTIMIZE + DRE + LZ
Accelerator Details: None
Original Optimized
Bytes Read: 958333 1431050
Bytes Written: 1137856 1198434
Total Reduction Ratio: 00.000%
This means that the SSL AO is not applied to this connection. Are you sure this server is configured for SSL acceleration? Can you please provide a copy of your configuration?
Thanks,
Zach -
How does QoS work with WAAS WCCP? What's the interaction between Router QoS Traffic Classification and WAE Traffic Application Policy?
By default, WAAS preserves the DSCP marking on intercepted packets. There is a configuration option to set/override the DSCP value at the global (device), application, and classifier levels. Currently WAAS provides marking only. There is no action taken by WAAS based on the DSCP value.
Regards,
Zach -
WAAS Central Manager Policy Definitions across several device groups
Hi there,
I am trying to find a way to apply a custom application policy(s) to multiple device groups. ( not the AllDevicesGroup).
I have not found a way to export or import the policy.
Any help would be appreciated.
ToddI have my "Core" WAE's in a separate device group to prevent them from recieving a policy or setting intended for Edge WAEs. For example, If someone sets the assignment method to hash, I certianly dont want that pushed to my Core, ( using Mask assignment)
However, a custom application definition WILL need to be applied to both Core and Edge WAE's. Therefore I need a way to create the policy for all devices group and copy out and apply selected custom policies to the Core device group as well.
Problem: I have QUALYS Vulnerability Scanners that wreak havoc on WAE's by opening 1000's of sessions and not propoerly closing them, causing TFO Overload conditions, throughout the network.
Solution: create a custom policy to set Scanner IP action to pass-through. there are 30+ scanners so the match condition is lenthy and woudl be painful to build manually for each device group.
new Problem: need to apply this to multiple device groups. -
Cisco WAAS-Global policy for VMware Vsphere and/or 3par replication
So, this is somewhat annoying that VMware Site Recovery Manager 5.0 does not seem to get much replication acceleration, mostly it is just Pass Through. I have read a couple of Cisco marketing powerpoints that say WAAS will accelerate VMware. But there are no Policies to that effect or configuration assistance. So, vmware has a hundred or so connections in passthrough, all using port 44046, this web site here:
http://kb.vmware.com/selfservice/microsites/search.do?cmd=displayKC&externalId=1009562
Shows that this is the port used for Ongoing replication, and port 31031 is used for the initial replication. So, I have two 674-8gb with inline cards. One in main office, one at DR office, both running 5.0.1. The Lan ports on each side point to the LAN and the WAN interfaces on each end point to each other. I have a layer 2 - 90Mbps link between the two locations, so "show cdp neighbor" shows the WAN interface connected.
My question is, is there a policy I should create for this data to be accelerated and stop being "PT Asymmetric"?
Second question, very similar to the first, 3par replication. Same as above, but 3par uses port 5785 and the traffic shows up as "PT In Progress", there are only 6 or so connections in this state, but all are on this port 5785.
If I pull up the pretty graphs on the CM for this device, it shows a well distributed graph, but if I click the check box for "include Pass-Through" it turns all blue and says 100% of traffic is "other-traffic" Since 99% of what goes between these two WAAS devices is VMware site recovery manager 5.0 and 3par replication, I would really like to find a fix for this.ANSWER ******* SOLUTION ******* ANSWER
I created 2 - Optimization Policy Rules for "WAAS-GLOBAL"
par3-rcopy, destination ports - 5785, 3491-3492, Application - Replication, TFO with DRE Adaptive and LZ
VMware-Replication, destination ports - 44046, 31031, Application - Replication, TFO with DRE Adaptive and LZ
Then I rebooted both WAAS devices and shut off the link for 20 minutes. When I brought the link back online. 100% of data was accelerated, and 99% of the data was classified as "Replication" data. I now get between 60% and 90% acceleration on this "Replication" traffic. The final 1% is other data, remote desktop, ssl, citrix, sql, web...
Lessons learned: The 3par and VMware keep TCP connections open forever, and once the traffic in that session is classified as something, "other traffic" or "Pass Through" it does not change until you reset the connection. So, if you make any changes, you have to shutdown the link, and clear all TCP connections from the WAAS devices, then it will go to a different optimization rule.
Final thoughts: I am not completely sure that the Optimization policy rule "TFO with DRE Adaptive and LZ" is the BEST possible rule to use for this traffic. If anyone has a better configuration for this traffic, I would really appreciate your input. -
QOS Policy gets Policy hits but doesn't seem to do anything when put to the test
I have been trying to implement a policy that prioritizes certain types of of traffic over another namyly Lync Voice Traffic, Cisco CAPWAP traffic from controllers to AP's, and Citrix ICA Traffic.
I do recieve policy hits but when I load the connection up with say copying a file the policy seems to not work. This is on a 1921 router.
I will include the config as I may be doing somthing wrong.
boot-start-marker
boot-end-marker
logging buffered 51200 warnings
aaa new-model
aaa authentication login default group radius local
aaa authorization exec default group radius local
aaa session-id common
ip cef
ip domain name pmp.local
no ipv6 cef
multilink bundle-name authenticated
username XXXXXXXXXXXXXXXXXXXX
ip ssh time-out 60
ip ssh version 2
class-map match-any CAPWAP
match access-group 104
class-map match-any LYNC
match access-group 103
class-map match-any CITRIX
match protocol citrix
match access-group 110
policy-map OUTBOUND
class LYNC
priority percent 25
class CITRIX
priority percent 50
class CAPWAP
priority percent 20
class class-default
shape average 20000000
interface Embedded-Service-Engine0/0
no ip address
shutdown
interface GigabitEthernet0/0
no ip address
duplex auto
speed auto
interface GigabitEthernet0/0.1
description LAN Facing
encapsulation dot1Q 1 native
ip address 172.16.27.254 255.255.255.0
ip helper-address 10.128.4.48
ip helper-address 10.128.4.20
ip helper-address 172.16.27.79
no ip redirects
ip flow ingress
interface GigabitEthernet0/0.5
encapsulation dot1Q 5
ip address 172.16.127.254 255.255.255.0
ip helper-address 10.128.4.48
no ip redirects
ip flow ingress
interface GigabitEthernet0/0.50
description ITTestVlan Interface
encapsulation dot1Q 50
interface GigabitEthernet0/1
description PointToPoint
bandwidth 20480
ip address 10.0.27.254 255.255.255.0
no ip redirects
ip flow ingress
duplex full
speed 100
service-policy output OUTBOUND
router eigrp 10
network 10.0.27.0 0.0.0.255
network 172.16.27.0 0.0.0.255
network 172.16.127.0 0.0.0.255
ip forward-protocol nd
ip forward-protocol udp 4011
ip forward-protocol udp bootps
no ip http server
ip http access-class 23
ip http authentication aaa login-authentication default
ip http authentication aaa exec-authorization default
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 1000
ip route 0.0.0.0 0.0.0.0 172.16.27.253 200
access-list 23 permit 10.0.27.0 0.0.0.255
access-list 23 permit 172.16.0.0 0.0.0.255
access-list 23 permit 172.16.27.0 0.0.0.255
access-list 23 permit 172.16.127.0 0.0.0.255
access-list 103 remark LYNC-Priorisation
access-list 103 permit tcp any any eq 3389
access-list 104 remark CAPWAP-Priority
access-list 104 permit udp any eq 5246 any
access-list 104 permit udp any any eq 5246
access-list 104 permit udp any eq 5247 any
access-list 104 permit udp any any eq 5247
access-list 110 remark Citrix-Priorisation
access-list 110 permit tcp any eq 2598 any
access-list 110 permit tcp any any eq 2598
access-list 110 permit tcp any eq 1494 any
access-list 110 permit tcp any any eq 1494
snmp-server enable traps entity-sensor threshold
radius-server host 10.128.4.20 key XXXXXXXXXXXXXXXXXXXXXXXXXX
control-planeDisclaimer
The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
Liability Disclaimer
In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
Posting
So what do you have, a 100 Mbps Ethernet hand-off with a 20 Mbps bandwidth cap?
If so, you want to shape for your logical bandwidth cap and then priorize, as desired, in a child policy.
BTW, you normally don't use LLQ for other than very time critical traffic, e.g. VoIP bearer, and Cisco recommends you don't allocate more than a third of your bandwidth to LLQ.
I would suggest you just shape for your 20 Mbps and try FQ for all traffic.
e.g.
policy-map Sample
class class-default
shape average 20000000
fair-queue
NB: I'm unsure whether FQ will apply to the shaped traffic, if not:
policy-map SampleParent
class class-default
shape average 20000000
service-policy SampleChild
policy-map SampleChild
class class-default
fair-queue
NB: SampleChild is where/how you would provide a custom policy for your shaped traffic.
PS:
BTW, you apply the policy with the shaper to the interface. -
Prepositioning in WAAS 4.1.1c
I am having trouble with this atm.
I have setup a test share on a remote server,with permissions etc and configured the relevant fields on WAAS GUI under -"File Services,Preposition".
I can broswe and find the directory and schedule the job to run.
The job seems to run ok,but when I go to the remote WAE and look at the Preposition Policy I am seeing no data actually being copied,just the Duration field is incrementing.The throughput field is also blank.
Any ideas?
Regards,
NickCan any help with this please?
-
Class-Map and Policy-Map Configuration in CM Confusion
Hi,
I'm implementing a green field WAAS deployment for a customer. We currently have a Proof-of-Concept up and running.
I've got some questions regarding custom class-map and policy-map configuration in the CM. I'd like to nail-down the custom class-map and policy-map configuration (and understanding) in the PoC before cutting over the PoC branches to the production WAAS environment.
Assuming a typical WAAS Deployment using WCCP for off-path interception, branch to DC.
==> 61 in LAN (BRANCH ROUTER) <== 62 in WAN (WAN CLOUD) ==> 61 in WAN (DC ROUTER) <== 62 in LAN
We are using two distinct device groups, BRANCH and DATA CENTER.
If the customer has traffic that we need to classify in order to provide TFO only optimisation, should the single class-map include the traffic in both directions? Ie., (assume the SERVER is 10.1.1.1 TCP Port 443). Should the class-map be configured as:
Class-Map
Line 1: DST IP 10.1.1.1 DST Port 443
Line 2: SRC IP 10.1.1.1 SRC Port 443
Or in this case is only the DST line required? And in which Device Group should the custom policy be applied? Or should it be applied to both Device Groups? If it should be applied to both Device Groups, then would it make more sense to have the policy-map in the Branch DG configured to match the DST traffic, and on the Data Center DG have a different class-map match the SRC traffic?
My confusion is how to classify the traffic (SRC or DST or Both - Separate classes for each or different lines within the same class-map), and where to apply the appropriate policy (both Device Groups, just Branch, just DC) and why...
I tried to apply a custom policy and the impact in the PoC was that the TCP Summary report stopped reporting the individual traffic classes showed 'other traffic' only. Can anyone explain why this may have occurred?
I hope this makes sense.for instance like this:
policy-map police-in
class class-default
police rate 10 mpbs <optionally set burst>
policy-map shape-out-parent
class class-default
shape 10 mpbs <optional burst config>
service-policy shape-out-child
policy-map shape-out-child
class class-default
queue-limit 10 packets
int g 0/0/0/0
service-policy police-in in
service-policy shape-out-parent out
also have a look at CL 2013/2014 (orlando/sanfran) ID 2904 for more QOS details
and the support forum article of "asr9000 quality of service architecture"
xander -
Prioritize data on one SSID on an autonomous AP with multiple SSIDs
Hello,
I have a standalone AP(AP1261N) which is configured with 3 SSIDs.I would like to prioritize any data flow on SSID 1 for example so that users on SSID 1 are always functional independent on what is happening on the other SSIDS.
Then have the SSID 2 with a lower priority and SSID 3 lowest priority.
Each SSID is associated with a vlan.
I have seen some posts describing that this can be done using QOS associated with the different vlans.
Could someone please explain how I could configure the AP to do so?
I am using Command line.
Thank youHi Kavi,
Here are the few important points you need to understand when it comes to Autonomous AP QoS (this is extract from the link provided by Scot in above).
The QoS implementation for wireless LANs differs from QoS implementations on other Cisco devices. With QoS enabled, access points perform the following:
•They do not classify packets; they prioritize packets based on DSCP value, client type (such as a wireless phone), or the priority value in the 802.1q or 802.1p tag.
•They do not construct internal DSCP values; they only support mapping by assigning IP DSCP, Precedence, or Protocol values to Layer 2 COS values.
•They carry out EDCF like queuing on the radio egress port only.
•They do only FIFO queueing on the Ethernet egress port.
•They support only 802.1Q/P tagged packets. Access points do not support ISL.
•They support only MQC policy-map set cos action.
•They prioritize the traffic from voice clients (such as Symbol phones) over traffic from other clients when the QoS Element for Wireless Phones feature is enabled.
•They support Spectralink phones using the class-map IP protocol clause with the protocol value set to 119.
Also it is important to understand what type of traffic get impacted by AAP QoS. When you configure AAP for QoS it will primarily affect downstream traffic from AP to Client (No control over traffic coming from wireless client to AP - where priority will determine by WMM UP of clients traffic)
As you can see in the above, only FIFO available on ethernet egress (from AP to rest of your network) & then depend on how do you configure network switch ports connected to these AP (either trust DSCP or COS) it will determine how QoS maintain within your wired network.
In unified wireless enviroment you can classify each SSID with different QoS profile (Platinum, Gold, Silver & Bronze) & control what is the max level of QoS priority packets will get in each SSID. But in autonomous world it is not straightforward like that.
HTH
Rasika
Maybe you are looking for
-
Is possible to display Country Name in incoming calls?
Is possible to display Country Name in incoming calls? If number is saved with country code. Attached is the sample as i mean.
-
HI i just purchased the apple tv2, i have a vizio, connected all cables, have the correct hdmi input.. tried both hdmi 1 and hdmi 2 ports.. just get No Signal on my tv. thanks for any help teresa
-
Look for specific message in iMessage
Hi! Im looking to get a script going that looks in the background for a message to arrive, and when it does it should delete a file or program. I've made some scripts that sends messages, but not worked with receiving. The script should look for a te
-
Encore Skipping Chapter Markers
I am working in Encore 2.0 in the final phase of the project. I've used this program many times before with little to no problems. Whenever I go to test the final DVD, both Encore and my DVD player will skip 3 of the 9 chapters on the menu. I have do
-
I am still not getting anywhere. I have paid but I still don't have it! At some stage it told me that I need version 10.6, at some stage it told me I need version 10.7. Right now when I try to download it says since almost one hour 'WAITING'. I have