We help IT Professionals succeed at work.

Problem with QoS over MPLS with WAAS

mike1018 asked
We have ATT MPLS connecting about 50 sites back to our datacenter. Each site has a 2800/2900 series router with integrated WAAS module. Our datacenter has a 3800 series router and the WAE 512 on the native vlan that the inside interface of the router is on.

Across all sites we're trying to mark traffic into one of two classes. We want all citrix related traffic into a class labeled COS2, and all other traffic to go into the class-default. All marking is done on the egress interface into the MPLS network. COS2 gets marked with dscp AF31.

So essentially what I should be seeing is egress traffic from my router either not marked for dscp, or marked as AF31. The problem is, I'm seeing traffic being marked as AF43, and sometimes AF41; neither of which are defined in my policy maps.

OUTPUT policy applied outbound on all WAN interfaces
 Class Map match-any class-default (id 0)
   Match any

 Class Map match-any COS2 (id 3)
   Match protocol citrix
   Match protocol telnet
   Match protocol icmp

  Policy Map OUTPUT
    Class COS2
      bandwidth 80 (%)
      set dscp af31
    Class class-default
      bandwidth 1 (%)
      set ip dscp default

Open in new window

WCCP at remote sites
On the LAN interface(s):
 ip wccp 61 redirect in

On the WAN interface:
 ip wccp 62 redirect in

Open in new window

WCCP at datacenter
On the LAN interface:
 ip wccp 61 redirect in
 ip wccp 62 redirect out

Open in new window

(I know the percentages are off, there will eventually be two more classes once we get the main one squared away.)

Any ideas on why I'm seeing this? WAAS is set across the board to copy the dscp settings, so it shouldn't be an issue.
Watch Question



If your policy maps are not marking the traffic then something downstream is? Switch? other device?

Are you saying you are marking, shaping, and policing on egress?

harbor235 ;}


Yes. We were previously marking on ingress, but Cisco TAC asked us to move it to egress to avoid issues with the integrated WAE. I still think it's got something to do with WAAS, but we looked at the cache flow and nothing had a TOS value of 88 (af43). Cisco seems to think it may be an issue with the way our netflow analyzer is classifying data. I've got a ticket open with SolarWinds on that.

According to TAC, the way our class/policy maps are applied, nothing egressing that port should be classified as anything other than class-default or COS2, which is tagged with af31.

I'll update this after we sort the issue out with SolarWinds.


Sounds good

harbor235 ;}
I don't know why, but when TAC took a look again and removed "ip flow ingress" off our WAN interface, we stopped seeing the abnormal behavior. That was the only change that was made, but it seems to have resolved the issue.

I'm going to have to open another ticket now for yet another problem with QoS/WAAS/Citrix.


Closing this question.

Explore More ContentExplore courses, solutions, and other research materials related to this topic.