10-29-2008 08:53 AM
How will you do in this environment?
WXC is deployed in inline mode and connect to router which has 2 Leased line connecting to remote
router. There is QOS configured on router at each site. Additionally,HQ and branch router are configured PBR base on source and destination IP.I have to perform POC in this environment without allowing to modify any config in router n.
What is the best
1. What is the best way to do about QOS setting on WX to maintain QOS on the routers ?
2.Will WX change source and destionation IP for router. If yes,It could impact PBR and QOS on router ?
Thank you for your recommendation in advance.
10-29-2008 09:38 AM
Suti - the WXC really acts as a bridge from a routing perspective. It sits in the middle, intercepts the data and sends it on to the remote WXC. So there should be no impact to your routing if you put the WXC in-line.
As for the QoS it is a little more complicated, mainly cause there are multiple ways to handle it. What I like to do when installing is to assign my applications to various QoS classes and then use either TOS or DSCP and mark the QoS classes to map to the QoS already on the router. That way the apps get moved by class at the same QoS level as before - plus the apps themselves maintain the QoS markings in case the WXC goes away for some reason.
There are some other schemes involving exposing the applications QoS markings to the router, but what I described above is quite simple to implement in my opinion.
11-02-2008 06:23 PM
Thank you so much for your recommendation.It means that I can plug WX inline without any routing impact on connected router ,because WX don change src-ip and dst-ip of originate traffic. Is that right ?
Suppose that customer don't allow to edit any configuration on router,what do you recommend for QOS on WX to get better performance.This is only POC phase. Should I turn it off ? Please advise . You might see the configuration on the attached file.
11-03-2008 02:55 PM
No WX DOES chnage src-ip and dst-ip for optimised traffic. We form a single tunnel betwene the WX devices and all user data in tunneled between our appliances. Now that does not mean you can not still use router based qos or use the qos on our WX to acheive an end to end qos policy that meets or exceeds your customers requirment BUT it does mean that if they have basic or extended acl today looking for sec-up or dst-ip at the routers these will not work for optimimised traffic.
Now based upon your network diagram Ithink our PBM feature would provide a great solution for you. I've attached a doc for your reading on PBM.
11-06-2008 03:17 AM
also keep in mind that they place your wxc src-ip - dest-ip in the highest qos. (or use ipcomp and tell them to give that protocol the highest qos)
11-24-2008 07:15 PM
Be very careful when doing QoS on a router. We had issues with the "bandwidth detection" feature, because the WX would "detect" packet loss and latency because it checks every 8th or 10th packet or something like that, and if the router is delaying or dropping packets during periods of congestion, the WX will throttle back too far and you will see poor network performance. We had to move our QoS enforcement to the WX device and put all traffic except our voice traffic in the same QoS queue on the WAN, and use priorities on the WXC devices to do the QoS for us.
The WXCs don't like it if packets are delayed, delivered out of order, or dropped due to QoS on the WAN.
03-25-2009 02:29 AM
03-25-2009 09:03 AM
Hey Spikes - I am traveling with no access to WX or documentation so this is from memory. But if you don't do any QOS definition on the WX then it will not pay any attention to the DSCP markings. By default the WX will do it's own QoS when enabled and simply dump all traffic into the "default" class (one of five defined out the box). You can do quite a bit with the QoS definitions, including mapping your markings to the WX.
If memory serves me (always questionable when I travel ) you set the DSCP value in the application definition setup. It is under the advanced settings I believe. Values can also be set at the class level and they can even be exposed in WX packets if need be.
The manual does a good job of explaining your options and if you have any more specifics I will have my hands on a WX on Monday.
03-25-2009 09:26 AM
Hi Kevin.. Thanks for replying.. I am hoping to try out a few things on the WX and also seeing your next post, the coming Monday
03-27-2009 02:51 AM
I have used the *Preserve DSCP/ToS bits * option under QoS>DSCP/ToS tab. I hope this is the right option for me as my traffic is already coming as marked. Now, a few other questions..
1. Does WXC/WX compress only the payload or does it compress the complete IP packet (including the IP headers and the ToS bits) ?
2. I am applying an ACL on the WAN interface with so-ip & ds-ip of the WXCs forming the tunnel and various DSCP values. I am not getting any hits. The question here being, How can i check or verify whether QoS is being applied by the WXCs?
03-30-2009 06:14 AM
1- Well, the WX rewrites the packet - but I don't believe that it does pattern match substitution on the header data.
2- If you want to really see what the WX is doing within a specific flow (what modules like memory or disc compression, QoS or acceleration are doing) then go the "Admin" menu - select "Tools" and then select "Flow Diagnostics" - look for the flow you are interested in and drill into it. You will see what is being done with this specific flow by the WX box.