Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2334
Views
0
Helpful
2
Replies

QoS of Citrix ICA Traffic

jtorkos
Level 1
Level 1

‎11-04-2004 02:08 PM - edited ‎03-09-2019 09:21 AM

Could anyone direct me to the right resources on these scenario.

main office

PIX 515

|

|

2611XM

|

|

|

2611XM

|

|

PIX 515

Branch Office

Both offices are tied together via a VPN tunnel. I'd like to prioritize the Citrix ICA traffic and everything else will be FIFO. The Citrix server is at the Main office.

I'm thinking that I need to set NBAR on both routers, but maybe it's just setting the QoS on the interfaces and having a couple of access-lists.

I'm not too sure which way to go about this. Does anyone have any suggestions.

Thanks.

Labels:
0 Helpful
2 Replies 2

gfullage
Cisco Employee
Cisco Employee

‎11-07-2004 08:23 PM

It depends on where the tunnel terminates. If it's on the PIX's, you're out of luck, there's no way to prioritize traffic on the PIX currently, and by the time the traffic hits the routers where you could prioritize it, it's all encrypted and the routers will have no idea what is Citrix traffic as opposed to HTTP traffic.

If however, your tunnels are terminated on the routers, then it's relatively easy to prioritize it. First you have to figure out what the Citrix traffic is (TCP/UDP/port numbers/etc), prioritize it using any number of QoS options in IOS, and then use the "qos pre-classify" command under the crypto map so that the router will do the prioritization BEFORE the encryption.

0 Helpful

jtorkos
Level 1
Level 1
In response to gfullage

‎11-08-2004 09:35 AM

Thanks for the quick reply. The traffic is terminated at the PIX now, but they will have to move the termination point to the router for this to work.

There are a couple of QoS features I can use. The first is PQ and it will look like this:

At the server side: access-list 10 permit 199.166.194.8 0.0.0.0

priority-list 1 protocol ip high list 10

priority-list 1 default normal

interface tunnel0=priority-group 1

The second feature which I like better is CQ and it's something like this:

queue-list 1 queue 1 byte-count 61440(if the Citrix traffic is 20k, then I would 3x20k)

queue-list 1 queue 2 byte-count 4096 (normal 4k traffic)

queue-list 1 protocol ip 1 tcp 1494

queue-list 1 default 2

interface tunnel0 = custom-queue-list 1

Now, my understanding is that I need to do this on both routers. This way users at the remote office don't go off to the Internet and download streaming video that would congest the traffic. After all, it's only xDSL that they are using to get out the Internet and to the each other's network via VPN.

I hope I'm making sense to what needs to be accomplished. Oh, one other question. Could I use "IP Accounting" to see if it's working properly or is there other tools available on the router that I can use.

Thanks again.

0 Helpful
Customers Also Viewed These Support Documents