Re: QoS with Ephemeral port

cecilmayy · ‎02-15-2022

If my ACL for QoS is: example

ip access-list extended SET-AF41

remark High Pri

permit tcp any any eq 80

class-map xxxx match access-list extended SET-AF41

set af41

1. TCP Ephemeral Source Port 32222, Destination Port 80. Matches the ACL and MARKED packet as AF41

2. Return Packet is destination port 32222

3 How does the returning router knows that the returning packet should be marked AF41?

Note: ignore some of the commands - Just looking for the concept on how the returning router keeps track of QoS returning packet DSCP value.

Jon Marshall · ‎02-15-2022

As far as I know it doesn't ie. QOS is not stateful and the router does not keep track of connections in the way a firewall would.

If you want QOS on the return path you would need configure that as well.

Jon

cecilmayy · ‎02-15-2022

Jon,

I don't think this ACL will make any difference, Maybe NBAR will or a different ACL with source IP and destination without ports numbers on both ends. Although it will be wide open.

ip access-list extended SET-AF41

remark High Pri

permit tcp any any www

Jon Marshall · ‎02-15-2022

I don't really understand what you are saying.

As I said if you want QOS for the return path you need to configure it.

Jon

cecilmayy · ‎02-15-2022

Thanks for your time, Jon.

What I meant to say is that its difficult to craft and return Http/https return packet ACL because the return packet will have random ports as it destination ports (1024–65535)

ip access-list extended SET-AF41

remark High Pri

30 permit tcp host Server_IP_address host Client IP_Address range 1024–65535 (something like this on return RTR) Not sure if it's scalable. I got the concept.

Thank you,

Jon

Joseph W. Doherty · ‎02-15-2022

"3 How does the returning router knows that the returning packet should be marked AF41?"

ip access-list extended SET-AF41

remark High Pri

permit tcp any any eq 80
permit tcp any eq 80 any !normally, return http traffic would have 80 as source port