cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Choose one of the topics below for SD-WAN Resources to help you on your journey with SD-WAN

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC!
We will not comment or assist with your TAC case in these forums.

442
Views
0
Helpful
2
Replies
jonhurley2010
Beginner

end to end qos with Cisco SD-WAN possible with central data policy?

When using Cisco SD-WAN (20.5/17.5) to build a central data policy we observe that if a matched data prefix destination or application family is set to a DSCP value it only appears to work in one direction.  Note this all locations site lists are using the same central data policy.

 

For example, a HTTPS web application will go out DSCP 10 from the client vEdge as expected.  We'll see it in the CFLOWD table on the remote EDGE device destined to the server. However, return traffic from the server will return to the client marked as 0.

 

Is there a way configure policy to to get bidirectional DSCP marking for application flows with Custom Apps or Data Prefix List (Source or Destination)?

 

1 ACCEPTED SOLUTION

Accepted Solutions
Kanan Huseynli
Participant

Hi,

do 2 types of sequence in one data policy:

1) match destination port https and you may do  additionally source/dst prefix match -set dscp

2) match source port https and you may do additionaly source/dst prefix match - set dscp

apply to all sites (if needed) from source-tunnel direction.

 

In this case, traffic toward server (from clients) matches sequence 1 and traffic toward clients (from server) matches sequence 2.

 

I dont know the whole current your policy config, do decided to give  general answer- method.

 

HTH,

View solution in original post

2 REPLIES 2
Kanan Huseynli
Participant

Hi,

do 2 types of sequence in one data policy:

1) match destination port https and you may do  additionally source/dst prefix match -set dscp

2) match source port https and you may do additionaly source/dst prefix match - set dscp

apply to all sites (if needed) from source-tunnel direction.

 

In this case, traffic toward server (from clients) matches sequence 1 and traffic toward clients (from server) matches sequence 2.

 

I dont know the whole current your policy config, do decided to give  general answer- method.

 

HTH,

View solution in original post

Sequences were in place in our policy for initial branch testing. 

 

Our datacenter also needed its own policy applied similar sequences to get both directions marked correctly.

 

Thanks!