Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
976
Views
0
Helpful
2
Replies

end to end qos with Cisco SD-WAN possible with central data policy?

Go to solution
jonhurley2010
Level 1
Level 1

‎06-11-2021 05:38 PM

When using Cisco SD-WAN (20.5/17.5) to build a central data policy we observe that if a matched data prefix destination or application family is set to a DSCP value it only appears to work in one direction.  Note this all locations site lists are using the same central data policy.

 

For example, a HTTPS web application will go out DSCP 10 from the client vEdge as expected.  We'll see it in the CFLOWD table on the remote EDGE device destined to the server. However, return traffic from the server will return to the client marked as 0.

 

Is there a way configure policy to to get bidirectional DSCP marking for application flows with Custom Apps or Data Prefix List (Source or Destination)?

 

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Kanan Huseynli
VIP
VIP

‎06-12-2021 03:45 AM

Hi,

do 2 types of sequence in one data policy:

1) match destination port https and you may do  additionally source/dst prefix match -set dscp

2) match source port https and you may do additionaly source/dst prefix match - set dscp

apply to all sites (if needed) from source-tunnel direction.

 

In this case, traffic toward server (from clients) matches sequence 1 and traffic toward clients (from server) matches sequence 2.

 

I dont know the whole current your policy config, do decided to give  general answer- method.

 

HTH,

HTH,
Please rate and mark as an accepted solution if you have found any of the information provided useful.

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Kanan Huseynli
VIP
VIP

‎06-12-2021 03:45 AM

Hi,

do 2 types of sequence in one data policy:

1) match destination port https and you may do  additionally source/dst prefix match -set dscp

2) match source port https and you may do additionaly source/dst prefix match - set dscp

apply to all sites (if needed) from source-tunnel direction.

 

In this case, traffic toward server (from clients) matches sequence 1 and traffic toward clients (from server) matches sequence 2.

 

I dont know the whole current your policy config, do decided to give  general answer- method.

 

HTH,

HTH,
Please rate and mark as an accepted solution if you have found any of the information provided useful.

0 Helpful

Go to solution
jonhurley2010
Level 1
Level 1
In response to Kanan Huseynli

‎08-25-2021 07:26 AM

Sequences were in place in our policy for initial branch testing. 

 

Our datacenter also needed its own policy applied similar sequences to get both directions marked correctly.

 

Thanks!

 

0 Helpful
Top