As promised a couple of days ago, I will be posting another QoS config with the use of NBAR to easily mark packets as they come in from.
Scenario: Company A needs to prioritize VOIP/SIP traffic, then CITRIX/HTTPS traffic and all other traffic would be set as fair-queue. Site has a single router with two interface connected to two different ISPs to reach their private cloud.
Primary link is a 20Mb fiber connection while a back-up link using a 4Mb Wireless connection in the event ISP 1 fails or goes down.
I will not show the entire config of the router and will just focus more into the QoS section. I did a combination of extended ACLs and NBAR to identify the traffic for marking and used LLQ as they are passed on to the WAN.
! LAN Interface QoS To MARK Traffic.
!
access-list 101 permit tcp any any eq 443
access-list 101 permit tcp any any eq 2598
access-list 101 permit tcp any any eq 1494
! — identify CITRIX and HTTPS traffic
!
!
class-map match-any MARKING-APP_TRAFFIC
match access-group 101
class-map match-any MARKING-VOICE_TRAFFIC
match protocol sip
match protocol rtp
!
policy-map MARK-TRAFFIC
class MARKING-VOICE_TRAFFIC
set dscp ef
class MARKING-APP_TRAFFIC
set dscp af31
!
!
Interface g1/0
!– or any interface facing LAN —–
!
ip nbar protocol-discovery
Service-policy input MARK-TRAFFIC
exit
!
!
class-map match-any app-traffic-wan
match dscp af31
class-map match-any voice-traffic-wan
match dscp ef
!
policy-map WAN-EDGE-OUT
class voice-traffic-wan
priority percent 33
class app-traffic-wan
priority percent 20
class class-default
fair-queue
random-detect
!
! — 20MB Primary link
interface g0/0
band 20000
ip nbar protocol-discovery
service-policy output WAN-EDGE-OUT
!
! — 4MB Wireless secondary link
interface g0/1
band 4000
ip nbar protocol-discovery
service-policy output WAN-EDGE-OUT
Running-Config 