Unanswered Question
Jan 28th, 2009
User Badges:


I have got a request from a customer who have bought a HD video conferencing solution. We have 3 sites and 1 hosting site where all their servers are located.

The conenctions between these sites are via IPsec tunnels (Cisco firewalls) on 30 Mbits internet connection without any QoS.

He is not satisfied with the video conference performance as the video and audio is choppy and sometimes blurry.

So I am about to sell him a router based VPN solution based on GRE tunnels over IPsec with QoS in a full mesh VPN solution possibly using EIGRP for dynamic routing.

I need to do some LLQ on the EF traffic from the video conferencing system (which according to my readings show a load of between 10-20 Mbit/s, depending on if it is P2P og multipoint conferencing) and at the same time do some CBWFQ on ICA traffic going to the hosting site, while also preventing bursty traffic like FTP and windows printing from affecting Video and ICA traffic.

I am thinking of using 2801 routers (with VPN-AIM and Adv. IP Services IOS) at the 3 customer sites and a 2821 router on the hosting site (also with VPN-AIM and Adv. IP Services IOS).

however I am unsure if these routers are sufficient to handle both the QOS, GRE and IPsec. Can anyone please give me some advice on this - and in case they aren't sufficient tell me which router model I should go for instead.

I really need urgent help on this as my customer is desperate to get my proposal :)

Thanks for any help in advance...

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Collin Clark Wed, 01/28/2009 - 07:06
User Badges:
  • Purple, 4500 points or more

The problem isn't the hardware or design, it's the fact that the Internet doesn't recognize QoS markings. You may want to suggest private lines or MPLS between the offices. Then you can use QoS.

Hope that helps.

rasmusan1 Wed, 01/28/2009 - 07:16
User Badges:

thanks for your reply.

I am aware that the Internet does not recognize the markings and the traffic is therefore treated as best effort. And my plan is also to advice my customer to buy MPLS lines with QoS.

However my current issue is that I am unsure if these routers are powerfull enough to handle the QoS along with the GRE/IPsec.

Collin Clark Wed, 01/28/2009 - 07:27
User Badges:
  • Purple, 4500 points or more

I would by the AIM encryption module. With that the 2801 should be fine with what you're doing.

rasmusan1 Wed, 01/28/2009 - 07:29
User Badges:

Thanks again for your reply.

As per my previous post the routers are equipped with the AIM-VPN module.

so you don't think there should be an issue with CPU usage on the 2801's ?

Joseph W. Doherty Wed, 01/28/2009 - 11:36
User Badges:
  • Super Bronze, 10000 points or more

You only noted 10 to 20 Mbps for the vidconf traffic. What other bandwidth must the tunnel support? If this bandwidth usage in just one direction or both? Would the hosting site be the sum of all the remote sites?

For 10 Mbps (duplex), I believe a 2801 could do although if 20 Mbps (duplex), you might want to go with a 2811.

For the hosting router, you might want either a 2851 or 3825.

I also think the built-in crypto support will be sufficient.

I've attached performance reference sheets

for the various routers and VPN.


Although the Internet doesn't generally support QoS, if you can apply QoS properly at Internet ingress/egress, you often obtain very good results. If you do move to private WAN technology (it doesn't always have to be MPLS) that guarantees bandwidth, you can fully leverage QoS. Also with private WAN technolgy, you shouldn't need the VPN tunnels.

rasmusan1 Wed, 01/28/2009 - 12:19
User Badges:

Thank you very much for your very helpful post !

I think i will be going for at least 2811 at the customer sites, and then a 2851 or 3825 as you suggest on the hosting site.

where do you find these performance sheets for the routers? I've been searching Cisco's website many times, but haven't really found these...

Joseph W. Doherty Wed, 01/28/2009 - 13:18
User Badges:
  • Super Bronze, 10000 points or more

The attached references are often provided within these forums. The original source, I believe, is for business partners.


This Discussion