URGENT DESIGN HELP NEEDED

rasmusan1 · ‎01-28-2009

Hello

I have got a request from a customer who have bought a HD video conferencing solution. We have 3 sites and 1 hosting site where all their servers are located.

The conenctions between these sites are via IPsec tunnels (Cisco firewalls) on 30 Mbits internet connection without any QoS.

He is not satisfied with the video conference performance as the video and audio is choppy and sometimes blurry.

So I am about to sell him a router based VPN solution based on GRE tunnels over IPsec with QoS in a full mesh VPN solution possibly using EIGRP for dynamic routing.

I need to do some LLQ on the EF traffic from the video conferencing system (which according to my readings show a load of between 10-20 Mbit/s, depending on if it is P2P og multipoint conferencing) and at the same time do some CBWFQ on ICA traffic going to the hosting site, while also preventing bursty traffic like FTP and windows printing from affecting Video and ICA traffic.

I am thinking of using 2801 routers (with VPN-AIM and Adv. IP Services IOS) at the 3 customer sites and a 2821 router on the hosting site (also with VPN-AIM and Adv. IP Services IOS).

however I am unsure if these routers are sufficient to handle both the QOS, GRE and IPsec. Can anyone please give me some advice on this - and in case they aren't sufficient tell me which router model I should go for instead.

I really need urgent help on this as my customer is desperate to get my proposal :)

Thanks for any help in advance...

Collin Clark · ‎01-28-2009

The problem isn't the hardware or design, it's the fact that the Internet doesn't recognize QoS markings. You may want to suggest private lines or MPLS between the offices. Then you can use QoS.

Hope that helps.

rasmusan1 · ‎01-28-2009

thanks for your reply.

I am aware that the Internet does not recognize the markings and the traffic is therefore treated as best effort. And my plan is also to advice my customer to buy MPLS lines with QoS.

However my current issue is that I am unsure if these routers are powerfull enough to handle the QoS along with the GRE/IPsec.

Collin Clark · ‎01-28-2009

I would by the AIM encryption module. With that the 2801 should be fine with what you're doing.

rasmusan1 · ‎01-28-2009

Thanks again for your reply.

As per my previous post the routers are equipped with the AIM-VPN module.

so you don't think there should be an issue with CPU usage on the 2801's ?

Joseph W. Doherty · ‎01-28-2009

You only noted 10 to 20 Mbps for the vidconf traffic. What other bandwidth must the tunnel support? If this bandwidth usage in just one direction or both? Would the hosting site be the sum of all the remote sites?

For 10 Mbps (duplex), I believe a 2801 could do although if 20 Mbps (duplex), you might want to go with a 2811.

For the hosting router, you might want either a 2851 or 3825.

I also think the built-in crypto support will be sufficient.

I've attached performance reference sheets

for the various routers and VPN.

PS:

Although the Internet doesn't generally support QoS, if you can apply QoS properly at Internet ingress/egress, you often obtain very good results. If you do move to private WAN technology (it doesn't always have to be MPLS) that guarantees bandwidth, you can fully leverage QoS. Also with private WAN technolgy, you shouldn't need the VPN tunnels.

rasmusan1 · ‎01-28-2009

Thank you very much for your very helpful post !

I think i will be going for at least 2811 at the customer sites, and then a 2851 or 3825 as you suggest on the hosting site.

where do you find these performance sheets for the routers? I've been searching Cisco's website many times, but haven't really found these...

Joseph W. Doherty · ‎01-28-2009

The attached references are often provided within these forums. The original source, I believe, is for business partners.