DMVPN VOIP Remote site

Unanswered Question
Joseph W. Doherty Mon, 03/09/2009 - 09:58

I've done VoIP across VPN, although not using DMVPN (don't see DMVPN as an issue itself).

Unlike MPLS which often supports some level of QoS, with VPNs you're often only able to control QoS into the tunnel(s) or physical interface egress. This leaves as an open issue QoS further along the path, especially the last WAN link.

If you run DMVPN as a pure hub topology, insure bandwidth between hub and spoke isn't oversubscribed, shape hub to spoke bandwidth to match spoke's bandwidth, don't share WAN links with other non-VPN traffic, and prioritize VoIP then resulting performance is often, although not guaranteed, as effective as MPLS.

BTW: Besides VoIP, I've seen VPN often work as well, if not better, for other traffic too. On the plus side, you can often implement better QoS than provided by MPLS vendor. On the negative side, no bandwidth or QoS guarantees across the WAN.

We use DMVPN over the Internet and run VoIP through it.

Upload bandwidth on your ADSL/cable links is critical, as is calculating the call overhead of crypto, gre, etc to find the actual bandwidth of a VoIP call.

We do DMVPN to build a tunnel and use GETVPN for the actual encryption over the Internet. GETVPN helps with voice issues because there is no tunnel negotiation/setup time for IKE and IPSec when negotiating spoke-to-spoke tunnels

take a look at the per-tunnel QoS features... NHRP groups in 12.4(22)T. This helps with your shaping ber spoke from the headend. We do traffic shaping on the physical interface to the upload speed, and we don't really have that many calls and traffic spoke-toi-spoke where QoS on dynamic spoke-to-spoke tunnels is an issue.

Marcin Zgola Tue, 05/12/2009 - 08:48

hmm.. dmvpn with getvpn

is it possible you can email me a sample config?

that would be great thank you

Marcin Zgola Tue, 05/12/2009 - 10:05

wow interesting. hmm, any documents you may have or links to explain this in more detail. I have a request from the client that uses DMVPN about securing it using get vpn technology. I have not done setup like this before, and you example config is pretty good.

thank you


This Discussion