ASA QoS shaping for voice

Unanswered Question
May 10th, 2009

I am trying to do some voice qos on an ASA for a SIP trunk.

voice vlan is and there is a CME hanging off the ASA. So I am using DSCP to go out the outgoing interface, since my CME is already marking traffic, and coming back from the SIP provider I am just matching any traffic going to the voice vlan.

I am using shaping and the issue is a few things:

1. the voice calls are still choppy with qos applied. I test a voice call and all is well, then I start a massive torrent upload/download, and apply the qos, and the call quality suffers......not as bad as without qos and doing the torrent, but still suffers.

2. when I apply my shaping i notice via asdm the actual rate drops to about 3MB even though I am shaping at 5.6MB

here is the config, I am looking for ideas on how to make this better. Circuit is AT&T DSL of 512 up and 6MB down, I have made my shaping considerably below these values to account for PPPoE and other overhead. ASA is getting a routed connection from AT&T DSL modem.

access-list ACL-VOICE extended permit ip any



match dscp cs3

class-map CM-ACL-VOICE

match access-list ACL-VOICE

class-map inspection_default

match default-inspection-traffic

class-map CM-VOICE

match dscp cs5



class CM-VOICE




policy-map PM-VOICE-INSIDE




class class-default

shape average 5600000

service-policy PM-VOICE-INSIDE


class class-default

shape average 424000

service-policy PM-VOICE-OUTSIDE


service-policy global_policy global

service-policy PM-ALL-TRAFFIC-SHAPE-INSIDE interface inside

service-policy PM-ALL-TRAFFIC-SHAPE-OUTSIDE interface outside

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
bfeeny Sun, 05/10/2009 - 13:23


Yes I am. Now I realize Internet is best effort, however, shaping can be used with traffic on the internet to greatly help voice traffic. This is because the LAN will tx/rx traffic into the ASA as fast as it can. The provider may at times burst at levels approaching the CIR of the connection the provide you, however more consistent is a level below this. If you shape and determine what to drop, before it reaches the DSLAM and they decide, you will have helped the voice greatly.

I am not doing, or expectation any preservation of DSCP etc over the internet.



Agreed on most of what you have said however shaping etc is always 100% outbound, not inbound. At the end of the day if you are d/l near your bw limit this will have an impact on your voice. It does not matter if you are using CBWFQ or FIFO, if the quality of the voice is dropping on the inbound - there is nothing you can really do about that, as this is the provider edge, unless I am mistaken on in which direction you are experiancing issues?

bfeeny Sun, 05/10/2009 - 21:34


Yes, shaping is outbound, so that is why you will see I have applied it only in the outbound direction for each interface. Upload is where most of the issue is, so I likely need to drop my rate. However, my main question was if the way I was handling this on the ASA was the preferred way, or if there is a better way. I know the ASA has limited qos ability, but I know you can do some other things as well besides the nested Policy Map with a priority queue nested inside a shaping policy. That is what made the most sense to me, but I wanted to see how others would handle the situation and if it can be improved.


This Discussion